Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.01.2019 01 Ran by Petrus (administrator) on PETRUS-PC (16-01-2019 23:23:35) Running from D:\Dowloads\apps Loaded Profiles: Petrus & UpdatusUser (Available Profiles: Petrus & UpdatusUser) Platform: Windows 7 Professional N Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Malwarebytes) D:\Malwarebytes\Anti-Malware\MBAMService.exe (VMware, Inc.) D:\VMWare\vmware-authd.exe () D:\VMWare\vmware-hostd.exe (Malwarebytes) D:\Malwarebytes\Anti-Malware\mbamtray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe (f.lux Software LLC) C:\Users\Petrus\AppData\Local\FluxSoftware\Flux\flux.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (VMware, Inc.) D:\VMWare\vmware-tray.exe (Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [BCSSync] => D:\Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [482024 2018-12-16] (Bitdefender) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [vmware-tray.exe] => D:\VMWare\vmware-tray.exe [111696 2013-10-18] (VMware, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation) HKU\S-1-5-21-2519034047-2250226979-2394731953-1000\...\Run: [f.lux] => C:\Users\Petrus\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (f.lux Software LLC) HKU\S-1-5-21-2519034047-2250226979-2394731953-1000\...\Run: [DAEMON Tools Lite] => D:\DAEMON\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd) HKU\S-1-5-21-2519034047-2250226979-2394731953-1000\...\MountPoints2: F - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\setup.hta HKU\S-1-5-21-2519034047-2250226979-2394731953-1000\...\MountPoints2: {33b92294-5a4e-11e5-8249-9c2a701aa298} - H:\LaunchU3.exe -a HKU\S-1-5-21-2519034047-2250226979-2394731953-1000\...\MountPoints2: {930da7e4-4cae-11e6-89cf-9c2a701aa298} - H:\HiSuiteDownLoader.exe HKU\S-1-5-21-2519034047-2250226979-2394731953-1000\...\MountPoints2: {f9d1aa3a-2ac8-11e3-a670-806e6f6e6963} - E:\AutoRun\AutoRunX\AutoRunX.exe HKU\S-1-5-21-2519034047-2250226979-2394731953-1003\...\Run: [DAEMON Tools Lite] => D:\DAEMON\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd) HKU\S-1-5-21-2519034047-2250226979-2394731953-1003\...\Run: [f.lux] => C:\Users\Petrus\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (f.lux Software LLC) HKU\S-1-5-21-2519034047-2250226979-2394731953-1003\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-2519034047-2250226979-2394731953-1003\...\MountPoints2: {f9d1aa3a-2ac8-11e3-a670-806e6f6e6963} - E:\AutoRun\AutoRunX\AutoRunX.exe HKLM\...\Drivers32-x32: [msacm.l3codec] => C:\Windows\SysWOW64\l3codecp.acm [284160 1997-04-07] (Fraunhofer Institut Integrierte Schaltungen IIS) HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-16] (Google Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{8B5013EB-7F97-4086-8113-3D08B452E6A8}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-16] (Bitdefender) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-16] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-16] (Oracle Corporation) BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-12-16] (Bitdefender) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll => No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2014-04-29] (FreeDownloadManager.ORG) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll => No File Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2018-12-16] (Bitdefender) Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2018-12-16] (Bitdefender) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies) FireFox: ======== FF DefaultProfile: 5ysdk9di.default-1547156508761 FF ProfilePath: C:\Users\Petrus\AppData\Roaming\Mozilla\Firefox\Profiles\5ysdk9di.default-1547156508761 [2019-01-10] FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2018-12-16] FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2018-10-15] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-18] () FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-16] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 -> D:\VLC\npvlc.dll [2018-08-10] (VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.4 -> D:\VLC\npvlc.dll [2018-08-10] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-18] () FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [No File] FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-12-04] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2519034047-2250226979-2394731953-1000: SkypePlugin -> C:\Users\Petrus\AppData\Local\SkypePlugin\7.31.0.56\npGatewayNpapi.dll [2017-02-03] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-2519034047-2250226979-2394731953-1000: SkypePlugin64 -> C:\Users\Petrus\AppData\Local\SkypePlugin\7.31.0.56\npGatewayNpapi-x64.dll [2017-02-03] (Skype Technologies S.A.) Chrome: ======= CHR DefaultProfile: Default CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\Petrus\AppData\Local\Google\Chrome\User Data\Default [2019-01-16] CHR Extension: (Dokumenty) - C:\Users\Petrus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14] CHR Extension: (uBlock Origin) - C:\Users\Petrus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-12-16] CHR Extension: (Video Downloader professional) - C:\Users\Petrus\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-12-26] CHR Extension: (Readium) - C:\Users\Petrus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2018-10-20] CHR Extension: (Bitdefender Wallet) - C:\Users\Petrus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2018-12-16] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Petrus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-09] CHR Extension: (Page Monitor) - C:\Users\Petrus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogeebjpdeabhncjpfhgdibjajcajepgg [2017-08-17] CHR Extension: (Chrome Media Router) - C:\Users\Petrus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-22] CHR Profile: C:\Users\Petrus\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-06] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [779152 2018-12-16] (Bitdefender) R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2195320 2018-03-22] (Bitdefender) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6877224 2019-01-11] () R2 MBAMService; D:\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1293936 2018-11-15] (Bitdefender) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) S2 SkypeUpdate; D:\Skype\Updater\Updater.exe [317400 2017-02-27] (Skype Technologies) R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [112656 2018-12-16] (Bitdefender) R2 VMAuthdService; D:\VMWare\vmware-authd.exe [86096 2013-10-18] (VMware, Inc.) R2 VMwareHostd; D:\VMWare\vmware-hostd.exe [14405200 2013-10-18] () R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [804656 2018-12-16] (Bitdefender) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S4 CLPSLauncher; "C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe" [X] S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [X] S4 GeekBuddyRSP; "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -service [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 atc; C:\Windows\System32\DRIVERS\atc.sys [1292296 2018-06-05] (BitDefender S.R.L. Bucharest, ROMANIA) R2 BdDci; C:\Windows\System32\DRIVERS\bddci.sys [156912 2018-10-31] (Bitdefender) R0 bdprivmon; C:\Windows\System32\DRIVERS\bdprivmon.sys [45728 2018-09-17] (© Bitdefender SRL) R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [96448 2018-04-27] (BitDefender) S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [59904 2015-01-26] (www.winchiphead.com) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-11] (Disc Soft Ltd) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2019-01-02] (Malwarebytes) R1 Gemma; C:\Windows\System32\DRIVERS\Gemma.sys [359584 2018-12-16] (BitDefender S.R.L. Bucharest, ROMANIA) R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [193184 2018-05-29] (BitDefender LLC) R2 Ignis; C:\Windows\System32\DRIVERS\ignis.sys [196352 2018-12-16] (Bitdefender) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198512 2019-01-02] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [126624 2019-01-11] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [72536 2019-01-11] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [261032 2019-01-11] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [103760 2019-01-16] (Malwarebytes) S3 mbedComposite; C:\Windows\System32\DRIVERS\mbedComposite_x64.sys [49200 2009-09-30] (ARM Ltd) S3 mbedSerial_x64; C:\Windows\System32\DRIVERS\mbedSerial_x64.sys [61488 2009-09-30] (ARM Ltd) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.) R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-02-14] (Synaptics Incorporated) S3 ssudeadb; C:\Windows\System32\Drivers\ssudeadb.sys [39192 2013-08-21] (Google Inc) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [204568 2013-08-21] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed] S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed] R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [609576 2018-06-28] (Bitdefender) R3 USBPcap; C:\Windows\System32\DRIVERS\USBPcap.sys [38456 2017-08-20] (USBPcap) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.) R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [273920 2014-10-26] (Jungo Connectivity) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-01-16 23:21 - 2019-01-16 23:23 - 000000000 ____D C:\FRST 2019-01-14 21:42 - 2019-01-14 21:46 - 000000000 ____D C:\Users\Petrus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.7 2019-01-14 21:42 - 2019-01-14 21:42 - 000000000 ____D C:\Users\Petrus\AppData\Local\Package Cache 2019-01-13 12:41 - 2019-01-13 12:41 - 000007770 _____ C:\Users\Petrus\AppData\Local\recently-used.xbel 2019-01-12 11:54 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2019-01-12 11:54 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2019-01-12 11:54 - 2007-06-20 20:45 - 000021352 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_2.dll 2019-01-12 11:54 - 2007-06-20 20:45 - 000018280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_2.dll 2019-01-12 11:54 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2019-01-12 11:54 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2019-01-12 11:54 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2019-01-12 11:54 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2019-01-12 11:54 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2019-01-12 11:54 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2019-01-12 11:54 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2019-01-12 11:54 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2019-01-12 11:54 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2019-01-12 11:54 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2019-01-12 11:54 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2019-01-12 11:54 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2019-01-12 11:54 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2019-01-12 11:54 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2019-01-12 11:54 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2019-01-12 11:54 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2019-01-12 11:54 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2019-01-12 11:54 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2019-01-12 11:54 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2019-01-12 11:54 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2019-01-12 11:54 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2019-01-12 11:54 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2019-01-12 11:54 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2019-01-12 11:54 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2019-01-12 11:54 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2019-01-12 11:54 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2019-01-12 11:54 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2019-01-12 11:54 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2019-01-12 11:54 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2019-01-12 11:54 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2019-01-12 11:54 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2019-01-12 11:54 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2019-01-12 11:54 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2019-01-12 11:54 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2019-01-12 11:54 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2019-01-12 11:54 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2019-01-12 11:54 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2019-01-12 11:54 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2019-01-12 11:54 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2019-01-12 11:54 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2019-01-12 11:54 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2019-01-12 11:54 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2019-01-12 11:54 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2019-01-12 11:54 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2019-01-12 11:54 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2019-01-12 11:54 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2019-01-12 11:54 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2019-01-12 11:54 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2019-01-12 11:54 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2019-01-12 11:54 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2019-01-12 11:54 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2019-01-12 11:54 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2019-01-12 11:54 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2019-01-12 11:54 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2019-01-12 11:54 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2019-01-12 11:54 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2019-01-12 11:54 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2019-01-12 11:54 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2019-01-12 11:47 - 2019-01-12 11:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolekcja Klasyki 2019-01-11 18:44 - 2019-01-16 21:51 - 000103760 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2019-01-11 18:44 - 2019-01-11 18:44 - 000261032 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-01-11 18:44 - 2019-01-11 18:44 - 000126624 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2019-01-11 18:44 - 2019-01-11 18:44 - 000072536 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2019-01-11 00:01 - 2019-01-11 00:01 - 000000000 ____D C:\Users\Petrus\AppData\Local\BattlEye 2019-01-10 23:55 - 2019-01-10 23:55 - 000000000 ____D C:\Users\Petrus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tibia 2019-01-10 22:41 - 2019-01-10 22:41 - 000000000 ____D C:\Users\Petrus\Desktop\Stare dane programu Firefox 2019-01-06 17:02 - 2019-01-06 17:03 - 000000000 ____D C:\Users\Petrus\Desktop\Calendar 2019 2019-01-02 20:41 - 2019-01-02 20:41 - 000413942 _____ C:\Users\Petrus\Desktop\CV_YAHOO_GREAT.pdf 2019-01-02 18:40 - 2019-01-02 18:40 - 000198512 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2019-01-02 01:28 - 2019-01-02 01:28 - 000000000 ____D C:\Users\Petrus\AppData\Local\mbam 2019-01-02 01:27 - 2019-01-02 18:39 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-01-02 01:27 - 2019-01-02 01:27 - 000000000 ____D C:\Users\Petrus\AppData\Local\mbamtray 2019-01-02 01:27 - 2019-01-02 01:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-01-02 01:27 - 2019-01-02 01:27 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-12-27 16:25 - 2018-12-27 16:25 - 000076896 _____ C:\ProgramData\agent.update.1545924287.bdinstall.v2.bin ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-01-16 23:09 - 2018-04-10 16:14 - 000000636 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2519034047-2250226979-2394731953-1000.job 2019-01-16 23:05 - 2018-04-10 16:14 - 000000540 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2519034047-2250226979-2394731953-1000.job 2019-01-13 13:27 - 2013-11-28 17:38 - 000000000 ____D C:\Users\Petrus\.gimp-2.8 2019-01-13 13:12 - 2009-07-14 05:50 - 000020336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-01-13 13:12 - 2009-07-14 05:50 - 000020336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-01-13 12:41 - 2013-11-28 17:42 - 000000000 ____D C:\Users\Petrus\AppData\Local\gtk-2.0 2019-01-12 13:44 - 2014-04-12 11:43 - 000000000 ____D C:\Users\Petrus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2019-01-12 11:47 - 2013-10-01 20:55 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2019-01-11 18:48 - 2018-10-20 11:32 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 2019-01-11 18:44 - 2014-02-06 14:15 - 000000000 ____D C:\ProgramData\VMware 2019-01-11 18:43 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-01-11 01:42 - 2018-10-06 20:04 - 000000000 ____D C:\Users\Petrus\AppData\Roaming\vlc 2019-01-10 22:48 - 2018-10-20 11:53 - 000012024 _____ C:\bdlog.txt 2019-01-10 22:46 - 2017-02-04 11:20 - 000000000 ____D C:\Users\Petrus\AppData\LocalLow\Mozilla 2019-01-10 22:41 - 2018-01-27 21:52 - 000000000 ____D C:\Program Files\Mozilla Firefox 2019-01-10 22:38 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF 2019-01-09 23:57 - 2009-07-14 06:12 - 000786002 _____ C:\Windows\system32\PerfStringBackup.INI 2019-01-09 23:57 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2019-01-05 13:23 - 2018-10-20 12:15 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2019-01-02 23:17 - 2013-10-01 21:23 - 000000000 ____D C:\ProgramData\APN 2018-12-31 18:51 - 2013-10-08 21:14 - 000000000 ____D C:\Users\Petrus\AppData\Local\ElevatedDiagnostics 2018-12-27 16:25 - 2018-10-20 11:30 - 000000000 ____D C:\Program Files\Bitdefender Agent 2018-12-22 19:53 - 2013-11-16 17:39 - 000000000 ____D C:\Users\Petrus\AppData\Roaming\JAM Software 2018-12-19 17:24 - 2015-03-21 10:57 - 000003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2018-12-19 17:24 - 2015-03-21 10:57 - 000003354 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2018-09-02 22:53 - 2018-09-02 22:53 - 000001891 _____ () C:\Users\Petrus\appFTS.js 2018-08-27 00:31 - 2018-08-27 00:31 - 000002170 _____ () C:\Users\Petrus\appQ.js 2018-05-31 22:52 - 2018-05-31 22:52 - 000001438 _____ () C:\Users\Petrus\app_AN.js 2018-09-02 13:47 - 2018-09-02 13:47 - 000001891 _____ () C:\Users\Petrus\app_backup_imp.js 2018-09-12 00:19 - 2018-09-12 00:19 - 000002005 _____ () C:\Users\Petrus\app_Beta1.js 2018-09-12 20:21 - 2018-09-12 20:21 - 000002083 _____ () C:\Users\Petrus\app_Beta2.js 2018-09-15 23:51 - 2018-09-15 23:51 - 000002211 _____ () C:\Users\Petrus\app_Beta3.js 2018-09-16 23:40 - 2018-09-16 23:40 - 000002377 _____ () C:\Users\Petrus\app_Beta4.js 2018-09-10 09:49 - 2018-09-10 09:49 - 000002005 _____ () C:\Users\Petrus\app_calc_finished.js 2018-05-22 20:13 - 2018-05-22 20:13 - 000001725 _____ () C:\Users\Petrus\app_copy.js 2018-05-25 21:27 - 2018-05-25 21:27 - 000001725 _____ () C:\Users\Petrus\app_copy_3.js 2018-10-18 20:54 - 2018-10-18 20:54 - 000002377 _____ () C:\Users\Petrus\app_final.js 2018-05-22 20:13 - 2018-05-22 20:13 - 000001165 _____ () C:\Users\Petrus\app_org_copy.js 2018-05-25 21:27 - 2018-05-25 21:27 - 000001165 _____ () C:\Users\Petrus\app_org_copy_3.js 2018-05-22 20:22 - 2018-05-22 20:22 - 000626744 _____ (Simon Tatham) C:\Users\Petrus\pscp.exe 2015-01-20 00:18 - 2015-01-20 00:18 - 000000999 _____ () C:\Users\Petrus\AppData\Roaming\CoolTerm_Prefs.plist 2018-10-27 21:44 - 2018-10-27 21:51 - 000000420 _____ () C:\Users\Petrus\AppData\Local\kdeglobals 2018-10-27 21:32 - 2018-10-28 13:53 - 000004832 _____ () C:\Users\Petrus\AppData\Local\kdenliverc 2015-09-15 08:07 - 2018-10-18 20:55 - 000000600 _____ () C:\Users\Petrus\AppData\Local\PUTTY.RND 2019-01-13 12:41 - 2019-01-13 12:41 - 000007770 _____ () C:\Users\Petrus\AppData\Local\recently-used.xbel 2014-12-30 15:45 - 2016-04-18 13:37 - 000007659 _____ () C:\Users\Petrus\AppData\Local\Resmon.ResmonCfg 2018-10-27 21:34 - 2018-10-27 21:34 - 000002678 _____ () C:\Users\Petrus\AppData\Local\user-places.xbel 2018-10-27 21:34 - 2018-10-27 21:32 - 000000533 _____ () C:\Users\Petrus\AppData\Local\user-places.xbel.bak 2018-10-27 21:34 - 2018-10-27 21:34 - 000000000 _____ () C:\Users\Petrus\AppData\Local\user-places.xbel.tbcache Some files in TEMP: ==================== 2010-03-11 21:13 - 2010-03-11 21:13 - 000174440 ____R (Microsoft Corporation) C:\Users\Petrus\AppData\Local\Temp\ose00000.exe 2012-02-29 21:45 - 2012-02-29 21:45 - 000457496 ____R (Macrovision Corporation) C:\Users\Petrus\AppData\Local\Temp\_isD681.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2019-01-13 13:05 ==================== End of FRST.txt ============================