Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by I063859 (administrator) on BRUN33443381A (03-12-2017 10:06:05)
Running from C:\Users\i063859\Desktop
Loaded Profiles: I063859 (Available Profiles: I063859)
Platform: Windows 10 Enterprise Version 1511 10586.1176 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett Packard Enterprise Development LP.) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5CredMgrSrv.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5FltSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5InstallerService.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5TrafficSrv.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(McAfee LLC.) C:\Program Files\McAfee\Agent\masvc.exe
(ForeScout) C:\Windows\Temp\fstmp\fsprocsvc.exe
() C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe
(F5 Networks, Inc.) C:\Windows\SysWOW64\F5MachineCertService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(McAfee LLC.) C:\Program Files\McAfee\Agent\macmnsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(iPass Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\omsi\iPlatformService.exe
(ForeScout Technologies, Inc.) C:\Program Files\ForeScout SecureConnector\SecureConnector.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(SAP) C:\SAP\scc20\SCCHost.exe
(SAP SE) C:\Program Files\SAP-IT\RaccountSE\RaccountSE_WindowsService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(SAP) C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbusagent.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(McAfee LLC) C:\Windows\System32\mfevtps.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe
(iPass Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\omsi\iPlatformHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\Data_Exchange_Layer\bin\dxlservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\Endpoint Security\Firewall\mfefw.exe
(McAfee, Inc.) C:\Program Files\McAfee\Endpoint Security\Adaptive Threat Protection\mfeatp.exe
(McAfee, Inc.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfetp.exe
(iPass Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\iMobilityService.exe
(McAfee LLC.) C:\Program Files\McAfee\Agent\x86\macompatsvc.exe
(McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mfemactl.exe
(McAfee LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfecanary.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(iPass Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\omsi\iPlatformHost.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(VASCO Data Security) C:\Users\i063859\AppData\Local\VASCO\NativeBridge\digipass-nativebridge-monitor.exe
(VASCO Data Security) C:\Users\i063859\AppData\Local\VASCO\NativeBridge\digipass-nativebridge.exe
(SAP) C:\Program Files (x86)\SAP\Skype Quality Adviser\SkypeQualityAdviser.exe
(Autonomy Inc.) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe
(McAfee LLC.) C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe
(McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mctray.exe
(iPass, Inc.) C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\iMobility.exe
(SAP) C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ForeScout Technologies, Inc.) C:\Program Files\ForeScout SecureConnector\SecureConnector.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AgentUiRunKey] => C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe [1422576 2015-10-28] (Autonomy Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe [532184 2017-06-14] (McAfee LLC.)
HKLM-x32\...\Run: [OMClient] => C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\iMobility.exe [1144136 2017-02-06] (iPass, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SBUSGUI] => C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbus.exe [626600 2017-08-24] (SAP)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [556136 2017-08-02] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [403048 2017-08-02] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318112 2017-11-15] (Samsung Electronics Co., Ltd.)
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [24271048 2017-09-12] (Microsoft Corporation)
HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\Run: [DigipassNativeBridge] => C:\Users\i063859\AppData\Local\VASCO\NativeBridge\digipass-nativebridge-monitor.exe [108592 2016-09-06] (VASCO Data Security)
HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1023648 2017-11-15] (Samsung)
HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\Policies\system: [HideLegacyLogonScripts] 1
HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\MountPoints2: {67249d21-a4d3-11e6-ad85-cc3d82d8c46b} - "E:\autorun.exe" 
HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\MountPoints2: {67249fb7-a4d3-11e6-ad85-cc3d82d8c46b} - "E:\autorun.exe" 
HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\MountPoints2: {862b59dc-cb4e-11e6-ad8c-cc3d82d8c46b} - "E:\autorun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Skype Quality Adviser.lnk [2017-05-20]
ShortcutTarget: Skype Quality Adviser.lnk -> C:\Windows\Installer\{BD1C5F81-2AE5-477B-8BC5-8D52394DD0CF}\adviser.ico ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [.DEFAULT] => proxy:8080
AutoConfigURL: [.DEFAULT] => hxxp://proxy:8083/
ProxyServer: [S-1-5-21-74642-3284969411-2123768488-96017] => proxy:8080
AutoConfigURL: [S-1-5-21-74642-3284969411-2123768488-96017] => hxxp://proxy:8083/
Hosts: 54.87.174.2 vhcals4hci vhcals4hci.dummy.nodomain 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0835b767-0ed1-4a33-9fba-f545fe7a395b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8d9901e4-02bf-48dd-9153-ebfa0b1f4e09}: [DhcpNameServer] 172.18.12.1
ManualProxies: 0hxxp://proxy:8083/

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-74642-3284969411-2123768488-96017\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-74642-3284969411-2123768488-96017\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-74642-3284969411-2123768488-96017\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://portal.wdf.sap.corp
SearchScopes: HKLM-x32 -> DefaultScope {E24C52F5-9946-420D-BCA0-55923A165A41} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {E24C52F5-9946-420D-BCA0-55923A165A41} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-74642-3284969411-2123768488-96017 -> DefaultScope {E24C52F5-9946-420D-BCA0-55923A165A41} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-74642-3284969411-2123768488-96017 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-74642-3284969411-2123768488-96017 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-74642-3284969411-2123768488-96017 -> {3319A3A7-153D-4D87-9F41-58841D57F3D8} URL = hxxps://people.wdf.sap.corp/search#/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-74642-3284969411-2123768488-96017 -> {52052DF6-619F-4D0A-9976-A893111E279D} URL = hxxps://search.wdf.sap.corp/ui?query={searchTerms}
SearchScopes: HKU\S-1-5-21-74642-3284969411-2123768488-96017 -> {C06F6866-75E1-45D4-8129-8936A4D98768} URL = hxxps://service.sap.com/sap/support/notes/{searchTerms}
SearchScopes: HKU\S-1-5-21-74642-3284969411-2123768488-96017 -> {E24C52F5-9946-420D-BCA0-55923A165A41} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-11-29] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-29] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation)
BHO-x32: PDF-XChange V6 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange 6\PXCIEAddin6.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-29] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-29] (Oracle Corporation)
Toolbar: HKLM-x32 - PDF-XChange V6 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 6\PXCIEAddin6.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.)
DPF: HKLM-x32 {00627E89-A19D-4A2B-938B-059CB7B1B493} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5certchk.cab
DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} file://C:/Program Files (x86)/F5 VPN/F5_TMP/cachecleaner.cab
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Windows\TEMP\f5tmp\urxvpn.cab
DPF: HKLM-x32 {2c8ffa64-e3f7-49ae-87c2-49018fde3aea} file://C:/Program Files (x86)/F5 VPN/F5_TMP/OesisInspector.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Windows\TEMP\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} file://C:/Program Files (x86)/F5 VPN/F5_TMP/InstallerControl.cab
DPF: HKLM-x32 {57C76689-F052-487B-A19F-855AFDDF28EE} C:\Windows\TEMP\f5tmp\f5InspectionHost.cab
DPF: HKLM-x32 {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} file://C:/Program Files (x86)/F5 VPN/F5_TMP/vdeskctrl.cab
DPF: HKLM-x32 {8F6AFB67-F834-4227-94A7-A51377E0678E} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5GroupPolicyAgent.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} file://C:/Program Files (x86)/F5 VPN/F5_TMP/urxshost.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://webmeeting.solar.eu/client/T27LD/webex/ieatgpc.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Windows\TEMP\f5tmp\urxhost.cab
DPF: HKLM-x32 {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} file://C:/Program Files (x86)/F5 VPN/F5_TMP/f5syschk.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-08-30] (Microsoft Corporation)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2017-02-01] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2017-02-01] (SAP, Walldorf)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-08-02] (Citrix Systems, Inc.)

FireFox:
========
FF DefaultProfile: y9a19kzl.default
FF ProfilePath: C:\Users\i063859\AppData\Roaming\Mozilla\Firefox\Profiles\y9a19kzl.default [2017-11-16]
FF Extension: (Video DownloadHelper) - C:\Users\i063859\AppData\Roaming\Mozilla\Firefox\Profiles\y9a19kzl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-09-16] [Lagacy]
FF Extension: (Flash and Video Download) - C:\Users\i063859\AppData\Roaming\Mozilla\Firefox\Profiles\y9a19kzl.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-09-16] [Lagacy]
FF Extension: (Adblock Plus) - C:\Users\i063859\AppData\Roaming\Mozilla\Firefox\Profiles\y9a19kzl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-09-16] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF Extension: (Belgium eID) - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2016-08-30] [Lagacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-29] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-29] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2017-08-02] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-08-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\i063859\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-09-20] (Cisco WebEx LLC)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\local-settings.js [2017-03-22] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2017-03-22] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2017-07-04] <==== ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2017-07-04] <==== ATTENTION

Chrome: 
=======
CHR Profile: C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default [2017-12-03]
CHR Extension: (No Name) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (No Name) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\agicnfmechmlphpjmeefookfjhifbmhi [2017-12-03]
CHR Extension: (No Name) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (No Name) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-30]
CHR Extension: (No Name) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-30]
CHR Extension: (JSONView) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2017-01-09]
CHR Extension: (No Name) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Postman) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2017-10-27]
CHR Extension: (No Name) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-31]
CHR Extension: (Arabic) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-28]
CHR Extension: (Markdown Reader) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpoigdifkoadgajcincpilkjmejcaanc [2017-11-14]
CHR Extension: (Advanced REST client) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmloofddffdnphfgcellkdfbfbjeloo [2017-11-18]
CHR Extension: (No Name) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-07-15]
CHR Extension: (mydlink services plugin) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb [2017-05-23]
CHR Extension: (Video DownloadHelper) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2017-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (No Name) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-30]
CHR Extension: (Chrome Media Router) - C:\Users\i063859\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-17]
CHR HKLM-x32\...\Chrome\Extension: [kadalpbldokjhijcgndnldpheokmaeje] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgentService; C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [7333104 2015-10-28] (Hewlett Packard Enterprise Development LP.)
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1783200 2017-02-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042544 2017-03-14] (Microsoft Corporation)
S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [699808 2017-02-28] (Microsoft Corporation)
R2 F5 Networks Component Installer; C:\Windows\SysWOW64\F5InstallerService.exe [529888 2017-04-04] (F5 Networks, Inc.)
R2 F5CredMgrSrv; C:\Windows\SysWOW64\F5CredMgrSrv.exe [223200 2016-07-26] (F5 Networks, Inc.)
R2 F5FltSrv; C:\Windows\SysWOW64\F5FltSrv.exe [439264 2017-04-04] (F5 Networks, Inc.)
R2 F5TrafficSrv; C:\Windows\SysWOW64\F5TrafficSrv.exe [217568 2016-07-26] (F5 Networks, Inc.)
R2 fsprocsvc; C:\Windows\TEMP\fstmp\fsprocsvc.exe [264152 2017-06-17] (ForeScout)
R2 hpDiscAgent; C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe [1007560 2016-12-05] ()
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [164968 2015-11-16] (Intel Corporation)
S4 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-07-30] (Intel Corporation)
R3 iMobilityService; C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\iMobilityService.exe [35144 2017-02-06] (iPass Inc.)
R2 iPlatformService; C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\omsi\iPlatformService.exe [26952 2017-02-06] (iPass Inc.)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50360 2016-09-18] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50360 2016-09-18] (Microsoft Corporation)
R2 MachineCertService; C:\Windows\SysWOW64\F5MachineCertService.exe [446432 2017-04-04] (F5 Networks, Inc.)
R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [121648 2017-06-14] (McAfee LLC.)
R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [64384 2017-06-14] (McAfee LLC.)
R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [323304 2014-03-04] (Microsoft Corporation)
R3 McAfeeFramework; C:\Program Files\McAfee\Agent\x86\macompatsvc.exe [223376 2017-06-14] (McAfee LLC.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242624 2017-08-09] (McAfee LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [393152 2017-08-09] (McAfee LLC)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [345024 2017-08-09] (McAfee LLC)
R2 O2FLASH; C:\Windows\System32\drivers\o2flash.exe [82096 2015-05-21] (BayHubTech/O2Micro International)
R2 RaccountSeService; C:\Program Files\SAP-IT\RaccountSE\RaccountSE_WindowsService.exe [28672 2015-05-20] (SAP SE) [File not signed]
R2 SAP HANA Cloud Connector 2.0; C:\SAP\scc20\SCCHost.exe [77312 2016-12-06] (SAP) [File not signed]
R2 sap.securelogin.service; C:\Program Files (x86)\SAP\FrontEnd\SecureLogin\bin\sbusagent.exe [301992 2017-08-24] (SAP)
R2 SecureConnector; C:\Program Files\ForeScout SecureConnector\SecureConnector.exe [2193216 2017-10-23] (ForeScout Technologies, Inc.)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [332696 2017-04-11] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-04-21] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-09-05] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [82480 2015-08-19] (Advanced Card Systems Ltd.)
S3 BcmNfcIc; C:\Windows\System32\drivers\BcmNfcIc.sys [86304 2015-07-15] (Broadcom Corporation.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [394520 2015-03-24] (Intel Corporation)
S3 F5FltDrv; C:\Windows\SysWOW64\drivers\F5FltDrv.sys [47848 2017-04-04] (F5 Networks, Inc.)
S3 f5ipfw; C:\Windows\system32\drivers\urfltv64.sys [34536 2016-09-26] (F5 Networks, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [300304 2015-11-16] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [88256 2015-06-10] (Intel Corporation)
S3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-02-04] ()
S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_TrackerX64.sys [77992 2015-10-28] ()
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477656 2017-08-14] (McAfee LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [355288 2017-08-14] (McAfee LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85048 2017-08-14] (McAfee LLC)
R3 mfeepmpk; C:\Windows\System32\drivers\mfeepmpk.sys [226616 2017-10-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [505816 2017-08-14] (McAfee LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [920024 2017-08-14] (McAfee LLC)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [504792 2017-06-27] (McAfee LLC.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [108504 2017-06-27] (McAfee LLC.)
R1 mfenlfk; C:\Windows\system32\DRIVERS\mfenlfk.sys [83928 2017-08-14] (McAfee LLC)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110040 2017-08-14] (McAfee LLC)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [253400 2017-08-14] (McAfee LLC)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3515664 2016-01-29] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2x64.sys [201240 2015-05-21] (BayHubTech/O2Micro )
S3 prepdrvr; C:\Windows\system32\DRIVERS\prepdrv.sys [26984 2017-03-01] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42088 2016-01-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [51320 2016-04-21] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [701312 2016-01-05] (Sunplus)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 SynRMIHID; C:\Windows\System32\drivers\SynRMIHID.sys [56936 2016-01-14] (Synaptics Incorporated)
R3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [51352 2015-06-03] (Generic)
S3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2016-10-17] (The OpenVPN Project)
S3 tpflhlp; C:\Windows\Temp\tpflhlp.sys [18232 2014-01-21] (Lenovo Group Limited)
R3 urvpndrv; C:\Windows\System32\drivers\covpnv64.sys [45776 2015-08-10] (F5 Networks, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U4 AppHostSvc; no ImagePath
U4 ShareAccess; no ImagePath
U4 W3SVC; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 10:06 - 2017-12-03 10:06 - 000035004 _____ C:\Users\i063859\Desktop\FRST.txt
2017-12-03 10:05 - 2017-12-03 10:06 - 002391552 _____ (Farbar) C:\Users\i063859\Desktop\FRST64.exe
2017-12-03 02:00 - 2017-12-03 02:00 - 000000000 ____D C:\Users\Public\Documents\CrashDump
2017-12-03 01:59 - 2017-12-03 01:59 - 000000000 ____D C:\Windows\LastGood.Tmp
2017-12-03 01:54 - 2016-09-05 05:47 - 000165504 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2017-12-03 01:54 - 2016-09-05 05:47 - 000131712 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2017-12-03 01:52 - 2017-12-03 01:52 - 000000000 ____D C:\Users\i063859\Documents\samsung
2017-12-03 01:52 - 2017-12-03 01:52 - 000000000 ____D C:\Users\i063859\AppData\Local\Samsung
2017-12-03 01:51 - 2017-12-03 01:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-12-03 01:51 - 2016-05-17 23:49 - 004659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2017-12-03 01:47 - 2017-12-03 01:52 - 000000000 ____D C:\Program Files\Samsung
2017-12-03 01:40 - 2017-12-03 01:40 - 000000000 ____D C:\Users\Public\Documents\NativeFus_Log
2017-12-03 01:39 - 2017-12-03 01:52 - 000000000 ____D C:\Users\i063859\AppData\Roaming\Samsung
2017-12-03 01:39 - 2017-12-03 01:51 - 000000000 ____D C:\ProgramData\Samsung
2017-12-03 01:39 - 2017-12-03 01:51 - 000000000 ____D C:\Program Files (x86)\Samsung
2017-12-03 01:39 - 2017-12-03 01:51 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-12-03 01:39 - 2016-12-08 19:04 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2017-12-02 22:45 - 2017-12-03 10:06 - 000000000 ____D C:\FRST
2017-12-02 22:45 - 2017-12-02 22:45 - 000000449 _____ C:\Users\i063859\Downloads\vi.txt
2017-12-02 13:05 - 2017-12-02 13:05 - 000000000 ____D C:\Users\i063859\AppData\Roaming\Google
2017-12-01 21:29 - 2017-12-01 21:29 - 000109056 _____ C:\Users\i063859\Documents\RE Neo SDK and certificate.msg
2017-11-30 16:36 - 2017-11-30 16:36 - 000001364 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2017-11-30 16:36 - 2017-11-30 16:36 - 000000000 ____D C:\ProgramData\YTD Video Downloader
2017-11-30 16:36 - 2017-11-30 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2017-11-30 16:36 - 2017-11-30 16:36 - 000000000 ____D C:\Program Files (x86)\GreenTree Applications
2017-11-29 04:27 - 2017-11-29 04:27 - 000004412 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-11-29 04:07 - 2017-11-29 04:07 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-11-29 04:07 - 2017-11-29 04:07 - 000000000 ____D C:\Program Files (x86)\Java
2017-11-29 04:06 - 2017-11-29 04:06 - 000110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-11-29 04:06 - 2017-11-29 04:06 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-11-28 11:00 - 2017-11-28 11:00 - 000000000 ____D C:\Users\i063859\Downloads\angular2-seed-master
2017-11-27 12:17 - 2017-12-03 02:13 - 000000574 _____ C:\Windows\SMSCFG.ini
2017-11-27 12:17 - 2017-12-03 01:47 - 000000000 ___DC C:\Windows\ccmcache
2017-11-27 12:17 - 2017-11-27 12:17 - 000004764 _____ C:\Windows\system32\CcmFramework.ini
2017-11-27 12:17 - 2017-11-27 12:17 - 000000621 _____ C:\Windows\system32\CcmFramework.h
2017-11-27 12:17 - 2017-11-27 12:17 - 000000000 ____D C:\Windows\SysWOW64\CCM
2017-11-27 12:17 - 2017-11-27 12:17 - 000000000 ____D C:\Windows\ms
2017-11-24 11:58 - 2017-11-24 11:58 - 000000000 ____D C:\Users\i063859\.ssh
2017-11-24 09:30 - 2017-11-24 09:30 - 000032823 _____ C:\Users\i063859\Documents\bmxissue.pdf
2017-11-24 09:30 - 2017-11-24 09:30 - 000024705 _____ C:\Users\i063859\Documents\bmxsdi.pdf
2017-11-23 10:48 - 2017-11-28 10:05 - 000000000 ____D C:\Users\i063859\AppData\Local\Yarn
2017-11-23 10:48 - 2017-11-28 10:04 - 000000121 _____ C:\Users\i063859\.yarnrc
2017-11-23 10:48 - 2017-11-23 10:48 - 000000000 ____D C:\Program Files (x86)\Yarn
2017-11-16 14:00 - 2017-11-16 14:00 - 000000000 ____D C:\Users\i063859\IdeaProjects
2017-11-16 13:55 - 2017-11-16 13:55 - 000000000 ____D C:\Users\i063859\.IntelliJIdea2017.2
2017-11-16 13:52 - 2017-11-16 13:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2017-11-16 13:52 - 2017-11-16 13:52 - 000000000 ____D C:\Program Files\JetBrains
2017-11-16 13:32 - 2017-11-16 13:35 - 000000000 ____D C:\S4Example
2017-11-15 17:51 - 2017-11-15 17:52 - 000000000 ____D C:\Users\i063859\eclipse-workspace
2017-11-15 17:50 - 2017-11-15 18:00 - 000000000 ____D C:\eclipse-oxygen
2017-11-15 17:50 - 2017-11-15 17:50 - 000000640 _____ C:\Users\i063859\Desktop\eclipseOxygen.lnk
2017-11-14 10:05 - 2017-11-14 10:05 - 000000000 __SHD C:\Users\i063859\wc
2017-11-14 10:05 - 2017-11-14 10:05 - 000000000 __SHD C:\Users\i063859\AppData\Roaming\wyUpdate AU
2017-11-14 10:05 - 2017-11-14 10:05 - 000000000 ____D C:\Users\i063859\AppData\Roaming\Awesomium
2017-11-14 10:05 - 2017-11-14 10:05 - 000000000 ____D C:\ProgramData\Caphyon
2017-11-14 10:04 - 2017-11-14 10:04 - 000000000 ____D C:\Users\i063859\AppData\Roaming\MarkdownPad 2 2.5.0.27920
2017-11-09 13:55 - 2017-11-09 14:10 - 442477171 _____ C:\Users\i063859\Downloads\Joyeux bordel ! » Film - Serie - Manga en Streaming Complet .mp4
2017-11-03 13:23 - 2017-11-03 13:23 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Desktop.lnk
2017-11-03 13:23 - 2017-11-03 13:23 - 000002087 _____ C:\Users\Public\Desktop\Virtual Desktop.lnk
2017-11-03 13:23 - 2017-11-03 13:23 - 000001552 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 09:53 - 2015-10-30 08:24 - 000000000 ____D C:\Windows\AppReadiness
2017-12-03 09:47 - 2016-08-30 11:24 - 000006624 _____ C:\Windows\system32\config\netlogon.ftl
2017-12-03 09:45 - 2015-10-30 08:24 - 000000000 ____D C:\Windows\system32\NDF
2017-12-03 09:43 - 2016-03-31 17:17 - 000883332 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-03 09:43 - 2015-10-30 08:21 - 000000000 ____D C:\Windows\INF
2017-12-03 02:12 - 2017-05-21 09:12 - 000002289 _____ C:\Users\i063859\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skype Quality Adviser.lnk
2017-12-03 02:11 - 2016-02-13 14:18 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-03 02:11 - 2015-10-30 07:28 - 000786432 ___SH C:\Windows\system32\config\BBI
2017-12-03 01:50 - 2016-12-20 16:20 - 000000000 ____D C:\Users\i063859\AppData\Local\Downloaded Installations
2017-12-03 01:49 - 2015-10-30 08:24 - 000618814 _____ C:\Windows\system32\Drivers\etc\services
2017-12-02 22:52 - 2016-08-30 13:42 - 000476735 _____ C:\Windows\sapmsg.ini
2017-12-02 22:07 - 2016-08-31 08:15 - 000004146 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{769E2220-40FF-470C-A636-7FA207D8215A}
2017-12-02 15:08 - 2016-08-30 14:03 - 000054364 __RSH C:\Users\i063859\ntuser.pol
2017-12-02 15:08 - 2016-08-30 14:03 - 000000000 ____D C:\Users\i063859
2017-12-02 14:16 - 2016-08-30 12:58 - 000000000 ____D C:\Windows\System32\Tasks\SAP IT
2017-12-02 13:35 - 2016-08-30 13:00 - 000628151 __RSH C:\ProgramData\ntuser.pol
2017-12-02 12:34 - 2015-10-30 08:24 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-12-02 03:46 - 2016-08-30 13:42 - 000618814 _____ C:\Windows\system32\Drivers\etc\services.sav
2017-12-01 09:41 - 2017-07-26 07:31 - 000000000 ____D C:\Program Files\ForeScout SecureConnector
2017-11-30 16:36 - 2016-12-20 16:04 - 000000000 ____D C:\Quarantine
2017-11-30 10:44 - 2017-10-12 10:50 - 000000000 ___HD C:\Users\i063859\.cf
2017-11-30 10:42 - 2016-11-05 15:59 - 000000000 ____D C:\Users\i063859\AppData\Roaming\npm-cache
2017-11-30 08:35 - 2017-09-01 14:28 - 000000000 ___HD C:\Users\i063859\.git
2017-11-30 07:49 - 2015-10-30 07:28 - 000131072 ___SH C:\Windows\system32\config\ELAM
2017-11-30 07:47 - 2015-10-30 08:24 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-29 14:46 - 2017-09-26 10:46 - 000000000 ____D C:\ProgramData\NGC
2017-11-29 04:26 - 2015-10-30 08:24 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-29 04:26 - 2015-10-30 08:24 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-29 04:25 - 2016-08-30 12:53 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-11-29 04:24 - 2016-08-30 11:57 - 000000000 ____D C:\Windows\system32\MRT
2017-11-29 04:07 - 2017-10-24 11:07 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-29 04:07 - 2017-02-01 13:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-11-29 04:07 - 2016-09-01 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-11-29 04:07 - 2016-08-30 11:57 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-29 04:07 - 2015-10-30 08:11 - 000000000 ____D C:\Windows\CbsTemp
2017-11-29 04:06 - 2016-09-01 12:32 - 000000000 ____D C:\Program Files\Java
2017-11-28 13:51 - 2016-10-26 18:08 - 000000000 ____D C:\Users\i063859\AppData\Roaming\vlc
2017-11-28 12:24 - 2016-03-31 17:15 - 000000000 ____D C:\Windows\ccmsetup
2017-11-28 11:00 - 2017-06-23 08:44 - 000000000 ____D C:\Users\i063859\Documents\CoolApps
2017-11-27 17:40 - 2017-07-23 13:38 - 000004298 _____ C:\Windows\System32\Tasks\Credmanager
2017-11-27 12:20 - 2016-03-31 17:17 - 000000000 ____D C:\Windows\CCM
2017-11-27 12:17 - 2017-06-29 11:17 - 000001799 _____ C:\Windows\SMSAdvancedClient.configmgr1702-client-kb4019926-x64.mif
2017-11-27 12:17 - 2016-03-31 17:17 - 000063645 _____ C:\Windows\system32\InstallUtil.InstallLog
2017-11-27 12:17 - 2015-10-30 08:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-11-27 12:14 - 2016-03-31 17:24 - 000000000 ____D C:\Users\Public\SAP-IT
2017-11-27 11:56 - 2016-09-20 12:01 - 000000000 ____D C:\Users\i063859\AppData\Roaming\webex
2017-11-27 11:56 - 2016-09-20 12:01 - 000000000 ____D C:\Users\i063859\AppData\LocalLow\WebEx
2017-11-25 16:07 - 2016-11-05 16:37 - 000000000 ____D C:\Users\i063859\AppData\Roaming\npm
2017-11-24 13:58 - 2016-09-20 12:01 - 000000000 ____D C:\Users\i063859\AppData\Local\WebEx
2017-11-24 13:58 - 2016-09-20 12:01 - 000000000 ____D C:\ProgramData\WebEx
2017-11-24 09:50 - 2017-10-12 12:14 - 000000000 ____D C:\Users\i063859\AppData\Roaming\Code
2017-11-23 11:16 - 2016-11-05 16:26 - 000000102 _____ C:\Users\i063859\.node_repl_history
2017-11-23 10:48 - 2016-11-02 11:02 - 000000000 ____D C:\Users\i063859\node_modules
2017-11-16 13:55 - 2016-09-01 12:40 - 000000000 ____D C:\Users\i063859\AppData\Roaming\JetBrains
2017-11-16 09:56 - 2017-04-12 18:47 - 000000000 ____D C:\Users\i063859\AppData\LocalLow\Mozilla
2017-11-16 09:52 - 2017-09-16 11:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-16 09:52 - 2016-09-01 13:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-16 09:46 - 2016-08-30 19:31 - 000002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-16 09:46 - 2016-08-30 12:56 - 000002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-15 18:01 - 2016-09-22 07:16 - 000000000 ____D C:\Users\i063859\.p2
2017-11-15 17:58 - 2016-09-22 07:16 - 000000000 ____D C:\Users\i063859\AppData\Local\Eclipse
2017-11-15 13:26 - 2016-08-29 10:22 - 000000000 ____D C:\Users\i063859\Documents\Private
2017-11-14 20:11 - 2016-08-30 12:56 - 000003586 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 20:11 - 2016-08-30 12:56 - 000003462 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 09:55 - 2016-09-15 15:45 - 000000000 ____D C:\Users\i063859\Documents\WORKSHOPS
2017-11-07 12:34 - 2017-07-28 08:50 - 000003356 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-74642-3284969411-2123768488-96017
2017-11-07 12:33 - 2017-05-28 19:21 - 000002371 _____ C:\Users\i063859\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-07 12:33 - 2016-08-30 14:06 - 000000000 ___RD C:\Users\i063859\OneDrive
2017-11-04 01:40 - 2015-10-30 08:26 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-04 01:40 - 2015-10-30 08:26 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-03 13:23 - 2016-08-30 12:56 - 000000000 ____D C:\ProgramData\Citrix
2017-11-03 13:23 - 2016-08-30 12:55 - 000000000 ____D C:\Program Files (x86)\Citrix

==================== Files in the root of some directories =======

2017-02-26 20:01 - 2017-02-26 20:01 - 000003100 _____ () C:\Users\i063859\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2016-10-13 09:30 - 2017-03-01 11:06 - 000073768 _____ () C:\Users\i063859\AppData\Local\Temp\fs_NBTDomain.exe
2017-02-11 12:14 - 2015-01-19 18:48 - 001126480 ____N (CANON INC.) C:\Users\i063859\AppData\Local\Temp\MSETUP4.EXE
2017-04-24 07:10 - 2017-04-24 07:10 - 008295096 _____ (Comptes&Mots                                                ) C:\Users\i063859\AppData\Local\Temp\VBTE550ComptesMots2017.exe
2017-08-16 16:11 - 2017-08-16 16:11 - 030950664 _____ () C:\Users\i063859\AppData\Local\Temp\vlc-2.2.6-win32.exe

Some zero byte size files/folders:
==========================
C:\Windows\w10_1.00.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-15 08:11

==================== End of FRST.txt ============================