Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2021 Ran by Dyfan (administrator) on SINBAD (13-05-2021 14:33:53) Running from C:\Users\Dyfan\Desktop Loaded Profiles: Dyfan Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\atiesrxx.exe (ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsAPHider\AsAPHider.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.) [File not signed] [File is in use] C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe (Code Sector -> ) C:\Program Files\TeraCopy\TeraCopyService.exe (Code Sector -> Code Sector Inc.) C:\Program Files (x86)\Direct Folders\df64.exe (Code Sector -> Code Sector) C:\Program Files (x86)\Direct Folders\df.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <19> (GuinpinSoft inc) [File not signed] C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe (JackettConsole) [File not signed] C:\ProgramData\Jackett\JackettConsole.exe (JackettService) [File not signed] C:\ProgramData\Jackett\JackettService.exe (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Open-Shell) [File not signed] C:\Program Files\Open-Shell\StartMenu.exe (Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe (Raxco Software, Inc. -> Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Open-Shell Start Menu] => C:\Program Files\Open-Shell\StartMenu.exe [216576 2020-09-26] (Open-Shell) [File not signed] HKLM\...\Run: [AsioReg] => REGSVR32.EXE /S CTASIO.DLL* HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277520 2021-01-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE* [19456 2007-04-09] () [File not signed] HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE* [19968 2007-04-09] () [File not signed] HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [PrivateFolder] => C:\Program Files (x86)\PrivateFolder\PF_Pass.exe [253504 2012-12-31] (eMing Software Inc. -> eMing Software Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-03-19] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [33698888 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\Policies\Explorer\DisallowRun: [1] irsetup.exe HKU\S-1-5-21-1704149506-1908064861-659173645-1001\...\MountPoints2: {2b13ba87-5fe2-11eb-825c-50465db36e87} - "G:\Setup.exe" HKU\S-1-5-21-1704149506-1908064861-659173645-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-29] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-18\...\Run: [DevconDefaultDB] => C:\WINDOWS\system32\READREG /SILENT /FAIL=1 HKLM\...\Windows x64\Print Processors\Canon MP560 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA0.DLL [28672 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MP560 series: C:\WINDOWS\system32\CNMLMA0.DLL [336896 2010-04-24] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-10] (Google LLC -> Google LLC) BootExecute: PDBoot.exeautocheck autochk * GroupPolicy: Restriction ? <==== ATTENTION HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {395C37E6-F737-42E3-87CC-6995B0CE846C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-25] (Google LLC -> Google LLC) Task: {5807951C-9665-4994-B992-DFE8BB56DB33} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-04-22] (Piriform Software Ltd -> Piriform) Task: {589EE948-D775-4ECF-9841-5C5C4484EE31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2021-01-25] (Google LLC -> Google LLC) Task: {96105BC3-AFEE-47A7-8891-D5695DCAFAA5} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-04-29] (Garmin International, Inc. -> ) Task: {B3DDBA0C-2045-433C-82BA-A3D7B3E29004} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28082760 2021-04-22] (Piriform Software Ltd -> Piriform Software Ltd) Task: {C38DB12F-6996-49D9-A354-E58EA55CD46E} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe Task: {CD8993E1-0076-4DC4-9D2D-731B3BD5EAE8} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2935424 2012-03-13] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) Task: {CF79DC15-CE26-488D-99B8-BDBF722552B4} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [743488 2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab) Task: {FE988C55-483B-4B7F-B571-8251A053352D} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-05-11] () [File not signed] (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{FB23B534-7674-410D-9BF6-24D3C4A67BF6}: [DhcpNameServer] 192.168.1.1 192.168.1.1 HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.1.2,1] FireFox: ======== FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => not found FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-03-26] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-03-26] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.13 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN) Chrome: ======= CHR Profile: C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default [2021-05-13] CHR DownloadDir: H:\FRD CHR Notifications: Default -> hxxps://loadsite.online; hxxps://mail.protonmail.com; hxxps://mail.yandex.com; hxxps://www.enjoythemusic.net CHR Extension: (uBlock Origin) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-05-09] CHR Extension: (Strong Password Generator) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\emehklffcaphknhhfhadkjhpfapcbpco [2021-01-25] CHR Extension: (I don't care about cookies) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2021-04-17] CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2021-01-25] CHR Extension: (IBA Opt-out (by Google)) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2021-01-26] CHR Extension: (Protect My Choices) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgloanjhdcenjgiafkpbehddcnonlic [2021-02-07] CHR Extension: (Chrome Web Store Payments) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Extension: (Chrome Media Router) - C:\Users\Dyfan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-15] CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] (ASUSTeK Computer Inc. -> ) R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2021-01-25] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2021-01-25] (ASUSTeK Computer Inc.) [File not signed] [File is in use] R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [384280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 CdRomArbiterService; C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe [8704 2021-01-26] (GuinpinSoft inc) [File not signed] R2 Jackett; C:\ProgramData\Jackett\JackettService.exe [405504 2021-05-12] (JackettService) [File not signed] S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) S2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [646520 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-09] (Malwarebytes Inc -> Malwarebytes) R2 TeraCopyService.exe; C:\Program Files\TeraCopy\TeraCopyService.exe [114384 2021-04-21] (Code Sector -> ) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] (ASUSTeK Computer Inc. -> ) R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 COMMONFX.DLL; C:\WINDOWS\System32\COMMONFX.DLL [151296 2007-04-12] (Creative -> Creative Technology Ltd) S3 CT20XUT.DLL; C:\WINDOWS\System32\CT20XUT.DLL [252712 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd.) R3 CTAUDFX.DLL; C:\WINDOWS\System32\CTAUDFX.DLL [700200 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd) S3 CTEAPSFX.DLL; C:\WINDOWS\System32\CTEAPSFX.DLL [219432 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd) S3 CTEDSPFX.DLL; C:\WINDOWS\System32\CTEDSPFX.DLL [321832 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd) S3 CTEDSPIO.DLL; C:\WINDOWS\System32\CTEDSPIO.DLL [190248 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd) S3 CTEDSPSY.DLL; C:\WINDOWS\System32\CTEDSPSY.DLL [363304 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd) S3 CTERFXFX.DLL; C:\WINDOWS\System32\CTERFXFX.DLL [142120 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd) S3 CTEXFIFX.DLL; C:\WINDOWS\System32\CTEXFIFX.DLL [1571112 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd.) R3 ctgame; C:\WINDOWS\system32\DRIVERS\ctgame.sys [28544 2015-07-01] (Creative Technology Ltd -> Creative Technology Ltd.) S3 CTHWIUT.DLL; C:\WINDOWS\System32\CTHWIUT.DLL [123688 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd.) R3 CTSBLFX.DLL; C:\WINDOWS\System32\CTSBLFX.DLL [681256 2007-04-10] (Creative Labs Inc -> Creative Technology Ltd) R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab) R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [657696 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1400600 2021-03-15] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [96008 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 kltap; C:\WINDOWS\system32\DRIVERS\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project) R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [245752 2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [283144 2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab) R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [108576 2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [216576 2021-05-13] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-05-13] (Malwarebytes Inc -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-01-26] (Malwarebytes Inc -> Malwarebytes) R1 PFolder; C:\WINDOWS\System32\Drivers\PFolder64.sys [57832 2012-12-31] (eMing Software Inc. -> eMing Software Inc.) S3 rtdrm; C:\WINDOWS\System32\drivers\rtdrm64.sys [19656 2021-01-23] (TenAsys Corporation -> TenAsys Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-13 14:33 - 2021-05-13 14:34 - 000019621 _____ C:\Users\Dyfan\Desktop\FRST.txt 2021-05-13 14:32 - 2021-05-13 14:34 - 000000000 ____D C:\FRST 2021-05-13 14:30 - 2021-05-13 14:30 - 002299392 _____ (Farbar) C:\Users\Dyfan\Desktop\FRST64.exe 2021-05-13 13:35 - 2021-05-13 13:35 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-05-13 11:31 - 2021-05-13 11:31 - 000235730 _____ C:\TDSSKiller.3.1.0.28_13.05.2021_11.31.01_log.txt 2021-05-13 11:26 - 2021-05-13 11:26 - 000283144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys 2021-05-13 11:20 - 2021-05-13 11:20 - 000245752 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys 2021-05-13 11:20 - 2021-05-13 11:20 - 000216576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys 2021-05-13 11:20 - 2021-05-13 11:20 - 000108576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys 2021-05-13 11:20 - 2021-05-13 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN 2021-05-13 11:20 - 2021-05-13 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Cloud 2021-05-13 11:19 - 2021-05-13 11:20 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2021-05-13 11:19 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll 2021-05-13 11:19 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys 2021-05-13 11:19 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys 2021-05-13 11:04 - 2021-05-13 11:09 - 000000013 _____ C:\ProgramData\krosqm.txt 2021-05-12 16:12 - 2021-05-12 16:12 - 024514956 _____ C:\Users\Dyfan\Documents\E8021_F2A85-V_PRO.pdf 2021-05-12 15:17 - 2021-05-12 15:38 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Direct Folders 2021-05-12 15:17 - 2021-05-12 15:17 - 000001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Direct Folders.lnk 2021-05-12 15:17 - 2021-05-12 15:17 - 000000000 ____D C:\Program Files (x86)\Direct Folders 2021-05-12 14:37 - 2021-05-12 14:37 - 000000000 ____D C:\Users\Dyfan\AppData\Local\calibre-ebook.com 2021-05-12 14:37 - 2021-05-12 14:37 - 000000000 ____D C:\Users\Dyfan\AppData\Local\cache 2021-05-12 13:59 - 2021-05-12 13:59 - 000637646 _____ C:\Users\Dyfan\Documents\Jennifer's Body (2009).XtoDVD 2021-05-12 12:36 - 2021-05-12 12:36 - 000234816 _____ C:\TDSSKiller.3.1.0.28_12.05.2021_12.36.07_log.txt 2021-05-12 10:09 - 2021-04-06 07:51 - 001678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-05-11 15:01 - 2021-05-11 15:01 - 000000958 _____ C:\Users\Dyfan\Documents\jennifer's body unrated.txt 2021-05-10 11:20 - 2021-05-10 11:20 - 000000000 ____D C:\Users\Dyfan\AppData\Local\Fredrik_Blomqvist 2021-05-09 20:20 - 2021-05-09 20:20 - 000000000 ____D C:\Users\Dyfan\Desktop\mkvtoolnix-64-bit-56.1.0 2021-05-08 10:26 - 2021-05-13 13:42 - 000000000 ____D C:\Users\Dyfan\AppData\LocalLow\IGDump 2021-05-08 10:23 - 2021-05-08 10:23 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.9 2021-05-08 10:23 - 2021-05-08 10:23 - 000000000 ____D C:\Users\Dyfan\AppData\Local\Package Cache 2021-05-07 23:38 - 2021-05-07 23:38 - 000000000 ____D C:\Users\Dyfan\Documents\Audacity 2021-05-07 18:11 - 2021-05-12 11:39 - 000000000 ____D C:\ProgramData\Jackett 2021-05-07 18:11 - 2021-05-07 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jackett 2021-05-05 11:22 - 2021-05-05 11:22 - 000000000 ____D C:\Users\Dyfan\AppData\Local\Kaspersky Lab 2021-05-04 12:47 - 2021-05-04 12:47 - 000000000 ____D C:\Users\Default\AppData\Local\Kaspersky Lab 2021-05-03 17:35 - 2021-05-03 17:35 - 000924336 _____ (Python Software Foundation) C:\WINDOWS\pyw.exe 2021-05-03 17:35 - 2021-05-03 17:35 - 000924336 _____ (Python Software Foundation) C:\WINDOWS\py.exe 2021-05-03 17:35 - 2021-05-03 17:35 - 000058032 _____ (Python Software Foundation) C:\WINDOWS\pyshellext.amd64.dll 2021-05-03 13:13 - 2021-05-03 13:13 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Digiarty 2021-05-03 13:13 - 2021-05-03 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty 2021-05-03 13:13 - 2021-05-03 13:13 - 000000000 ____D C:\Program Files (x86)\Digiarty 2021-05-03 10:16 - 2021-05-03 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2021-05-03 10:16 - 2021-05-03 10:16 - 000000000 ____D C:\Program Files\qBittorrent 2021-05-02 11:48 - 2021-05-02 11:48 - 000000086 _____ C:\Users\Dyfan\Documents\This Is The Zodiak Speaking.txt 2021-05-02 10:20 - 2021-05-02 10:27 - 000000000 ____D C:\Users\Dyfan\AppData\Local\EZ CD Audio Converter 2021-05-02 10:20 - 2021-05-02 10:21 - 000000000 ____D C:\Program Files\EZ CD Audio Converter 2021-05-02 10:20 - 2021-05-02 10:20 - 000000899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZ CD Audio Converter.lnk 2021-05-02 10:20 - 2021-05-02 10:20 - 000000000 ____D C:\ProgramData\EZ CD Audio Converter 2021-05-01 14:06 - 2021-05-12 13:53 - 000000000 ____D C:\Users\Dyfan\Documents\ConvertXtoDVD_Resources 2021-05-01 14:04 - 2021-05-12 23:35 - 000000000 ____D C:\ProgramData\VSO 2021-05-01 14:04 - 2021-05-12 13:58 - 000000000 ____D C:\Users\Dyfan\Documents\ConvertXToDVD 2021-05-01 14:04 - 2021-05-01 14:06 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\VSO 2021-05-01 14:04 - 2021-05-01 14:04 - 000099384 _____ C:\Users\Dyfan\AppData\Roaming\inst.exe 2021-05-01 14:04 - 2021-05-01 14:04 - 000082816 _____ (VSO Software) C:\Users\Dyfan\AppData\Roaming\pcouffin.sys 2021-05-01 14:04 - 2021-05-01 14:04 - 000007859 _____ C:\Users\Dyfan\AppData\Roaming\pcouffin.cat 2021-05-01 14:04 - 2021-05-01 14:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO 2021-05-01 14:04 - 2021-05-01 14:04 - 000000000 ____D C:\Program Files (x86)\VSO 2021-04-30 09:35 - 2021-04-30 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2021-04-29 11:35 - 2021-05-13 14:30 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\TeraCopy 2021-04-29 11:35 - 2021-04-29 11:35 - 000000919 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy.lnk 2021-04-29 11:35 - 2021-04-29 11:35 - 000000000 ____D C:\ProgramData\Code Sector 2021-04-29 11:35 - 2021-04-29 11:35 - 000000000 ____D C:\ProgramData\Caphyon 2021-04-29 11:35 - 2021-04-29 11:35 - 000000000 ____D C:\Program Files\TeraCopy 2021-04-28 21:42 - 2021-05-06 22:41 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\dvdcss 2021-04-26 08:53 - 2021-04-26 08:57 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\XMedia Recode 2021-04-26 08:44 - 2021-04-26 08:44 - 000000000 ____D C:\Users\Dyfan\AppData\Local\RadeonInstaller 2021-04-26 08:44 - 2021-04-26 08:44 - 000000000 ____D C:\ProgramData\AMD 2021-04-26 08:44 - 2021-04-26 08:44 - 000000000 ____D C:\AMD 2021-04-25 17:32 - 2021-04-25 17:32 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Hard Disk Sentinel 2021-04-25 17:31 - 2021-04-26 07:53 - 000000000 ____D C:\Program Files (x86)\Hard Disk Sentinel 2021-04-25 17:31 - 2021-04-25 17:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel 2021-04-25 12:09 - 2021-04-25 12:09 - 018869868 _____ C:\Users\Dyfan\Desktop\mkvtoolnix-64-bit-56.1.0.7z 2021-04-25 11:58 - 2021-04-25 11:58 - 000000000 ____D C:\Users\Dyfan\ultracopier 2021-04-24 16:21 - 2021-04-25 10:50 - 000000000 ____D C:\Program Files (x86)\KillSoft 2021-04-21 21:11 - 2021-04-21 21:11 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\TagScanner 2021-04-21 21:11 - 2021-04-21 21:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner 2021-04-21 21:11 - 2021-04-21 21:11 - 000000000 ____D C:\Program Files\TagScanner 2021-04-21 21:10 - 2021-04-21 21:10 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\TagScanner_old 2021-04-20 13:54 - 2021-04-20 13:54 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\MAAT 2021-04-20 13:54 - 2021-04-20 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAAT 2021-04-20 13:54 - 2021-04-20 13:54 - 000000000 ____D C:\Program Files\MAAT 2021-04-20 13:54 - 2021-04-20 13:54 - 000000000 ____D C:\Program Files\Common Files\MAAT 2021-04-18 14:40 - 2021-04-18 14:40 - 000000630 _____ C:\Users\Dyfan\Desktop\Temp - Shortcut.lnk 2021-04-17 22:06 - 2021-04-17 22:06 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\r128gain 2021-04-17 13:01 - 2021-04-17 13:01 - 000000000 ____D C:\ProgramData\ASUS OC Profiles 2021-04-14 13:41 - 2021-04-14 13:41 - 000000000 ____D C:\Users\Dyfan\AppData\Local\IsolatedStorage ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-05-13 14:29 - 2021-01-25 17:11 - 000000000 ____D C:\Users\Dyfan\AppData\Local\OpenShell 2021-05-13 14:22 - 2021-01-25 22:37 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\qBittorrent 2021-05-13 13:46 - 2021-01-25 20:26 - 000000000 ____D C:\ProgramData\FanXpert2 2021-05-13 12:46 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\rescache 2021-05-13 12:40 - 2021-01-25 17:06 - 000003598 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1704149506-1908064861-659173645-1001 2021-05-13 11:39 - 2021-01-25 21:27 - 000000000 ____D C:\Program Files\CCleaner 2021-05-13 11:35 - 2021-01-25 16:56 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2021-05-13 11:35 - 2013-08-22 15:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-05-13 11:20 - 2021-01-25 21:07 - 000003032 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2021-05-13 11:20 - 2021-01-25 21:07 - 000000000 ____D C:\Program Files\Common Files\AV 2021-05-13 11:20 - 2021-01-25 21:06 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab 2021-05-13 11:20 - 2013-08-22 14:36 - 000000000 ____D C:\WINDOWS\Inf 2021-05-13 11:19 - 2013-08-22 16:36 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-05-13 11:19 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\ELAM 2021-05-13 11:12 - 2021-01-25 17:09 - 000003918 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{29C36ED8-C146-4CB0-97F8-C03FE50B218A} 2021-05-13 11:06 - 2021-01-26 11:14 - 000000000 ____D C:\Users\Dyfan\AppData\LocalLow\Mozilla 2021-05-13 11:06 - 2013-08-22 14:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI 2021-05-13 10:10 - 2021-01-28 19:30 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\MPC-HC 2021-05-12 23:35 - 2021-01-26 00:36 - 000000000 ____D C:\Users\Dyfan\AppData\Local\Everything 2021-05-12 23:35 - 2021-01-25 21:16 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Everything 2021-05-12 22:45 - 2021-01-25 21:56 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\foobar2000 2021-05-12 22:23 - 2021-02-01 14:06 - 000000000 ____D C:\Users\Dyfan\Documents\ShareX 2021-05-12 19:43 - 2021-02-02 13:37 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\vlc 2021-05-12 14:45 - 2021-02-01 14:01 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\calibre 2021-05-12 14:44 - 2021-02-01 14:03 - 000000000 ____D C:\Users\Dyfan\AppData\Local\calibre-cache 2021-05-12 10:37 - 2013-08-22 15:44 - 000337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-05-12 10:36 - 2014-03-18 15:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB 2021-05-12 10:20 - 2013-08-22 16:20 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-05-12 10:19 - 2021-01-25 18:09 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-05-12 10:15 - 2021-01-25 18:08 - 132732536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-05-11 20:50 - 2021-03-29 21:13 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\HandBrake 2021-05-11 15:20 - 2021-01-26 15:16 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Mp3tag 2021-05-11 14:27 - 2021-01-25 23:15 - 000000697 _____ C:\Users\Dyfan\Desktop\rush reissues.txt 2021-05-10 21:20 - 2021-01-25 17:38 - 000002190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-05-10 11:04 - 2021-01-26 14:15 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\audacity 2021-05-09 10:52 - 2021-01-26 13:03 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-05-09 10:51 - 2021-01-26 13:03 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-05-08 10:23 - 2021-01-26 00:49 - 000000000 ____D C:\ProgramData\Package Cache 2021-05-07 22:54 - 2021-01-26 14:12 - 000000000 ____D C:\Program Files (x86)\Audacity 2021-05-06 22:00 - 2021-03-31 19:48 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\FFBatch 2021-05-05 15:18 - 2021-01-25 22:45 - 000000000 ____D C:\ProgramData\TEMP 2021-05-05 15:18 - 2021-01-25 22:45 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster 2021-05-04 23:32 - 2021-02-06 00:33 - 000000000 ____D C:\Users\Dyfan\AppData\Local\CrashDumps 2021-05-03 18:17 - 2021-03-16 12:42 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\ImgBurn 2021-05-02 12:25 - 2021-02-06 22:51 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\XRECODE3 2021-05-02 11:41 - 2021-01-26 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2021-05-02 11:41 - 2021-01-26 13:06 - 000000000 ____D C:\Program Files (x86)\Calibre2 2021-04-30 09:35 - 2021-01-26 00:54 - 000000000 ____D C:\ProgramData\Garmin 2021-04-30 09:35 - 2021-01-26 00:49 - 000003554 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask 2021-04-30 09:35 - 2021-01-26 00:49 - 000000000 ____D C:\Program Files (x86)\Garmin 2021-04-30 09:29 - 2021-01-25 21:27 - 000003870 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-04-28 22:50 - 2021-01-28 20:07 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\CUE Tools 2021-04-26 08:44 - 2021-01-28 16:27 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Mozilla 2021-04-26 08:44 - 2021-01-25 16:54 - 000000000 ____D C:\Program Files\AMD 2021-04-25 16:33 - 2021-01-25 17:01 - 000000000 ____D C:\Users\Dyfan 2021-04-24 15:04 - 2021-04-03 22:55 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\BatchEncoder 2021-04-24 12:55 - 2021-01-27 12:24 - 000034240 _____ C:\WINDOWS\system32\BMXStateBkp-{00000001-00000000-00000005-00001102-00000004-20021102}.rfx 2021-04-24 12:55 - 2021-01-27 12:24 - 000034240 _____ C:\WINDOWS\system32\BMXState-{00000001-00000000-00000005-00001102-00000004-20021102}.rfx 2021-04-24 12:55 - 2021-01-27 12:24 - 000030528 _____ C:\WINDOWS\system32\BMXCtrlState-{00000001-00000000-00000005-00001102-00000004-20021102}.rfx 2021-04-24 12:55 - 2021-01-27 12:24 - 000030528 _____ C:\WINDOWS\system32\BMXBkpCtrlState-{00000001-00000000-00000005-00001102-00000004-20021102}.rfx 2021-04-24 12:55 - 2021-01-27 12:24 - 000011564 _____ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000005-00001102-00000004-20021102}.rfx 2021-04-20 22:33 - 2021-01-26 14:12 - 000001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2021-04-20 21:13 - 2021-01-25 17:33 - 000003332 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-04-20 21:13 - 2021-01-25 17:33 - 000003204 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-04-17 23:46 - 2021-01-26 22:47 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\dBpoweramp 2021-04-17 13:13 - 2021-01-25 18:39 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2021-04-17 13:07 - 2021-01-25 18:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\ASUS 2021-04-17 13:07 - 2021-01-25 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS 2021-04-16 10:08 - 2021-03-31 18:18 - 000000000 ____D C:\Users\Dyfan\AppData\Local\clever_FFmpeg_GUI 2021-04-13 22:24 - 2014-03-18 16:26 - 000865068 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-04-13 10:41 - 2021-01-25 22:00 - 000000000 ____D C:\Users\Dyfan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-04-13 10:41 - 2021-01-25 22:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2021-04-13 10:40 - 2021-01-25 22:00 - 000000000 ____D C:\Program Files\WinRAR ==================== Files in the root of some directories ======== 2021-05-01 14:04 - 2021-05-01 14:04 - 000099384 _____ () C:\Users\Dyfan\AppData\Roaming\inst.exe 2021-05-01 14:04 - 2021-05-01 14:04 - 000007859 _____ () C:\Users\Dyfan\AppData\Roaming\pcouffin.cat 2021-05-01 14:04 - 2021-05-01 14:04 - 000001167 _____ () C:\Users\Dyfan\AppData\Roaming\pcouffin.inf 2021-05-01 14:04 - 2021-05-01 14:04 - 000000055 _____ () C:\Users\Dyfan\AppData\Roaming\pcouffin.log 2021-05-01 14:04 - 2021-05-01 14:04 - 000082816 _____ (VSO Software) C:\Users\Dyfan\AppData\Roaming\pcouffin.sys ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2021-05-08 11:22 ==================== End of FRST.txt ========================