Fix result of Farbar Recovery Scan Tool (x64) Version: 05-06-2017
Ran by Hong Meiling (06-06-2017 18:47:02) Run:2
Running from C:\Users\Hong Meiling\Desktop
Loaded Profiles: Hong Meiling (Available Profiles: Hong Meiling & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Hong Meiling\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Hong Meiling\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Hong Meiling\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Hong Meiling\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Hong Meiling\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Hong Meiling\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-4135327567-4282227739-3352556458-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
S1 ESProtectionDriver; \??\C:\Windows\system32\drivers\mbae64.sys [X]
2017-06-05 22:51 - 2017-06-05 22:51 - 00000000 ____D C:\Users\Hong Meiling\AppData\Roaming\IObit
2017-06-05 22:51 - 2017-06-05 22:51 - 00000000 ____D C:\Users\Hong Meiling\AppData\LocalLow\IObit
2017-06-05 22:51 - 2017-06-05 22:51 - 00000000 ____D C:\ProgramData\ProductData
2017-06-05 22:51 - 2017-06-05 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-06-05 22:51 - 2017-06-05 22:51 - 00000000 ____D C:\Program Files (x86)\IObit
2017-06-05 22:51 - 2017-03-17 12:31 - 00026272 _____ (IObit.com) C:\Windows\system32\Drivers\IMFCameraProtect.sys
2017-06-05 22:50 - 2017-06-05 22:51 - 00000000 ____D C:\ProgramData\IObit
2017-06-05 22:50 - 2017-06-05 22:50 - 40741560 _____ (IObit ) C:\Users\Hong Meiling\Downloads\IObit-Malware-Fighter-Setup.exe
2016-02-18 18:52 - 2016-02-18 18:52 - 0000056 _____ () C:\Users\Hong Meiling\AppData\Local\Temp\325dce9ee48047a71d143c2b78f950b8.dll
2016-02-18 18:52 - 2016-02-18 18:52 - 0000512 _____ () C:\Users\Hong Meiling\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
2013-08-04 23:15 - 2013-08-04 23:15 - 4292136 _____ (www.Bandisoft.com) C:\Users\Hong Meiling\AppData\Local\Temp\bdfilters.dll
2014-02-02 22:32 - 2014-02-02 22:32 - 1500184 _____ (Bandisoft) C:\Users\Hong Meiling\AppData\Local\Temp\BDMPEG1SETUP.EXE
2016-03-25 09:41 - 2016-03-25 15:40 - 0041984 _____ () C:\Users\Hong Meiling\AppData\Local\Temp\ddxx_MesHoooooook.dll
2015-11-05 07:29 - 2015-11-05 07:29 - 25104376 _____ (ArenaNet) C:\Users\Hong Meiling\AppData\Local\Temp\Gw2.exe
2015-09-21 21:49 - 2015-09-21 21:53 - 0253952 _____ (TechArts Inc.) C:\Users\Hong Meiling\AppData\Local\Temp\inst.exe
2017-02-04 20:17 - 2017-02-04 20:17 - 0739904 _____ (Oracle Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-20 06:49 - 2017-04-20 06:49 - 0739904 _____ (Oracle Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u131-windows-au.exe
2015-07-18 07:20 - 2015-07-18 07:20 - 0563808 _____ (Oracle Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u51-windows-au.exe
2015-08-29 13:00 - 2015-09-04 21:41 - 0585824 _____ (Oracle Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u60-windows-au.exe
2015-12-04 22:50 - 2015-12-04 22:50 - 0585824 _____ (Oracle Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-01-28 07:14 - 2016-01-28 07:14 - 0644704 _____ (Oracle Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u71-windows-au.exe
2015-07-26 12:07 - 2015-07-26 12:07 - 0948120 _____ (Nexon) C:\Users\Hong Meiling\AppData\Local\Temp\NGMDll.dll
2015-07-26 12:07 - 2015-07-26 12:07 - 0294912 _____ (Nexon) C:\Users\Hong Meiling\AppData\Local\Temp\NGMResource.dll
2015-06-26 21:19 - 2017-02-23 01:17 - 0754168 _____ (NVIDIA Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\nvSCPAPI.dll
2015-08-31 18:38 - 2015-08-25 07:08 - 1370144 _____ (NVIDIA Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\nvSCPAPI64.dll
2016-05-19 00:06 - 2016-05-09 16:26 - 0426040 _____ (NVIDIA Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\nvSCPAPISvr.exe
2015-08-16 00:05 - 2017-02-23 01:17 - 0354176 _____ (NVIDIA Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\nvStInst.exe
2015-10-27 17:47 - 2016-05-09 20:26 - 45198968 _____ (Skype Technologies S.A.) C:\Users\Hong Meiling\AppData\Local\Temp\SkypeSetup.exe
2015-07-26 12:07 - 2015-07-26 12:07 - 0258352 _____ (Microsoft Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\unicows.dll
2015-11-18 21:10 - 2015-11-18 21:10 - 0065280 _____ () C:\Users\Hong Meiling\AppData\Local\Temp\utils.dll
2017-03-03 02:53 - 2017-03-15 18:08 - 14456872 _____ (Microsoft Corporation) C:\Users\Hong Meiling\AppData\Local\Temp\vc_redist.x86.exe
2015-12-04 22:53 - 2015-12-04 22:53 - 0833504 _____ (Yahoo! Inc.) C:\Users\Hong Meiling\AppData\Local\Temp\ytb.exe
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key removed successfully
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key removed successfully
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key removed successfully
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => key removed successfully
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 
HKU\S-1-5-21-4135327567-4282227739-3352556458-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully
ESProtectionDriver => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\ESProtectionDriver => key could not remove, key could be protected
C:\Users\Hong Meiling\AppData\Roaming\IObit => moved successfully
C:\Users\Hong Meiling\AppData\LocalLow\IObit => moved successfully
C:\ProgramData\ProductData => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter" => not found.
C:\Program Files (x86)\IObit => moved successfully
"C:\Windows\system32\Drivers\IMFCameraProtect.sys" => not found.
C:\ProgramData\IObit => moved successfully
C:\Users\Hong Meiling\Downloads\IObit-Malware-Fighter-Setup.exe => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\325dce9ee48047a71d143c2b78f950b8.dll => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\bdfilters.dll => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\BDMPEG1SETUP.EXE => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\ddxx_MesHoooooook.dll => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\Gw2.exe => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\inst.exe => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u121-windows-au.exe => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u131-windows-au.exe => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u51-windows-au.exe => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u60-windows-au.exe => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u66-windows-au.exe => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\NGMDll.dll => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\NGMResource.dll => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\nvSCPAPISvr.exe => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\unicows.dll => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\utils.dll => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\vc_redist.x86.exe => moved successfully
C:\Users\Hong Meiling\AppData\Local\Temp\ytb.exe => moved successfully

========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32261638 B
Java, Flash, Steam htmlcache => 838425935 B
Windows/system/drivers => 421871051 B
Edge => 0 B
Chrome => 568261330 B
Firefox => 86591990 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 603408 B
Hong Meiling => 2582623177 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B
fbwuser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B
DefaultAppPool => 0 B

RecycleBin => 157514 B
EmptyTemp: => 4.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 06-06-2017 18:48:44)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\ESProtectionDriver => key could not remove, key could be protected

==== End of Fixlog 18:48:44 ====