K7_System_Monitor_Alert - Host file has been modified
Results 1 to 7 of 7

Thread: K7_System_Monitor_Alert - Host file has been modified

  1. #1
    Join Date
    Aug 2017
    Posts
    5

    K7_System_Monitor_Alert - Host file has been modified

    Hi,

    I am using K7 Internet security program in my laptop with Windows 10 OS.
    Since yesterday I am getting System Monitor alert from K7 program with below details and it asks to whether to BLOCK or ALLOW. I am Blocking it.
    This alert is poping up whenever I am starting the laptop and some other times occasionally and each time I am Blocking it. Is this a issue and what should I do to permanently resolve it.







    Host File has been modified.
    The system Hosts File has been modified. The changes can redirect the websites to any other harmful sites. Advise :If you sure of the changes made select Allow.

    0.0.0.0 points to 0.0.0.0 # fix for traceroute and netstat display anomaly (deleted)
    0.0.0.0 points to tracking.opencandy.com.s3.amazonaws.com (deleted)
    0.0.0.0 points to media.opencandy.com (deleted)
    0.0.0.0 points to cdn.opencandy.com (deleted)
    0.0.0.0 points to tracking.opencandy.com (deleted)
    0.0.0.0 points to api.opencandy.com (deleted)
    0.0.0.0 points to api.recommendedsw.com (deleted)
    0.0.0.0 points to installer.betterinstaller.com (deleted)
    0.0.0.0 points to installer.filebulldog.com (deleted)
    0.0.0.0 points to d3oxtn1x3b8d7i.cloudfront.net (deleted)
    0.0.0.0 points to inno.bisrv.com (deleted)
    0.0.0.0 points to nsis.bisrv.com (deleted)
    0.0.0.0 points to cdn.file2desktop.com (deleted)
    0.0.0.0 points to cdn.goateastcach.us (deleted)
    0.0.0.0 points to cdn.guttastatdk.us (deleted)
    0.0.0.0 points to cdn.inskinmedia.com (deleted)
    0.0.0.0 points to cdn.insta.oibundles2.com (deleted)
    0.0.0.0 points to cdn.insta.playbryte.com (deleted)
    0.0.0.0 points to cdn.llogetfastcach.us (deleted)
    0.0.0.0 points to cdn.montiera.com (deleted)
    0.0.0.0 points to cdn.msdwnld.com (deleted)
    0.0.0.0 points to cdn.mypcbackup.com (deleted)
    0.0.0.0 points to cdn.ppdownload.com (deleted)
    0.0.0.0 points to cdn.riceateastcach.us (deleted)
    0.0.0.0 points to cdn.shyapotato.us (deleted)
    0.0.0.0 points to cdn.solimba.com (deleted)
    0.0.0.0 points to cdn.tuto4pc.com (deleted)
    0.0.0.0 points to cdn.appround.biz (deleted)
    0.0.0.0 points to cdn.bigspeedpro.com (deleted)
    0.0.0.0 points to cdn.bispd.com (deleted)
    0.0.0.0 points to cdn.bisrv.com (deleted)
    0.0.0.0 points to cdn.cdndp.com (deleted)
    0.0.0.0 points to cdn.download.sweetpacks.com (deleted)
    0.0.0.0 points to cdn.dpdownload.com (deleted)
    0.0.0.0 points to cdn.visualbee.net (deleted)

  2. #2
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,426
    Welcome to Virtualdr. Pls read this.. http://discussions.virtualdr.com/sho...ted-3-21-2015) and follow all of the instructions then copy/paste the results/log files below for further action.

    VirtualDr email notices are not working.
    Check back regularly for responses.

    _____________________
    cat lovers click here

  3. #3
    Join Date
    Aug 2017
    Posts
    5
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
    Ran by MADHAN (administrator) on DESKTOP-OFHD5US (15-08-2017 09:47:25)
    Running from C:\Users\MADHAN\Downloads
    Loaded Profiles: MADHAN (Available Profiles: defaultuser0 & MADHAN)
    Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igfxCUIService.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\IntelCpHDCPSvc.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\K7CrvSvc.exe
    (K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7tsmngr.exe
    (Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe
    (Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\IntelCpHeciSvc.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    (K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7emlpxy.exe
    (K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7pssrvc.exe
    (K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7fwsrvc.exe
    (K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7rtscan.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igfxEM.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    () C:\Users\MADHAN\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7tsecurity.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\K7SysMon.Exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Touchpad Handwriting\Exe\x64\AsusHWCenter64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.15.587G\AsusWSPanel.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.15.587G\AsusWSService.exe
    (K7 Computing Pvt Ltd) C:\Program Files (x86)\K7 Computing\K7TSecurity\k7tsmain.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19281.0_x64__8wekyb3d8bbwe\Video.UI.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11606.1001.39.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.15.587G\ASUSWSLoader.exe [63968 2017-04-25] (ASUS Cloud Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [K7TSStart] => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSecurity.exe [222464 2016-03-15] (K7 Computing Pvt Ltd)
    HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
    HKU\S-1-5-21-229751498-1332251575-2494317161-1002\...\Run: [MiPhoneManager] => C:\Users\MADHAN\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [157624 2016-03-11] ()
    HKU\S-1-5-21-229751498-1332251575-2494317161-1002\...\Run: [Chromium] => c:\users\madhan\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
    HKU\S-1-5-21-229751498-1332251575-2494317161-1002\...\MountPoints2: {01665290-6b18-11e7-a85a-806e6f6e6963} - "D:\AsInsWiz.exe"
    HKU\S-1-5-21-229751498-1332251575-2494317161-1002\...\MountPoints2: {bd1e8c42-6b06-11e7-a84f-806e6f6e6963} - "D:\AsInsWiz.exe"
    GroupPolicy: Restriction - Chrome <==== ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{1dd1be3e-b458-473c-962a-09d23f455e8e}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{c64d330c-0b97-4cce-800f-d9be08bcdd89}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_32&param1=1&param2=f%3D1%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyEyD0C0B0ByCtC0AyD0EyByDtByEtN0D0Tzu0StBtDyDtCtN1L2XzutAtFtBzytFtAtFyDyBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0B0A0AyEyE0AyCtGyB0F0D0CtGtB0E0CzytGyBtCtByDtG0F0B0C0CtCyD0F0F0EtCtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0FtA0CyByE0AzytGyBtCtBtDtGyEzz0AyBtG0AtBtCyDtGtAyBtD0DtAtDtDzz0DtBtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCtCzy%26cr%3D218856839%26a%3Dwbf_fs_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_32&param1=1&param2=f%3D1%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyEyD0C0B0ByCtC0AyD0EyByDtByEtN0D0Tzu0StBtDyDtCtN1L2XzutAtFtBzytFtAtFyDyBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0B0A0AyEyE0AyCtGyB0F0D0CtGtB0E0CzytGyBtCtByDtG0F0B0C0CtCyD0F0F0EtCtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0FtA0CyByE0AzytGyBtCtBtDtGyEzz0AyBtG0AtBtCyDtGtAyBtD0DtAtDtDzz0DtBtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCtCzy%26cr%3D218856839%26a%3Dwbf_fs_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
    HKU\S-1-5-21-229751498-1332251575-2494317161-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_32&param1=1&param2=f%3D1%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyEyD0C0B0ByCtC0AyD0EyByDtByEtN0D0Tzu0StBtDyDtCtN1L2XzutAtFtBzytFtAtFyDyBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0B0A0AyEyE0AyCtGyB0F0D0CtGtB0E0CzytGyBtCtByDtG0F0B0C0CtCyD0F0F0EtCtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0FtA0CyByE0AzytGyBtCtBtDtGyEzz0AyBtG0AtBtCyDtGtAyBtD0DtAtDtDzz0DtBtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCtCzy%26cr%3D218856839%26a%3Dwbf_fs_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
    HKU\S-1-5-21-229751498-1332251575-2494317161-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
    HKU\S-1-5-21-229751498-1332251575-2494317161-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyEyD0C0B0ByCtC0AyD0EyByDtByEtN0D0Tzu0StBtDyDtCtN1L2XzutAtFtBzytFtAtFyDyBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0B0A0AyEyE0AyCtGyB0F0D0CtGtB0E0CzytGyBtCtByDtG0F0B0C0CtCyD0F0F0EtCtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0FtA0CyByE0AzytGyBtCtBtDtGyEzz0AyBtG0AtBtCyDtGtAyBtD0DtAtDtDzz0DtBtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCtCzy%26cr%3D218856839%26a%3Dwbf_fs_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyEyD0C0B0ByCtC0AyD0EyByDtByEtN0D0Tzu0StBtDyDtCtN1L2XzutAtFtBzytFtAtFyDyBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0B0A0AyEyE0AyCtGyB0F0D0CtGtB0E0CzytGyBtCtByDtG0F0B0C0CtCyD0F0F0EtCtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0FtA0CyByE0AzytGyBtCtBtDtGyEzz0AyBtG0AtBtCyDtGtAyBtD0DtAtDtDzz0DtBtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCtCzy%26cr%3D218856839%26a%3Dwbf_fs_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyEyD0C0B0ByCtC0AyD0EyByDtByEtN0D0Tzu0StBtDyDtCtN1L2XzutAtFtBzytFtAtFyDyBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0B0A0AyEyE0AyCtGyB0F0D0CtGtB0E0CzytGyBtCtByDtG0F0B0C0CtCyD0F0F0EtCtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0FtA0CyByE0AzytGyBtCtBtDtGyEzz0AyBtG0AtBtCyDtGtAyBtD0DtAtDtDzz0DtBtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCtCzy%26cr%3D218856839%26a%3Dwbf_fs_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDyEyD0C0B0ByCtC0AyD0EyByDtByEtN0D0Tzu0StBtDyDtCtN1L2XzutAtFtBzytFtAtFyDyBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0B0A0AyEyE0AyCtGyB0F0D0CtGtB0E0CzytGyBtCtByDtG0F0B0C0CtCyD0F0F0EtCtDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0FtA0CyByE0AzytGyBtCtBtDtGyEzz0AyBtG0AtBtCyDtGtAyBtD0DtAtDtDzz0DtBtAzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByCtCzy%26cr%3D218856839%26a%3Dwbf_fs_17_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-229751498-1332251575-2494317161-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-12] (Oracle Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-12] (Oracle Corporation)
    BHO-x32: K7 Web Protection -> {08B3B4B6-02DA-4658-8BA6-5974E3EBB03D} -> C:\Program Files (x86)\K7 Computing\K7TSecurity\K7SRExt.dll [2015-05-12] (K7 Computing Pvt Ltd)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
    Toolbar: HKLM-x32 - K7 Web Protection - {8551D65A-13A9-4e63-8472-9325B1B928C0} - C:\Program Files (x86)\K7 Computing\K7TSecurity\K7SRExt.dll [2015-05-12] (K7 Computing Pvt Ltd)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF DefaultProfile: 0il7ldn6.default
    FF ProfilePath: C:\Users\MADHAN\AppData\Roaming\Mozilla\Firefox\Profiles\0il7ldn6.default [2017-08-15]
    FF Extension: (Click-to-Play staged rollout) - C:\Program Files\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-08-09] [not signed]
    FF Extension: (Follow-on Search Telemetry) - C:\Program Files\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-08-09] [not signed]
    FF Extension: (Shield Recipe Client) - C:\Program Files\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-08-09] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [k7srff_enUS@k7computing.com] - C:\Program Files (x86)\K7 Computing\K7TSecurity\K7SR\K7WebProtection.xpi
    FF Extension: (K7 WebProtection) - C:\Program Files (x86)\K7 Computing\K7TSecurity\K7SR\K7WebProtection.xpi [2016-01-05]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-10] ()
    FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-12] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-12] (Oracle Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-10] ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2011-04-14] (Google, Inc.)
    FF Plugin-x32: @k7computing.com/k7webprotection -> C:\Program Files (x86)\\K7 Computing\K7TSecurity\npK7SRNPExt.dll [2014-12-04] (K7 Computing Pvt Ltd)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-18] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-18] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)

    Chrome:
    =======
    CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
    CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
    CHR Profile: C:\Users\MADHAN\AppData\Local\Google\Chrome\User Data\Default [2017-08-15]
    CHR Extension: (Google Slides) - C:\Users\MADHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-18]
    CHR Extension: (Google Docs) - C:\Users\MADHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-18]
    CHR Extension: (Google Drive) - C:\Users\MADHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-18]
    CHR Extension: (YouTube) - C:\Users\MADHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-18]
    CHR Extension: (K7 WebProtection) - C:\Users\MADHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlpfamleaodfgmfnggonbfljhjggbdbe [2017-07-17]
    CHR Extension: (Google Sheets) - C:\Users\MADHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-18]
    CHR Extension: (Google Docs Offline) - C:\Users\MADHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-17]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\MADHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-18]
    CHR Extension: (Search Manager) - C:\Users\MADHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-08-13]
    CHR Extension: (Gmail) - C:\Users\MADHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-18]
    CHR Extension: (Chrome Media Router) - C:\Users\MADHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-11]
    CHR HKLM\...\Chrome\Extension: [dlpfamleaodfgmfnggonbfljhjggbdbe] - C:\Program Files (x86)\K7 Computing\K7TSecurity\K7SR\k7chrome.crx [2016-01-04]
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-229751498-1332251575-2494317161-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dlpfamleaodfgmfnggonbfljhjggbdbe] - C:\Program Files (x86)\K7 Computing\K7TSecurity\K7SR\k7chrome.crx [2016-01-04]
    CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325600 2016-08-26] (Windows (R) Win 7 DDK provider)
    R3 cphs; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\IntelCpHeciSvc.exe [301560 2016-10-27] (Intel Corporation)
    R2 cplspcon; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\IntelCpHDCPSvc.exe [480240 2016-10-27] (Intel Corporation)
    R2 esifsvc; C:\Windows\system32\Intel\DPTF\esif_uf.exe [2215168 2016-11-01] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igfxCUIService.exe [342008 2016-10-27] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation)
    R2 K7CrvSvc; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7CrvSvc.exe [262752 2011-12-21] (K7 Computing Pvt Ltd)
    R2 K7EmlPxy; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7EmlPxy.exe [154136 2015-08-07] (K7 Computing Pvt Ltd)
    R2 K7FWSrvc; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7FWSrvc.exe [258072 2015-09-08] (K7 Computing Pvt Ltd)
    R2 K7PSSrvc; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7PSSrvc.exe [579904 2015-03-25] (K7 Computing Pvt Ltd)
    R2 K7RTScan; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7RTScan.exe [294712 2016-06-27] (K7 Computing Pvt Ltd)
    S3 K7SpmSrc; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7SpmSrc.exe [284696 2015-07-09] (K7 Computing Pvt Ltd)
    R2 K7TSMngr; C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSMngr.exe [314320 2016-07-04] (K7 Computing Pvt Ltd)
    R2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\wtoolex\wpsupdatesvr.exe [133376 2017-07-17] (Zhuhai Kingsoft Office Software Co.,Ltd)
    R2 RtkBtManServ; C:\Windows\RtkBtManServ.exe [241408 2016-08-26] (Realtek Semiconductor Corp.)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-15] (Microsoft Corporation)
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
    S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [162048 2017-07-17] (Zhuhai Kingsoft Office Software Co.,Ltd)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [99320 2016-10-11] (ASUS Corporation)
    R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [66616 2016-11-01] (Intel Corporation)
    R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [350272 2016-11-01] (Intel Corporation)
    R3 igfx; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igdkmd64.sys [11033080 2016-10-27] (Intel Corporation)
    R0 K7FWHlpr; C:\Windows\System32\drivers\K7FWHlpr.sys [110544 2015-01-22] (K7 Computing Pvt Ltd)
    S3 K7RKScan; C:\Program Files (x86)\K7 Computing\K7TSecurity\64Bit\K7RKScan.sys [27936 2014-10-14] (K7 Computing Pvt. Ltd.)
    R0 K7Sentry; C:\Windows\System32\drivers\K7Sentry.sys [192904 2016-09-22] (K7 Computing Pvt Ltd)
    S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [943112 2016-08-01] (Realtek )
    R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [736872 2016-08-26] (Realtek Semiconductor Corporation)
    R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [6131720 2016-08-29] (Realtek Semiconductor Corporation )
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

  4. #4
    Join Date
    Aug 2017
    Posts
    5
    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-08-15 09:47 - 2017-08-15 09:47 - 000025894 _____ C:\Users\MADHAN\Downloads\FRST.txt
    2017-08-15 09:37 - 2017-08-15 09:37 - 000066603 _____ C:\Users\MADHAN\Downloads\Shortcut-Pre.txt
    2017-08-15 09:32 - 2017-08-15 09:37 - 000038446 _____ C:\Users\MADHAN\Downloads\Addition-Pre.txt
    2017-08-15 09:31 - 2017-08-15 09:37 - 000105623 _____ C:\Users\MADHAN\Downloads\FRST-Pre.txt
    2017-08-15 09:30 - 2017-08-15 09:47 - 000000000 ____D C:\FRST
    2017-08-15 09:29 - 2017-08-15 09:29 - 002395648 _____ (Farbar) C:\Users\MADHAN\Downloads\FRST64.exe
    2017-08-14 22:03 - 2017-08-14 22:03 - 000000000 ____D C:\Users\MADHAN\Documents\Custom Office Templates
    2017-08-14 19:57 - 2017-08-14 19:57 - 000000000 ____D C:\ProgramData\Fotor
    2017-08-14 17:34 - 2017-08-14 17:34 - 000000000 ____D C:\Users\MADHAN\AppData\Local\AdAwareDesktop
    2017-08-14 17:29 - 2017-08-14 17:29 - 000000000 ____D C:\Users\MADHAN\AppData\Local\AdAwareUpdater
    2017-08-14 17:29 - 2017-08-14 17:29 - 000000000 ____D C:\Program Files\Common Files\adaware
    2017-08-14 17:27 - 2017-08-14 17:27 - 002611632 _____ C:\Users\MADHAN\Downloads\Adaware_Installer.exe
    2017-08-14 10:17 - 2017-08-14 10:17 - 000000002 _____ C:\Windows\SysWOW64\stub.json
    2017-08-13 23:40 - 2017-08-14 15:02 - 000000000 ____D C:\Users\MADHAN\AppData\Local\Mozilla
    2017-08-13 23:40 - 2017-08-13 23:42 - 000000000 ____D C:\Users\MADHAN\AppData\LocalLow\Mozilla
    2017-08-13 23:40 - 2017-08-13 23:40 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-08-13 23:40 - 2017-08-13 23:40 - 000000993 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-08-13 23:40 - 2017-08-13 23:40 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\Mozilla
    2017-08-13 23:40 - 2017-08-13 23:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2017-08-13 23:40 - 2017-08-13 23:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-08-13 23:39 - 2017-08-13 23:39 - 000245752 _____ (Mozilla) C:\Users\MADHAN\Downloads\Firefox Installer.exe
    2017-08-13 23:25 - 2017-08-13 23:25 - 000001032 _____ C:\Users\Public\Desktop\Fotor.lnk
    2017-08-13 23:25 - 2017-08-13 23:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotor
    2017-08-13 23:24 - 2017-08-13 23:25 - 000000000 ____D C:\Program Files (x86)\PhotoScape
    2017-08-13 23:24 - 2017-08-13 23:24 - 000001100 _____ C:\Users\MADHAN\Desktop\PhotoScape.lnk
    2017-08-13 23:24 - 2017-08-13 23:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
    2017-08-13 23:23 - 2017-08-13 23:24 - 000000000 ____D C:\Program Files (x86)\Fotor
    2017-08-13 23:19 - 2017-08-13 23:19 - 000000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
    2017-08-13 23:17 - 2017-08-13 23:18 - 000000000 ____D C:\Program Files\GIMP 2
    2017-08-13 23:06 - 2017-08-13 23:06 - 000001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
    2017-08-13 23:06 - 2017-08-13 23:06 - 000001092 _____ C:\Users\Public\Desktop\paint.net.lnk
    2017-08-13 23:06 - 2017-08-13 23:06 - 000000000 ____D C:\Program Files\paint.net
    2017-08-13 23:02 - 2017-08-13 23:02 - 000000000 ____D C:\Users\MADHAN\AppData\Local\paint.net
    2017-08-13 22:55 - 2017-08-13 22:55 - 000001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
    2017-08-13 22:55 - 2017-08-13 22:55 - 000001100 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
    2017-08-13 22:55 - 2017-08-13 22:55 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\TeamViewer
    2017-08-13 22:54 - 2017-08-13 22:55 - 000000000 ____D C:\Program Files (x86)\TeamViewer
    2017-08-13 22:53 - 2017-08-13 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
    2017-08-13 22:52 - 2017-08-13 22:52 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\IrfanView
    2017-08-13 22:52 - 2017-08-13 22:52 - 000000000 ____D C:\Program Files\IrfanView
    2017-08-13 22:32 - 2017-08-14 17:18 - 000000004 _____ C:\Users\MADHAN\Documents\.Rhistory
    2017-08-13 22:32 - 2017-08-14 16:21 - 000019456 _____ C:\Users\MADHAN\AppData\Local\WebpageIcons.db
    2017-08-13 22:32 - 2017-08-13 22:32 - 000000000 ____D C:\Users\MADHAN\Documents\R
    2017-08-13 22:31 - 2017-08-13 22:31 - 000001077 _____ C:\Users\Public\Desktop\R i386 3.4.1.lnk
    2017-08-13 22:31 - 2017-08-13 22:31 - 000001070 _____ C:\Users\Public\Desktop\R x64 3.4.1.lnk
    2017-08-13 22:31 - 2017-08-13 22:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R
    2017-08-13 22:31 - 2017-08-13 22:31 - 000000000 ____D C:\Program Files\R
    2017-08-13 22:28 - 2017-08-14 17:18 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\RStudio
    2017-08-13 22:27 - 2017-08-14 17:18 - 000000000 ____D C:\Users\MADHAN\AppData\Local\RStudio-Desktop
    2017-08-13 22:26 - 2017-08-13 22:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
    2017-08-13 22:26 - 2017-08-13 22:26 - 000000000 ____D C:\Program Files\RStudio
    2017-08-13 10:04 - 2017-08-13 23:29 - 000000000 ____D C:\Users\MADHAN\Downloads\Software
    2017-08-13 10:03 - 2017-08-13 23:30 - 000000000 ____D C:\Users\MADHAN\Downloads\Movies_Videos_Songs
    2017-08-12 11:13 - 2017-08-12 11:13 - 000000000 ___HD C:\Users\MADHAN\.org.eclipse.sequoyah
    2017-08-12 11:01 - 2017-08-12 11:39 - 000000000 ____D C:\Users\MADHAN\android-sdks
    2017-08-12 10:59 - 2017-08-12 10:59 - 000000000 ____D C:\Users\MADHAN\workspace
    2017-08-12 10:40 - 2017-08-12 11:00 - 000000000 ____D C:\Users\MADHAN\AppData\Local\Eclipse
    2017-08-12 10:40 - 2017-08-12 10:40 - 000000000 ____D C:\Users\MADHAN\.tooling
    2017-08-12 10:39 - 2017-08-12 10:43 - 000000000 ____D C:\Users\MADHAN\eclipse-workspace
    2017-08-12 10:37 - 2017-08-12 10:42 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
    2017-08-12 10:33 - 2017-08-12 10:40 - 000000000 ____D C:\Users\MADHAN\eclipse
    2017-08-12 10:22 - 2017-08-12 11:00 - 000000000 ____D C:\Users\MADHAN\.p2
    2017-08-12 10:22 - 2017-08-12 10:40 - 000000000 ____D C:\Users\MADHAN\.eclipse
    2017-08-12 10:21 - 2017-08-12 10:21 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\Sun
    2017-08-12 10:20 - 2017-08-12 10:20 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2017-08-12 10:20 - 2017-08-12 10:20 - 000000000 ____D C:\ProgramData\Oracle
    2017-08-12 10:20 - 2017-08-12 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-08-12 10:19 - 2017-08-12 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
    2017-08-12 10:17 - 2017-08-12 10:20 - 000000000 ____D C:\Program Files\Java
    2017-08-12 10:16 - 2017-08-12 10:16 - 000000000 ____D C:\Users\MADHAN\AppData\LocalLow\Oracle
    2017-08-12 08:02 - 2017-08-12 08:02 - 004723200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2017-08-11 00:31 - 2017-08-11 00:31 - 000000000 ____D C:\Users\MADHAN\AppData\Local\Turbo_C__
    2017-08-11 00:28 - 2017-08-11 00:28 - 000002717 _____ C:\Users\Public\Desktop\Turbo C++.lnk
    2017-08-11 00:28 - 2017-08-11 00:28 - 000000000 ____D C:\TURBOC3
    2017-08-11 00:28 - 2017-08-11 00:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbo C++
    2017-08-11 00:27 - 2017-08-11 00:27 - 000000000 ____D C:\Turbo C++
    2017-08-11 00:26 - 2017-08-11 00:26 - 000000000 ____D C:\New Folder
    2017-08-09 15:57 - 2017-08-09 15:57 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-08-09 11:53 - 2017-08-14 12:45 - 000005250 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-OFHD5US-MADHAN DESKTOP-OFHD5US
    2017-08-08 08:01 - 2017-08-08 08:01 - 000003378 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-229751498-1332251575-2494317161-1002
    2017-08-05 19:17 - 2017-08-05 19:17 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\dvdcss
    2017-08-04 19:34 - 2017-08-12 09:50 - 000000000 ____D C:\Users\MADHAN\AppData\LocalLow\uTorrent
    2017-08-02 20:21 - 2017-08-02 20:21 - 000000042 _____ C:\Users\MADHAN\Test.txt
    2017-08-02 20:17 - 2017-08-02 20:18 - 000000024 _____ C:\Users\MADHAN\Files.txt.txt
    2017-08-02 20:15 - 2017-08-02 20:23 - 000005103 _____ C:\Users\MADHAN\Files.ipynb
    2017-08-02 19:58 - 2017-08-02 20:15 - 000009498 _____ C:\Users\MADHAN\Tuples.ipynb
    2017-08-02 19:33 - 2017-08-02 19:58 - 000009431 _____ C:\Users\MADHAN\Dictionaries.ipynb
    2017-08-02 19:10 - 2017-08-02 19:33 - 000019033 _____ C:\Users\MADHAN\Lists.ipynb
    2017-08-02 18:53 - 2017-08-02 19:10 - 000003552 _____ C:\Users\MADHAN\Print Formatting.ipynb
    2017-08-02 18:53 - 2017-08-02 18:53 - 000000000 ____D C:\Users\MADHAN\.jupyter
    2017-08-02 18:52 - 2017-08-02 18:52 - 000000000 ____D C:\Users\MADHAN\AppData\Local\ContinuumIO
    2017-07-30 21:49 - 2017-08-12 15:26 - 000000000 ____D C:\Users\MADHAN\.android
    2017-07-30 21:49 - 2017-07-30 21:51 - 000001431 _____ C:\Users\MADHAN\Desktop\MiPCSuite.lnk
    2017-07-30 21:49 - 2017-07-30 21:51 - 000000000 ____D C:\Users\MADHAN\AppData\Local\MiPhoneManager
    2017-07-30 21:49 - 2017-07-30 21:49 - 001721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
    2017-07-30 21:49 - 2017-07-30 21:49 - 001002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
    2017-07-30 21:49 - 2017-07-30 21:49 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xiaomi
    2017-07-30 21:46 - 2017-07-30 21:46 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\Xiaomi
    2017-07-29 10:12 - 2017-08-12 15:27 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\uTorrent
    2017-07-29 10:12 - 2017-07-29 10:12 - 000000897 _____ C:\Users\MADHAN\Desktop\µTorrent.lnk
    2017-07-29 10:12 - 2017-07-29 10:12 - 000000877 _____ C:\Users\MADHAN\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
    2017-07-26 18:58 - 2017-07-26 18:58 - 000000000 ____D C:\Users\MADHAN\.ipython
    2017-07-26 18:57 - 2017-08-02 20:15 - 000000000 ____D C:\Users\MADHAN\.ipynb_checkpoints
    2017-07-26 18:57 - 2017-07-26 18:59 - 000000582 _____ C:\Users\MADHAN\Untitled.ipynb
    2017-07-26 18:51 - 2017-08-02 20:23 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\jupyter
    2017-07-26 18:51 - 2017-07-26 18:51 - 000000043 _____ C:\Users\MADHAN\.condarc
    2017-07-26 18:50 - 2017-07-26 18:53 - 000000000 ____D C:\Users\MADHAN\.conda
    2017-07-26 18:50 - 2017-07-26 18:50 - 000000000 ____D C:\Users\MADHAN\AppData\Local\conda
    2017-07-26 18:49 - 2017-07-26 18:49 - 000000000 ____D C:\Users\MADHAN\.anaconda
    2017-07-26 18:37 - 2017-07-26 18:37 - 000000000 ____D C:\Users\Public\Documents\Python Scripts
    2017-07-26 18:37 - 2017-07-26 18:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit)
    2017-07-26 18:30 - 2017-07-26 18:37 - 000000000 ____D C:\ProgramData\Anaconda2
    2017-07-25 18:56 - 2017-07-25 18:56 - 000000000 ____D C:\Asus WebStorage
    2017-07-25 18:53 - 2017-08-15 08:04 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\WebStorage
    2017-07-25 18:53 - 2017-07-25 18:53 - 000000000 __SHD C:\aws
    2017-07-25 18:53 - 2017-07-25 18:53 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\awsRun
    2017-07-25 18:53 - 2017-07-25 18:53 - 000000000 ____D C:\ProgramData\WebStorage
    2017-07-25 18:53 - 2017-07-25 18:53 - 000000000 ____D C:\ProgramData\ASUS WebStorage
    2017-07-25 18:49 - 2017-07-25 21:16 - 000000000 ____D C:\Users\MADHAN\AppData\Local\ASUS GIFTBOX
    2017-07-25 18:49 - 2017-07-25 18:49 - 000000000 ____D C:\Users\MADHAN\AppData\Local\Crashpad
    2017-07-25 18:48 - 2017-07-25 18:49 - 000000000 ____D C:\Windows\System32\Tasks\ASUSTek Computer Inc
    2017-07-25 18:48 - 2017-07-25 18:48 - 000002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS GIFTBOX.lnk
    2017-07-25 18:48 - 2017-07-25 18:48 - 000002113 _____ C:\Users\Public\Desktop\ASUS GIFTBOX.lnk
    2017-07-23 19:52 - 2017-08-12 08:02 - 000004602 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2017-07-23 19:52 - 2017-07-25 10:49 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-07-23 18:20 - 2017-07-23 18:20 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2017-07-19 21:00 - 2017-07-19 21:00 - 000016492 _____ C:\Windows\system32\results.xml
    2017-07-19 21:00 - 2017-07-19 21:00 - 000000000 ____D C:\ProgramData\USBChargerPlus
    2017-07-19 20:53 - 2017-07-19 20:53 - 000003530 _____ C:\Windows\System32\Tasks\ASUS Touchpad Handwriting (x64)
    2017-07-19 20:53 - 2017-07-19 20:53 - 000001345 _____ C:\Users\Public\Desktop\ASUS Touchpad Handwriting.lnk
    2017-07-19 20:53 - 2017-07-19 20:53 - 000000000 ____D C:\Users\Public\Documents\ASUS Touchpad Handwriting
    2017-07-19 20:53 - 2017-07-19 20:53 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\ASUS Touchpad Handwriting
    2017-07-19 20:53 - 2017-07-19 20:53 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\ASUS Touchpad Handwriting
    2017-07-19 20:48 - 2017-07-19 20:54 - 000000000 ____D C:\Windows\SysWOW64\sda
    2017-07-19 20:48 - 2016-09-02 07:40 - 009900072 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
    2017-07-19 20:48 - 2016-09-02 07:40 - 000346120 ____R (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsBaStor.sys
    2017-07-19 20:48 - 2016-09-02 07:40 - 000093224 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
    2017-07-19 20:48 - 2016-09-02 07:37 - 004340776 _____ (Realtek Semiconductor Corp.) C:\Windows\RtCRU64.exe
    2017-07-19 20:42 - 2017-07-19 20:42 - 000003104 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
    2017-07-18 19:54 - 2017-07-18 19:54 - 000000914 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
    2017-07-18 19:54 - 2017-07-18 19:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    2017-07-18 19:54 - 2017-07-18 19:54 - 000000000 ____D C:\Program Files\CPUID
    2017-07-18 18:47 - 2017-07-18 18:47 - 000000000 ____D C:\Users\MADHAN\AppData\Local\CEF
    2017-07-18 18:45 - 2017-07-18 18:45 - 000001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
    2017-07-18 18:45 - 2017-07-18 18:45 - 000001286 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
    2017-07-18 00:46 - 2017-08-10 22:27 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-07-18 00:46 - 2017-08-10 22:27 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-07-18 00:45 - 2017-07-18 00:45 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-07-18 00:45 - 2017-07-18 00:45 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-07-18 00:43 - 2017-07-18 00:45 - 000000000 ____D C:\Users\MADHAN\AppData\Local\Deployment
    2017-07-18 00:43 - 2017-07-18 00:43 - 000000000 ____D C:\Users\MADHAN\AppData\Local\Apps\2.0
    2017-07-18 00:39 - 2017-07-18 00:39 - 000000000 ____D C:\Program Files\DIFX
    2017-07-18 00:35 - 2017-07-18 00:35 - 000003260 _____ C:\Windows\System32\Tasks\RtHDVBg_ListenToDevice
    2017-07-18 00:35 - 2017-07-18 00:35 - 000003194 _____ C:\Windows\System32\Tasks\RTKCPL
    2017-07-18 00:35 - 2017-07-18 00:35 - 000000000 ____H C:\ProgramData\DP45977C.lfl
    2017-07-18 00:35 - 2017-07-18 00:35 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
    2017-07-18 00:35 - 2017-07-18 00:35 - 000000000 ____D C:\Windows\system32\DAX2
    2017-07-18 00:35 - 2017-07-18 00:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
    2017-07-18 00:35 - 2017-07-18 00:35 - 000000000 ____D C:\Program Files\Realtek
    2017-07-18 00:35 - 2016-11-17 02:27 - 001382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
    2017-07-18 00:35 - 2016-11-17 02:27 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
    2017-07-18 00:35 - 2016-11-17 02:27 - 000962128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
    2017-07-18 00:35 - 2016-11-17 02:27 - 000873464 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
    2017-07-18 00:35 - 2016-11-17 02:27 - 000601144 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
    2017-07-18 00:35 - 2016-11-17 02:27 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
    2017-07-18 00:35 - 2016-11-17 02:27 - 000158696 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
    2017-07-18 00:35 - 2016-11-17 02:27 - 000075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
    2017-07-18 00:35 - 2016-11-17 02:26 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
    2017-07-18 00:35 - 2016-11-17 02:26 - 002995000 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
    2017-07-18 00:35 - 2016-11-17 02:26 - 002706856 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
    2017-07-18 00:35 - 2016-11-17 02:26 - 001921016 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
    2017-07-18 00:35 - 2016-11-17 02:26 - 000984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
    2017-07-18 00:35 - 2016-11-17 02:26 - 000258864 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
    2017-07-18 00:34 - 2016-11-17 02:27 - 003299816 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
    2017-07-18 00:34 - 2016-11-17 02:27 - 002190984 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
    2017-07-18 00:34 - 2016-11-17 02:27 - 002110592 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
    2017-07-18 00:34 - 2016-11-17 02:27 - 001435136 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
    2017-07-18 00:34 - 2016-11-17 02:27 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
    2017-07-18 00:34 - 2016-11-17 02:27 - 000221968 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
    2017-07-18 00:34 - 2016-11-17 02:27 - 000209536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
    2017-07-18 00:34 - 2016-11-17 02:27 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 072520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
    2017-07-18 00:34 - 2016-11-17 02:26 - 014057248 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 013122576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 012988344 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 007474044 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
    2017-07-18 00:34 - 2016-11-17 02:26 - 007172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 006198136 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 005793520 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 005593608 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 005463552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2017-07-18 00:34 - 2016-11-17 02:26 - 003283240 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 003204096 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 003200864 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 003014144 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2017-07-18 00:34 - 2016-11-17 02:26 - 002828432 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 002825096 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 002201088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 002050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 001422920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 001360512 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 001322648 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 001213656 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 001166152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 001003856 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 001003328 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000999848 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000965024 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000931616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000923736 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000865912 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000859216 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000850408 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000721800 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000689880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000678184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000677672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000499152 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000447720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000381408 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000330560 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000231912 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000151784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000105304 _____ C:\Windows\system32\audioLibVc.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000090912 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000088320 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
    2017-07-18 00:34 - 2016-11-17 02:26 - 000023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
    2017-07-18 00:33 - 2017-07-19 20:48 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2017-07-18 00:33 - 2017-07-19 20:48 - 000000000 ____D C:\Program Files (x86)\Realtek
    2017-07-18 00:33 - 2016-11-17 02:26 - 010532048 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 007096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 006264632 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 005347000 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 003295064 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 002444688 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 001965808 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 001959600 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 001780616 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 001618768 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 001591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 001529136 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64Proxy.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 001508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 001186816 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 001133584 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000727432 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000618184 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000514520 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000504304 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000500552 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000472304 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000445392 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000441264 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000428224 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000416504 _____ (Harman) C:\Windows\system32\HMUI.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000378384 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000366120 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000362048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000360344 _____ (Harman) C:\Windows\system32\HMClariFi.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000327456 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000310416 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000253864 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000203840 _____ (Harman) C:\Windows\system32\HMHVS.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000179592 _____ (Harman) C:\Windows\system32\HMLimiter.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000154360 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000118592 _____ C:\Windows\system32\AcpiServiceVnA64.dll
    2017-07-18 00:33 - 2016-11-17 02:26 - 000118592 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
    2017-07-18 00:32 - 2017-07-18 00:35 - 000000000 ___HD C:\Program Files (x86)\Temp
    2017-07-18 00:32 - 2016-09-21 20:25 - 002839520 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
    2017-07-18 00:31 - 2017-07-18 00:31 - 000000000 ____D C:\Users\MADHAN\AppData\Local\MicrosoftEdge
    2017-07-18 00:30 - 2017-07-25 21:14 - 000000000 ____D C:\Program Files (x86)\ASUS
    2017-07-18 00:30 - 2017-07-18 00:30 - 000000000 ____D C:\Windows\System32\Tasks\ASUS
    2017-07-18 00:28 - 2017-07-19 20:47 - 000000000 ____D C:\Windows\Log
    2017-07-17 23:32 - 2017-07-18 18:37 - 000000434 _____ C:\Windows\Tasks\WpsExternal_20170717233202.job
    2017-07-17 23:32 - 2017-07-17 23:32 - 000003472 _____ C:\Windows\System32\Tasks\WpsExternal_20170717233202
    2017-07-17 23:32 - 2017-07-17 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WPS Office
    2017-07-17 23:31 - 2017-07-18 18:37 - 000000728 _____ C:\Windows\Tasks\WpsKtpcntrQingTask_MADHAN.job
    2017-07-17 23:31 - 2017-07-17 23:32 - 000001549 _____ C:\Users\Public\Desktop\WPS Office.lnk
    2017-07-17 23:31 - 2017-07-17 23:31 - 000003696 _____ C:\Windows\System32\Tasks\WpsKtpcntrQingTask_MADHAN
    2017-07-17 23:31 - 2017-07-17 23:31 - 000000000 ____D C:\ProgramData\Kingsoft
    2017-07-17 23:30 - 2017-07-17 23:31 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\kingsoft
    2017-07-17 23:30 - 2017-07-17 23:30 - 000000000 ____D C:\Users\MADHAN\AppData\Local\kingsoft
    2017-07-17 23:30 - 2017-07-17 23:30 - 000000000 ____D C:\Program Files (x86)\Kingsoft
    2017-07-17 23:16 - 2016-10-07 07:53 - 000795664 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
    2017-07-17 23:14 - 2017-07-17 23:14 - 000000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
    2017-07-17 23:14 - 2017-07-17 23:14 - 000000000 ____D C:\Program Files (x86)\Bluetooth Suite
    2017-07-17 23:14 - 2016-08-26 15:17 - 000736872 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\Drivers\RtkBtfilter.sys
    2017-07-17 23:14 - 2016-08-26 15:17 - 000241408 _____ (Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
    2017-07-17 23:14 - 2016-08-26 15:12 - 000073996 _____ C:\Windows\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192ee_new.dll
    2017-07-17 23:14 - 2016-08-26 15:12 - 000066368 _____ C:\Windows\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192eu_new.dll
    2017-07-17 23:14 - 2016-08-26 15:12 - 000064604 _____ C:\Windows\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_new.dll
    2017-07-17 23:14 - 2016-08-26 15:12 - 000053548 _____ C:\Windows\rtl8723d_mp_chip_bt40_fw_asic_rom_patch_new.dll
    2017-07-17 23:14 - 2016-08-26 15:12 - 000050752 _____ C:\Windows\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new.dll
    2017-07-17 23:14 - 2016-08-26 15:12 - 000050712 _____ C:\Windows\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8812ae_new.dll
    2017-07-17 23:14 - 2016-08-26 15:12 - 000050700 _____ C:\Windows\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new_s1.dll
    2017-07-17 23:14 - 2016-08-26 15:12 - 000045100 _____ C:\Windows\rtl8822b_mp_chip_bt40_fw_asic_rom_patch_new.dll
    2017-07-17 23:14 - 2016-08-26 15:12 - 000038356 _____ C:\Windows\rtl8821a_mp_chip_bt40_fw_asic_rom_patch_new.dll
    2017-07-17 23:14 - 2016-08-26 15:12 - 000037244 _____ C:\Windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll
    2017-07-17 23:14 - 2016-08-26 15:12 - 000016916 _____ C:\Windows\rtl8821c_mp_chip_bt40_fw_asic_rom_patch_new.dll
    2017-07-17 23:14 - 2016-08-26 15:12 - 000000952 _____ C:\Windows\PidVid_List.dll
    2017-07-17 23:13 - 2017-07-17 23:14 - 000000000 ____D C:\ProgramData\Realtek
    2017-07-17 23:13 - 2016-01-19 15:18 - 000004216 _____ C:\Windows\PidVid_List.txt
    2017-07-17 23:10 - 2017-08-13 23:25 - 000000560 __RSH C:\ProgramData\ntuser.pol
    2017-07-17 23:10 - 2017-07-17 23:10 - 000002217 _____ C:\Users\Public\Desktop\K7InternetSecurity.lnk
    2017-07-17 23:10 - 2017-07-17 23:10 - 000000000 ____D C:\Users\MADHAN\AppData\Local\K7 Computing
    2017-07-17 23:10 - 2016-09-22 09:08 - 000192904 _____ (K7 Computing Pvt Ltd) C:\Windows\system32\Drivers\K7Sentry.sys
    2017-07-17 23:10 - 2016-08-01 07:12 - 000943112 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
    2017-07-17 23:10 - 2016-08-01 07:12 - 000082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
    2017-07-17 23:10 - 2015-01-22 11:09 - 000110544 _____ (K7 Computing Pvt Ltd) C:\Windows\system32\Drivers\K7FWHlpr.sys
    2017-07-17 23:10 - 2011-12-29 10:08 - 000022624 _____ (K7 Computing Pvt. Ltd.) C:\Windows\system32\K7TSDbg.exe
    2017-07-17 23:10 - 2009-04-18 21:01 - 000015904 _____ (K7 Computing Pvt Ltd) C:\Windows\system32\Drivers\K7TdiHlp.sys
    2017-07-17 23:09 - 2017-08-13 09:55 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\vlc
    2017-07-17 23:09 - 2017-07-17 23:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K7InternetSecurity
    2017-07-17 23:09 - 2017-07-17 23:09 - 000000000 ____D C:\ProgramData\K7 Computing
    2017-07-17 23:09 - 2017-07-17 23:09 - 000000000 ____D C:\Program Files (x86)\K7 Computing
    2017-07-17 23:08 - 2017-08-04 21:18 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2017-07-17 23:08 - 2017-07-17 23:08 - 000003738 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
    2017-07-17 23:08 - 2017-07-17 23:08 - 000001104 _____ C:\Users\MADHAN\Desktop\KMPlayer.lnk
    2017-07-17 23:08 - 2017-07-17 23:08 - 000000000 ____D C:\Users\MADHAN\Documents\The KMPlayer
    2017-07-17 23:08 - 2017-07-17 23:08 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
    2017-07-17 23:08 - 2017-07-17 23:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2017-07-17 23:08 - 2017-07-17 23:08 - 000000000 ____D C:\Program Files\VideoLAN
    2017-07-17 23:08 - 2017-07-17 23:08 - 000000000 ____D C:\Program Files (x86)\The KMPlayer
    2017-07-17 23:07 - 2017-07-17 23:08 - 000000000 ____D C:\ProgramData\Intel
    2017-07-17 23:07 - 2017-07-17 23:07 - 000001179 _____ C:\Users\Public\Desktop\Picasa 3.lnk
    2017-07-17 23:06 - 2017-07-22 11:50 - 000000000 ____D C:\Users\MADHAN\AppData\Local\Google
    2017-07-17 23:06 - 2017-07-18 18:42 - 000000000 ____D C:\Program Files (x86)\Adobe
    2017-07-17 23:06 - 2017-07-18 00:46 - 000000000 ____D C:\Program Files (x86)\Google
    2017-07-17 23:06 - 2017-07-17 23:06 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2017-07-17 23:06 - 2017-07-17 23:06 - 000002096 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
    2017-07-17 23:06 - 2017-07-17 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
    2017-07-17 23:05 - 2017-07-17 23:05 - 000000000 ____D C:\Users\MADHAN\Intel
    2017-07-17 23:04 - 2017-07-17 23:04 - 000002691 _____ C:\Users\Public\Desktop\AudioWizard.lnk
    2017-07-17 23:04 - 2017-07-17 23:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
    2017-07-17 23:04 - 2017-07-17 23:04 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
    2017-07-17 23:04 - 2017-07-17 23:04 - 000000000 ____D C:\Windows\system32\Intel
    2017-07-17 23:04 - 2017-07-17 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
    2017-07-17 23:04 - 2017-07-17 23:04 - 000000000 ____D C:\Program Files (x86)\ICEpower
    2017-07-17 23:04 - 2016-11-01 11:52 - 001804680 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
    2017-07-17 23:04 - 2016-11-01 11:52 - 000648512 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
    2017-07-17 23:04 - 2016-11-01 11:52 - 000350272 _____ (Intel Corporation) C:\Windows\system32\Drivers\esif_lf.sys
    2017-07-17 23:04 - 2016-11-01 11:52 - 000098128 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
    2017-07-17 23:04 - 2016-11-01 11:52 - 000066616 _____ (Intel Corporation) C:\Windows\system32\Drivers\dptf_cpu.sys
    2017-07-17 23:03 - 2017-07-19 20:41 - 000000000 ____D C:\Users\MADHAN\AppData\Local\Downloaded Installations
    2017-07-17 23:03 - 2017-07-19 20:35 - 000000000 ____D C:\Users\MADHAN\AppData\LocalLow\Adobe
    2017-07-17 23:03 - 2017-07-17 23:03 - 000003638 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OFHD5US-MADHAN
    2017-07-17 23:03 - 2017-07-17 23:03 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2017-07-17 23:01 - 2017-07-17 23:01 - 000001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
    2017-07-17 23:01 - 2017-07-17 23:01 - 000000755 _____ C:\Users\Public\Desktop\eManual.Lnk
    2017-07-17 23:01 - 2017-07-17 23:01 - 000000000 ____D C:\Program Files\Adobe
    2017-07-17 23:01 - 2017-07-17 23:01 - 000000000 ____D C:\eSupport
    2017-07-17 23:00 - 2017-07-18 18:45 - 000000000 ____D C:\ProgramData\Package Cache
    2017-07-17 22:58 - 2017-07-17 23:01 - 000000000 ____D C:\Program Files\Common Files\Adobe
    2017-07-17 22:56 - 2017-08-14 12:04 - 000003550 _____ C:\Windows\System32\Tasks\ASUS Live Update1
    2017-07-17 22:56 - 2017-08-14 12:04 - 000003540 _____ C:\Windows\System32\Tasks\ASUS Live Update2
    2017-07-17 22:56 - 2017-07-25 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2017-07-17 22:56 - 2017-07-22 10:13 - 000000000 ____D C:\ProgramData\Adobe
    2017-07-17 22:56 - 2017-07-17 22:56 - 000003976 _____ C:\Windows\System32\Tasks\Update Checker
    2017-07-17 22:56 - 2017-07-17 22:56 - 000003646 _____ C:\Windows\System32\Tasks\ATK Package 36D18D69AFC3
    2017-07-17 22:56 - 2017-07-17 22:56 - 000002874 _____ C:\Windows\System32\Tasks\ATK Package A22126881260
    2017-07-17 22:56 - 2017-07-17 22:56 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\Macromedia
    2017-07-17 22:55 - 2017-08-14 10:55 - 000000000 ____D C:\Users\MADHAN\AppData\Local\Adobe
    2017-07-17 22:52 - 2017-07-17 22:52 - 000000000 ____D C:\Program Files (x86)\Cisco
    2017-07-17 22:52 - 2016-08-29 17:55 - 006131720 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlane.sys
    2017-07-17 22:52 - 2016-08-29 17:55 - 001156104 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
    2017-07-17 22:52 - 2016-08-29 17:49 - 000012928 _____ C:\Windows\system32\Drivers\rtldata.txt
    2017-07-17 22:51 - 2017-07-17 22:51 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\Skype
    2017-07-17 22:50 - 2017-07-17 22:50 - 000000000 ____D C:\Windows\Options
    2017-07-17 22:50 - 2017-07-17 22:50 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
    2017-07-17 22:50 - 2016-11-01 00:29 - 004591032 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athw10x.sys
    2017-07-17 22:50 - 2016-11-01 00:29 - 000095161 ____N C:\Windows\system32\athw10x.cat
    2017-07-17 22:49 - 2017-07-17 22:49 - 000000000 ____D C:\ProgramData\Qualcomm Atheros
    2017-07-17 22:45 - 2017-07-17 23:08 - 000000000 ____D C:\Program Files (x86)\Intel
    2017-07-17 22:44 - 2017-08-15 07:56 - 000000000 __SHD C:\Users\MADHAN\IntelGraphicsProfiles
    2017-07-17 22:44 - 2017-07-17 23:09 - 000000000 ____D C:\Program Files\Intel
    2017-07-17 22:44 - 2017-07-17 22:44 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
    2017-07-17 22:44 - 2016-10-27 09:28 - 000113696 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
    2017-07-17 22:43 - 2016-10-27 09:40 - 000101400 _____ C:\Windows\SysWOW64\libGLESv1_CM.dll
    2017-07-17 22:43 - 2016-10-27 09:28 - 000271392 _____ C:\Windows\system32\igfxCPL.cpl
    2017-07-17 22:43 - 2016-10-27 09:28 - 000141336 _____ C:\Windows\SysWOW64\libEGL.dll
    2017-07-17 22:43 - 2016-10-27 09:28 - 000113696 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
    2017-07-17 22:43 - 2016-10-27 09:28 - 000112160 _____ C:\Windows\SysWOW64\libGLESv2.dll
    2017-07-17 22:43 - 2016-10-27 09:28 - 000104480 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
    2017-07-17 22:43 - 2016-10-27 08:50 - 000560260 _____ C:\Windows\system32\cp_resources.bin
    2017-07-17 22:40 - 2016-10-19 12:06 - 000821224 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
    2017-07-17 22:39 - 2017-07-17 22:44 - 000000000 ____D C:\Intel
    2017-07-17 21:43 - 2017-07-18 00:36 - 000000000 ____D C:\Windows\AutoKMS
    2017-07-17 21:43 - 2017-07-17 21:43 - 000003808 _____ C:\Windows\System32\Tasks\AutoKMS
    2017-07-17 21:43 - 2017-07-17 21:43 - 000000000 ____D C:\Users\MADHAN\AppData\Local\PeerDistRepub
    2017-07-17 21:43 - 2017-07-17 21:43 - 000000000 ____D C:\ProgramData\Microsoft Toolkit
    2017-07-17 21:42 - 2017-07-17 21:42 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\WinRAR
    2017-07-17 21:39 - 2017-07-17 21:39 - 000000000 ____D C:\Users\MADHAN\AppData\Local\Comms
    2017-07-17 21:31 - 2017-07-17 21:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-07-17 21:28 - 2017-07-17 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2017-07-17 21:28 - 2017-07-17 21:28 - 000000000 ____D C:\Windows\PCHEALTH
    2017-07-17 21:28 - 2017-07-17 21:28 - 000000000 ____D C:\Program Files\Microsoft SQL Server
    2017-07-17 21:28 - 2017-07-17 21:28 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
    2017-07-17 21:28 - 2017-07-17 21:28 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
    2017-07-17 21:26 - 2017-07-17 23:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-07-17 21:26 - 2017-07-17 21:28 - 000000000 ____D C:\Windows\SHELLNEW
    2017-07-17 21:26 - 2017-07-17 21:28 - 000000000 ____D C:\Program Files\Microsoft Office
    2017-07-17 21:26 - 2017-07-17 21:26 - 000000000 __RHD C:\MSOCache
    2017-07-17 21:26 - 2017-07-17 21:26 - 000000000 ____D C:\Users\MADHAN\AppData\Local\Microsoft Help
    2017-07-17 21:26 - 2017-07-17 21:26 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
    2017-07-17 21:26 - 2017-07-17 21:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
    2017-07-17 21:25 - 2017-07-17 21:25 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-07-17 21:25 - 2017-07-17 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2017-07-17 21:25 - 2017-07-17 21:25 - 000000000 ____D C:\Program Files\WinRAR
    2017-07-17 21:24 - 2017-08-08 08:01 - 000002366 _____ C:\Users\MADHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-07-17 21:24 - 2017-08-08 08:01 - 000000000 ___RD C:\Users\MADHAN\OneDrive
    2017-07-17 21:24 - 2017-07-17 21:24 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2017-07-17 21:23 - 2017-08-14 11:06 - 001035370 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-07-17 21:22 - 2017-07-17 21:22 - 000000000 ____D C:\Users\MADHAN\AppData\Local\Publishers
    2017-07-17 21:21 - 2017-08-12 11:13 - 000000000 ____D C:\Users\MADHAN
    2017-07-17 21:21 - 2017-08-11 00:38 - 000000000 ____D C:\Users\MADHAN\AppData\Local\VirtualStore
    2017-07-17 21:21 - 2017-07-19 20:35 - 000000000 ____D C:\Users\MADHAN\AppData\Roaming\Adobe
    2017-07-17 21:21 - 2017-07-17 21:50 - 000000000 ____D C:\Users\MADHAN\AppData\Local\ConnectedDevicesPlatform
    2017-07-17 21:21 - 2017-07-17 21:38 - 000000000 ____D C:\Users\MADHAN\AppData\Local\Packages
    2017-07-17 21:21 - 2017-07-17 21:21 - 000000020 ___SH C:\Users\MADHAN\ntuser.ini
    2017-07-17 21:21 - 2017-07-17 21:21 - 000000000 ____D C:\Windows\CSC
    2017-07-17 21:21 - 2017-07-17 21:21 - 000000000 ____D C:\Users\MADHAN\AppData\Local\TileDataLayer
    2017-07-17 21:20 - 2017-07-17 21:20 - 000000000 ____D C:\Users\defaultuser0.DESKTOP-OFHD5US\AppData\Local\VirtualStore
    2017-07-17 21:20 - 2017-07-17 21:20 - 000000000 ____D C:\Users\defaultuser0.DESKTOP-OFHD5US\AppData\Local\TileDataLayer
    2017-07-17 21:20 - 2017-07-17 21:20 - 000000000 ____D C:\Users\defaultuser0.DESKTOP-OFHD5US\AppData\Local\Packages
    2017-07-17 21:20 - 2017-07-17 21:20 - 000000000 ____D C:\Users\defaultuser0.DESKTOP-OFHD5US\AppData\Local\ConnectedDevicesPlatform
    2017-07-17 21:19 - 2017-07-17 21:19 - 000000020 ___SH C:\Users\defaultuser0.DESKTOP-OFHD5US\ntuser.ini
    2017-07-17 21:19 - 2017-07-17 21:19 - 000000000 ____D C:\Users\defaultuser0.DESKTOP-OFHD5US

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-08-15 09:18 - 2016-11-17 14:44 - 000000000 ____D C:\Windows\system32\SleepStudy
    2017-08-14 22:44 - 2016-07-16 17:17 - 000000000 ____D C:\Windows\LiveKernelReports
    2017-08-14 22:00 - 2016-11-17 14:44 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-08-14 21:59 - 2016-07-16 11:34 - 000262144 _____ C:\Windows\system32\config\BBI
    2017-08-14 10:59 - 2016-11-17 14:44 - 000342992 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-08-12 08:02 - 2016-07-16 17:17 - 000000000 ____D C:\Windows\SysWOW64\Macromed
    2017-08-12 08:02 - 2016-07-16 17:17 - 000000000 ____D C:\Windows\system32\Macromed
    2017-07-30 21:50 - 2016-07-16 17:15 - 000000000 ____D C:\Windows\INF
    2017-07-25 13:51 - 2016-07-16 17:17 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-07-25 10:50 - 2016-07-16 17:06 - 000000000 ____D C:\Windows\CbsTemp
    2017-07-18 18:07 - 2016-07-16 17:17 - 000000000 ____D C:\Windows\system32\WinBioDatabase
    2017-07-18 18:06 - 2016-07-16 17:17 - 000000000 ____D C:\Windows\appcompat
    2017-07-18 10:43 - 2016-07-16 17:17 - 000028672 _____ C:\Windows\system32\config\BCD-Template
    2017-07-17 23:10 - 2016-07-16 17:17 - 000000000 ___HD C:\Windows\system32\GroupPolicy
    2017-07-17 23:10 - 2016-07-16 17:17 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
    2017-07-17 23:09 - 2016-07-16 17:17 - 000000000 ____D C:\Windows\Help
    2017-07-17 22:58 - 2016-07-16 17:17 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2017-07-17 22:34 - 2016-07-16 17:17 - 000000000 ____D C:\Windows\system32\NDF
    2017-07-17 21:49 - 2016-07-16 17:17 - 000000000 ____D C:\Windows\AppReadiness
    2017-07-17 21:33 - 2016-07-16 17:17 - 000000167 _____ C:\Windows\win.ini
    2017-07-17 21:28 - 2016-07-16 17:17 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-07-17 21:27 - 2016-07-16 17:17 - 000000000 ____D C:\Program Files\Common Files\System
    2017-07-17 21:21 - 2016-11-17 05:46 - 000000000 __RHD C:\Users\Public\AccountPictures
    2017-07-17 21:21 - 2016-11-16 08:40 - 000000000 ____D C:\Windows\Setup
    2017-07-17 21:20 - 2016-07-16 17:17 - 000000000 ____D C:\Windows\rescache
    2017-07-17 21:18 - 2016-11-17 14:44 - 000000000 ____D C:\Windows\Panther
    2017-07-17 21:15 - 2016-11-17 05:47 - 000002836 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task

    ==================== Files in the root of some directories =======

    2017-08-13 22:32 - 2017-08-14 16:21 - 000019456 _____ () C:\Users\MADHAN\AppData\Local\WebpageIcons.db
    2017-07-18 00:35 - 2017-07-18 00:35 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-08-14 12:30

    ==================== End of FRST.txt ============================

  5. #5
    Join Date
    Aug 2017
    Posts
    5
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
    Ran by MADHAN (15-08-2017 09:48:00)
    Running from C:\Users\MADHAN\Downloads
    Windows 10 Pro Version 1607 (X64) (2017-07-17 15:50:31)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-229751498-1332251575-2494317161-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-229751498-1332251575-2494317161-503 - Limited - Disabled)
    defaultuser0 (S-1-5-21-229751498-1332251575-2494317161-1001 - Limited - Disabled) => C:\Users\defaultuser0.DESKTOP-OFHD5US
    Guest (S-1-5-21-229751498-1332251575-2494317161-501 - Limited - Disabled)
    MADHAN (S-1-5-21-229751498-1332251575-2494317161-1002 - Administrator - Enabled) => C:\Users\MADHAN

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: K7InternetSecurity (Enabled - Up to date) {F00FDD89-D190-E257-55B2-5A2C4E7195C1}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: K7InternetSecurity (Enabled - Up to date) {4B6E3C6D-F7AA-EDD9-6F02-615E35F6DF7C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: K7InternetSecurity (Enabled) {C8345CAC-9BFF-E30F-7EED-F319B0A2D2BA}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-229751498-1332251575-2494317161-1002\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.1.1.202 - Adobe Systems Incorporated)
    Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
    Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.0) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
    ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.5.24 - ASUSTek Computer Inc)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
    ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.14 - ASUS)
    ASUS Touchpad Handwriting (HKLM-x32\...\{F3ED910A-9041-49D0-9C70-BD9E1DC5B08E}) (Version: 1.0.3 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.7 - ASUS)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
    AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.3.14 - ICEpower a/s)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
    CPUID CPU-Z 1.80 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
    Fotor 3.1.1 (HKLM-x32\...\Fotor) (Version: 3.1.1 - Everimaging Co., Ltd.)
    GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
    IrfanView 4.44 (64-bit) (HKLM\...\IrfanView64) (Version: 4.44 - Irfan Skiljan)
    Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
    Java SE Development Kit 8 Update 144 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180144}) (Version: 8.0.1440.1 - Oracle Corporation)
    K7InternetSecurity (HKLM-x32\...\K7InternetSecurity) (Version: 14.00 - K7 Computing Pvt Ltd)
    Mi PC Suite (HKU\S-1-5-21-229751498-1332251575-2494317161-1002\...\MiPhoneManager) (Version: - Xiaomi Inc.)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-229751498-1332251575-2494317161-1002\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Mozilla Firefox 55.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.1 (x64 en-US)) (Version: 55.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
    Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
    paint.net (HKLM\...\{02D89175-E08F-401B-BA30-8B7512B57724}) (Version: 4.0.17 - dotPDN LLC)
    PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
    Python 2.7.13 (Anaconda2 4.4.0 64-bit) (HKLM\...\Python 2.7.13 (Anaconda2 4.4.0 64-bit)) (Version: 4.4.0 - Continuum Analytics, Inc.)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.11 - Qualcomm Atheros)
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    R for Windows 3.4.1 (HKLM\...\R for Windows 3.4.1_is1) (Version: 3.4.1 - R Core Team)
    REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.4.887.082616 - REALTEK Semiconductor Corp.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.27056 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7989 - Realtek Semiconductor Corp.)
    Realtek PCI-E Wireless LAN Driver (HKLM-x32\...\InstallShield_{70714FB7-4084-4202-A599-2D5935DECB67}) (Version: Drv_3.00.0008 - REALTEK Semiconductor Corp.)
    RStudio (HKLM-x32\...\RStudio) (Version: 1.0.153 - RStudio)
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer)
    The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
    Turbo C++ 3.2 (HKLM-x32\...\{16FEECA3-A0BF-44ED-A894-C0E7B29FAA2B}) (Version: 3.2.3.0 - Turbo C++)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
    WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.15.587G - ASUS Cloud Corporation)
    Windows Driver Package - ASUS (AsusPTPDrv) HIDClass (09/23/2016 11.0.0.14) (HKLM\...\F95583A62AB902A3FC263F668380483F9E0113CD) (Version: 09/23/2016 11.0.0.14 - ASUS)
    WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
    WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 10.1.0.5644 - Kingsoft Corp.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-229751498-1332251575-2494317161-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
    ShellIconOverlayIdentifiers: [ !AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.15.587G\ASUSWSShellExt64.dll [2017-04-21] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [ !AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.15.587G\ASUSWSShellExt64.dll [2017-04-21] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [ !AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.15.587G\ASUSWSShellExt64.dll [2017-04-21] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
    ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
    ContextMenuHandlers1: [K7Computing.K7AVScanner] -> {FD23B962-BADB-11D7-B0FE-00C026A19B93} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSSExt64.dll [2014-02-12] (K7 Computing Pvt Ltd)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
    ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
    ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
    ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7a99cee8a1a412a6\igfxDTCM.dll [2016-10-27] (Intel Corporation)
    ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
    ContextMenuHandlers6: [K7Computing.K7AVScanner] -> {FD23B962-BADB-11D7-B0FE-00C026A19B93} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSSExt64.dll [2014-02-12] (K7 Computing Pvt Ltd)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2011-03-02] ()
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2011-03-02] ()

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {18C7CE23-C23E-48D6-B46D-902242C5BD43} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {1C49EDB0-692E-4831-A4C5-B93C28D4C294} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-02-23] (ASUSTek Computer Inc.)
    Task: {2FFFFE59-5F70-4ABF-B5C3-333EDA4EE137} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-11-17] (Realtek Semiconductor)
    Task: {36F44B33-2B6C-4DF8-BA87-E88066AD8A1D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {37645CBE-35D6-46DB-923F-AE753A53663E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation)
    Task: {3C5F8006-7250-47DB-8C1C-4DDCAC6D8F7F} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {3E0A814C-AA5C-4468-9FB5-987900705F57} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-11-17] (Realtek Semiconductor)
    Task: {4F59C7FD-870A-4119-86EE-28C0A151EC7E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
    Task: {5BA14A23-C464-4B9C-89D5-3EFF805F45C3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWoW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-12] (Adobe Systems Incorporated)
    Task: {5E00B677-E9BD-41A2-A95C-E7F3E906E568} - System32\Tasks\WpsKtpcntrQingTask_MADHAN => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [2017-07-17] (Zhuhai Kingsoft Office Software Co.,Ltd)
    Task: {5E6BCDC7-DDB0-4B6D-9769-DF75986BF106} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
    Task: {5FBC06E9-C1E2-4E03-8A63-CC0B3E638899} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-OFHD5US-MADHAN DESKTOP-OFHD5US => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-09-10] (Microsoft Corporation)
    Task: {83CB787B-648E-431E-9888-35FAAE5CA856} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-18] (Google Inc.)
    Task: {8E39A68D-26CD-416F-BB02-90F95F863B12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-18] (Google Inc.)
    Task: {8FFC4F24-4CB5-4965-992B-A174B55D2CDB} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
    Task: {9469F6C9-5759-4A5C-995A-34F5BEE1FA9F} - System32\Tasks\ASUS Touchpad Handwriting (x64) => C:\Program Files (x86)\ASUS\ASUS Touchpad Handwriting\Exe\x64\AsusHWLaunch64.exe [2016-07-26] (ASUSTeK Computer Inc.)
    Task: {991D6BBE-D4DB-42E5-9DD3-16640D45A786} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
    Task: {C0267C37-C902-4B80-9A10-CCD5CB2E4A31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-12] (Adobe Systems Incorporated)
    Task: {C7CD6213-A03B-43C8-BE1A-4177352753F2} - System32\Tasks\WpsExternal_20170717233202 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [2017-07-17] (Zhuhai Kingsoft Office Software Co.,Ltd)
    Task: {DDACEEE2-E26B-4FEA-8E04-A8DBBE963DFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
    Task: {E2A2022E-DE81-42E7-9A8D-4D8E471343AB} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {E364E53B-D77E-41C6-9A12-985071E5D56D} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OFHD5US-MADHAN => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
    Task: {F82D83D5-4B96-44C0-8608-2510B3952B1A} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
    Task: {F97BF280-5B52-4D38-95C9-AB520D0D52AA} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\WpsExternal_20170717233202.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
    Task: C:\Windows\Tasks\WpsKtpcntrQingTask_MADHAN.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 17:12 - 2016-07-16 17:12 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
    2016-11-15 20:18 - 2016-11-15 20:18 - 002681200 _____ () C:\Windows\System32\CoreUIComponents.dll
    2017-05-26 03:18 - 2017-05-26 03:18 - 000492112 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2017-07-17 21:25 - 2011-03-02 12:40 - 000164864 _____ () C:\Program Files\WinRAR\rarext.dll
    2016-11-15 20:18 - 2016-11-15 20:18 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2016-11-15 20:18 - 2016-11-15 20:18 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2016-11-15 20:18 - 2016-11-15 20:18 - 000693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
    2016-11-15 20:18 - 2016-11-15 20:18 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-11-15 20:18 - 2016-11-15 20:18 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-11-15 20:18 - 2016-11-15 20:18 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2016-11-15 20:18 - 2016-11-15 20:18 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-11-15 20:18 - 2016-11-15 20:18 - 002424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-11-15 20:18 - 2016-11-15 20:18 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2017-07-30 21:50 - 2016-03-11 09:41 - 000157624 _____ () C:\Users\MADHAN\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe
    2017-05-15 02:38 - 2017-05-15 02:38 - 034957896 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
    2016-07-16 20:07 - 2016-07-16 20:07 - 000017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2016-07-16 20:07 - 2016-07-16 20:07 - 012473856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2016-07-16 20:05 - 2016-07-16 20:05 - 003790336 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
    2016-07-16 20:05 - 2016-07-16 20:05 - 000258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2013-10-17 11:25 - 2013-10-17 11:25 - 008866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2016-09-14 20:25 - 2016-09-14 20:25 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2017-07-30 21:51 - 2016-03-11 09:41 - 000065976 _____ () C:\Users\MADHAN\AppData\Local\MiPhoneManager\main\MiFramework.dll
    2017-07-30 21:51 - 2016-03-11 09:41 - 000136632 _____ () C:\Users\MADHAN\AppData\Local\MiPhoneManager\main\MiPlugin4NSIS.dll
    2017-07-30 21:51 - 2016-03-11 09:41 - 000018360 _____ () C:\Users\MADHAN\AppData\Local\MiPhoneManager\main\MiTrace.dll
    2017-07-30 21:51 - 2016-03-11 09:34 - 000099600 _____ () C:\Users\MADHAN\AppData\Local\MiPhoneManager\main\zlib1.dll
    2017-06-04 07:19 - 2017-06-04 07:19 - 052051552 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
    2017-05-30 01:39 - 2017-05-30 01:39 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
    2017-05-30 01:39 - 2017-05-30 01:39 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
    2017-05-30 01:38 - 2017-05-30 01:38 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
    2017-05-30 01:39 - 2017-05-30 01:39 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
    2017-06-04 07:47 - 2017-06-04 07:47 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
    2017-05-30 01:39 - 2017-05-30 01:39 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
    2014-12-29 09:54 - 2014-12-29 09:54 - 000736256 _____ () C:\Program Files (x86)\K7 Computing\K7TSecurity\libglesv2.dll
    2014-12-29 09:54 - 2014-12-29 09:54 - 000130048 _____ () C:\Program Files (x86)\K7 Computing\K7TSecurity\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-07-16 17:17 - 2017-08-14 10:57 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-229751498-1332251575-2494317161-1002\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
    mpsdrv => Firewall Service is not running.
    MpsSvc => Firewall Service is not running.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{9CC950B0-5506-47C6-AF6B-EFB58F4B3701}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{806F08BE-CC95-45B6-946F-95364EEEEAC0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{DADFF6DB-D054-4FF0-A1BB-B309295D1885}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{85FB872C-521C-443F-81A3-C7DCF3BB183D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{A2A11731-B9B5-4C5B-9E0E-E3F25BD6B2F8}] => (Allow) E:\microsoft-toolkit-2.6.5\Microsoft Toolkit.exe
    FirewallRules: [{79549696-3AE1-4C1D-9DF2-0284AC0034A7}] => (Allow) E:\microsoft-toolkit-2.6.5\Microsoft Toolkit.exe

    ==================== Restore Points =========================

    11-08-2017 00:28:14 Installed Turbo C++ 3.2.
    12-08-2017 10:16:51 Installed Java SE Development Kit 8 Update 144 (64-bit)
    14-08-2017 17:29:07 AA11
    Check "winmgmt" service or repair WMI.


    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/15/2017 09:40:35 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.14393.447, time stamp: 0x5819bd75
    Faulting module name: iertutil.dll, version: 11.0.14393.447, time stamp: 0x5819bc90
    Exception code: 0xc0000409
    Fault offset: 0x0000000000064da8
    Faulting process id: 0x1dc8
    Faulting application start time: 0x01d3157c71c3bbfd
    Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    Faulting module path: C:\Windows\SYSTEM32\iertutil.dll
    Report Id: b3ebdd94-22a3-4b5b-8132-e631b4365292
    Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
    Faulting package-relative application ID: MicrosoftEdge

    Error: (08/15/2017 09:31:04 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: k7tsecurity.exe, version: 16.0.0.3, time stamp: 0x56e7a457
    Faulting module name: combase.dll, version: 10.0.14393.351, time stamp: 0x5801a433
    Exception code: 0xc0000005
    Fault offset: 0x000fe02f
    Faulting process id: 0x1d30
    Faulting application start time: 0x01d3156dfce89aa3
    Faulting application path: C:\Program Files (x86)\K7 Computing\K7TSecurity\k7tsecurity.exe
    Faulting module path: C:\Windows\System32\combase.dll
    Report Id: 661c791b-a979-4faa-8df4-f4b7f93a74e0
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (08/15/2017 09:18:53 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/15/2017 09:18:40 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.14393.447, time stamp: 0x5819bd75
    Faulting module name: iertutil.dll, version: 11.0.14393.447, time stamp: 0x5819bc90
    Exception code: 0xc0000409
    Fault offset: 0x0000000000064da8
    Faulting process id: 0x1e40
    Faulting application start time: 0x01d315796148990d
    Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    Faulting module path: C:\Windows\SYSTEM32\iertutil.dll
    Report Id: fdf4790d-2f79-41e8-96e5-9ecc529b56cb
    Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
    Faulting package-relative application ID: MicrosoftEdge

    Error: (08/15/2017 08:15:48 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/15/2017 08:04:21 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/15/2017 08:04:14 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable

    Error: (08/15/2017 07:57:29 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

    Error: (08/14/2017 10:45:21 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

    Error: (08/14/2017 10:45:18 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
    Description: License Activation (slui.exe) failed with the following error code:
    hr=0xC004F074
    Command-line arguments:
    RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable


    System errors:
    =============
    Error: (08/15/2017 09:07:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/15/2017 08:15:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/15/2017 07:56:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/15/2017 07:56:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/15/2017 07:56:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/14/2017 10:43:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/14/2017 10:43:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/14/2017 10:43:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/14/2017 10:00:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (08/14/2017 10:00:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
    Percentage of memory in use: 73%
    Total physical RAM: 3977.68 MB
    Available physical RAM: 1042.21 MB
    Total Virtual: 5577.68 MB
    Available Virtual: 2154.13 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:194.76 GB) (Free:136.07 GB) NTFS
    Drive d: (X541UJ_WIN10_64_V2.00_Lite) (CDROM) (Total:2.65 GB) (Free:0 GB) UDF
    Drive f: (MUSTHAVE) (Fixed) (Total:244.14 GB) (Free:209.09 GB) NTFS
    Drive g: (WORK) (Fixed) (Total:244.14 GB) (Free:243.95 GB) NTFS
    Drive h: (DOWNLOADS) (Fixed) (Total:247.92 GB) (Free:226.07 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: D89045D1)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  6. #6
    Join Date
    Aug 2017
    Posts
    5
    Thanks.

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Welcome aboard

    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ==================================

    There is nothing wrong with 0.0.0.0 entries.
    They work pretty much the same as 127.0.0.1 entries, blocking all unwanted sites through "hosts" file.

    Is the computer having any issues?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •