Fix result of Farbar Recovery Scan Tool (x64) Version: 03-05-2020 Ran by Diane (04-05-2020 16:53:02) Run:1 Running from C:\Users\Diane\Downloads Loaded Profiles: Diane (Available Profiles: Diane & flame) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-1595117675-2318942339-1337799414-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22245560 2020-03-19] (Piriform Software Ltd -> Piriform Software Ltd) DeleteValue: HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\StartupApproved\Run|OneDriveSetup DeleteValue: HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\StartupApproved\Run|OneDriveSetup DeleteKey: HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\IObit\Driver Booster\7.4.0\DriverBooster.exe.FriendlyAppName DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\IObit\Driver Booster\7.4.0\DriverBooster.exe.ApplicationCompany DeleteValue: HKU\S-1-5-21-1595117675-2318942339-1337799414-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\IObit\Driver Booster\7.4.0\DriverBooster.exe.FriendlyAppName DeleteValue: HKU\S-1-5-21-1595117675-2318942339-1337799414-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\IObit\Driver Booster\7.4.0\DriverBooster.exe.ApplicationCompany C:\Users\Diane\AppData\Roaming\IOBIT\Driver Booster DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare DeleteValue: HKEY_USERS\S-1-5-21-1595117675-2318942339-1337799414-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Advanced SystemCare C:\Users\Diane\AppData\Local\Temp\174508679ywszqldy.dll C:\Users\Diane\AppData\Local\Temp\174511064edimwbfy.dll C:\Users\Diane\AppData\Local\Temp\174519546fvvugisu.exe C:\Users\Diane\AppData\Local\Temp\174525125yewfqdio.dll C:\Users\Diane\AppData\Local\Temp\174525700hwresqpw.dll C:\Users\Diane \AppData\Roaming\Mozilla\FireFox\Profiles\sptr6bnf.default-1581852558410]\Pref.js C:\Users\Diane\AppData\LocalLow\IObit\Advanced SystemCare C:\Users\Diane\AppData\Roaming\IObit\Advanced SystemCare Task: {00F8B5CB-6027-4AA4-958B-52CF87C7F81F} - System32\Tasks\Uninstaller_SkipUac_Diane => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [5991184 2020-04-26] (IObit Information Technology -> IObit) CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] S3 QALSvc; "C:\Program Files\Acer\Acer Quick Access\QALSvc.exe" [X] S3 QASvc; "C:\Program Files\Acer\Acer Quick Access\QASvc.exe" [X] ShellIconOverlayIdentifiers: [ IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2020-04-20] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit) ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-01-31] (IObit Information Technology -> IObit) ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit) ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit) ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-01-31] (IObit Information Technology -> IObit) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2020-01-16] (IObit Information Technology -> IObit) ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-01-31] (IObit Information Technology -> IObit) EmptyTemp: ***************** Restore point was successfully created. Processes closed successfully. "HKU\S-1-5-21-1595117675-2318942339-1337799414-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Smart Cleaning" => removed successfully "HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\StartupApproved\Run\\OneDriveSetup" => removed successfully "HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\StartupApproved\Run\\OneDriveSetup" => removed successfully HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Driver Booster\7.4.0\DriverBooster.exe.FriendlyAppName" => removed successfully "HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Driver Booster\7.4.0\DriverBooster.exe.ApplicationCompany" => removed successfully "HKU\S-1-5-21-1595117675-2318942339-1337799414-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Driver Booster\7.4.0\DriverBooster.exe.FriendlyAppName" => not found "HKU\S-1-5-21-1595117675-2318942339-1337799414-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\IObit\Driver Booster\7.4.0\DriverBooster.exe.ApplicationCompany" => not found C:\Users\Diane\AppData\Roaming\IOBIT\Driver Booster => moved successfully "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Advanced SystemCare" => removed successfully "HKEY_USERS\S-1-5-21-1595117675-2318942339-1337799414-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Advanced SystemCare" => not found C:\Users\Diane\AppData\Local\Temp\174508679ywszqldy.dll => moved successfully C:\Users\Diane\AppData\Local\Temp\174511064edimwbfy.dll => moved successfully C:\Users\Diane\AppData\Local\Temp\174519546fvvugisu.exe => moved successfully C:\Users\Diane\AppData\Local\Temp\174525125yewfqdio.dll => moved successfully C:\Users\Diane\AppData\Local\Temp\174525700hwresqpw.dll => moved successfully "C:\Users\Diane \AppData\Roaming\Mozilla\FireFox\Profiles\sptr6bnf.default-1581852558410]\Pref.js" => not found C:\Users\Diane\AppData\LocalLow\IObit\Advanced SystemCare => moved successfully C:\Users\Diane\AppData\Roaming\IObit\Advanced SystemCare => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00F8B5CB-6027-4AA4-958B-52CF87C7F81F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00F8B5CB-6027-4AA4-958B-52CF87C7F81F}" => removed successfully C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Diane => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Diane" => removed successfully HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn => removed successfully HKLM\System\CurrentControlSet\Services\QALSvc => removed successfully QALSvc => service removed successfully HKLM\System\CurrentControlSet\Services\QASvc => removed successfully QASvc => service removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ IMFSafeBox => removed successfully HKLM\Software\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8} => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\AVG => removed successfully HKLM\Software\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObit Malware Fighter => removed successfully HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUnstaler => removed successfully HKLM\Software\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960} => removed successfully HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SmartDefragExtension => removed successfully HKLM\Software\Classes\CLSID\{189F1E63-33A7-404B-B2F6-8C76A452CC54} => removed successfully HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => not found HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObit Malware Fighter => removed successfully HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUnstaler => removed successfully HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObit Malware Fighter => removed successfully HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUnstaler => removed successfully =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 93047936 B Java, Flash, Steam htmlcache => 1088 B Windows/system/drivers => 10085445 B Edge => 586165 B Chrome => 7210451 B Firefox => 43036530 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 90566 B NetworkService => 83889910 B Diane => 164266977 B flame => 200701695 B RecycleBin => 13253425 B EmptyTemp: => 597.9 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-05-2020 17:12:21) Result of scheduled keys to remove after reboot: HKLM\Software\Classes\CLSID\{472083B1-C522-11CF-8763-00608CC02F24} => could not remove, key could be protected ==== End of Fixlog 17:12:22 ====