Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by manon_000 (08-03-2018 05:45:57)
Running from C:\Users\manon_000\Desktop
Windows 10 Home Version 1709 16299.248 (X64) (2017-12-07 02:15:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1520329765-1441435639-3147742023-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1520329765-1441435639-3147742023-503 - Limited - Disabled)
Guest (S-1-5-21-1520329765-1441435639-3147742023-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1520329765-1441435639-3147742023-1006 - Limited - Enabled)
manon_000 (S-1-5-21-1520329765-1441435639-3147742023-1004 - Administrator - Enabled) => C:\Users\manon_000
WDAGUtilityAccount (S-1-5-21-1520329765-1441435639-3147742023-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Antivirus Gratuit (HKLM-x32\...\Avast Antivirus) (Version: 18.2.2328 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Discord (HKU\S-1-5-21-1520329765-1441435639-3147742023-1004\...\Discord) (Version: 0.0.300 - Discord Inc.)
FileOpen Client B979 (HKLM\...\FileOpenClient_is1) (Version: B979 - FileOpen Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Network Connections 17.4.95.0 (HKLM\...\PROSetDX) (Version: 17.4.95.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
Java SE Development Kit 7 Update 40 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
La boite a couleurs version 1.6.15 (HKLM-x32\...\La boite a couleurs_is1) (Version: - )
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.690.1 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-1520329765-1441435639-3147742023-1004\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PhotoFiltre 7 (HKU\S-1-5-21-1520329765-1441435639-3147742023-1004\...\PhotoFiltre 7) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
System Requirements Lab Detection (HKLM-x32\...\{C1F01FAB-0C6C-41AB-BBE0-DE237371A877}) (Version: 6.1.4.0 - Husdawg, LLC)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
WinRAR 5.00 (32 bits) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1520329765-1441435639-3147742023-1004\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-04] (AVAST Software)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_05.dll [2012-06-18] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-04] (AVAST Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers1-x32: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-04] (AVAST Software)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\atiacm64.dll [2015-08-04] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-03-04] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2013-08-22] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2013-08-22] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0457D0ED-E793-4A7C-9215-F7C70126AADD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {06EEE44F-4CB3-44ED-949A-E62A726539B9} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2C1C0863-64CA-4F68-8633-A9318CC1A1C6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {343C2B4A-9934-4799-B6C4-CB6899E35C4F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3B1C0384-58C5-4175-A05E-BF9DBFBC02ED} - System32\Tasks\{6A4F10E0-8A91-40A1-BBBB-7F7D1311159E} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Wondershare\Video Converter Ultimate\unins000.exe"
Task: {459AA2B7-1B50-4ABA-8669-07E3CA18ABB8} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {4F7F0FAD-9215-4445-A4AA-642B8E27920B} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-03-04] (AVAST Software)
Task: {59BEB0B6-6CD2-4384-AAA5-E1094508B14C} - System32\Tasks\0116avzUpdateInfo => C:\ProgramData\Avg_Update_0116avz\0116avz_AVG-Secure-Search-Update.exe [2016-01-10] ()
Task: {5BBE8E15-8C84-456C-81B5-3624E1500F55} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5C59A4E2-1407-4E5F-9A95-B94D005BF1E9} - \WPD\SqmUpload_S-1-5-21-1520329765-1441435639-3147742023-1004 -> No File <==== ATTENTION
Task: {6B0E2C94-EE27-4446-89CC-98851ED2BD62} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6CE43192-2EC0-48A9-9F31-99B91782254C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6D9CDFC5-3FC3-48ED-9520-06C3038D6F80} - System32\Tasks\Product Updater => C:\Program Files (x86)\Free Audio Editor 2017\FFProductUpdater.exe [2017-06-01] ()
Task: {6E77A257-4A96-4A08-84C4-0B54C50CB926} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {6F688A47-2594-48FF-8C02-9A119B1920BD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-10] (AVAST Software)
Task: {89C9DA59-C35C-42AD-89C7-3F93BDD46E04} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {90D605BA-A74A-4D88-96F4-9BF14B422945} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9F752220-4FDF-4D2C-9EB2-C2B578B55068} - System32\Tasks\{95C22DA2-3932-4867-BC61-3544C7317A97} => C:\Windows\system32\pcalua.exe -a F:\AutoRunPro.exe -d F:\
Task: {A69FB086-D07A-48A0-82A8-052C9F115AA2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {AD14CF4C-EABD-4FB1-A96A-BE6E23ED5476} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {AE89440E-893F-46D4-9F6E-59B52D3CBD54} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B47E8590-FBE2-4CC3-9710-5134A12BF0F9} - \WPD\SqmUpload_S-1-5-21-1520329765-1441435639-3147742023-1001 -> No File <==== ATTENTION
Task: {D0BD8574-CB83-4CA3-B97B-DAEA10F47C34} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E28CAB1D-7E1F-4A1B-8058-736F9B44684B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E482405F-FCF3-42FF-BD40-97C48B71C1C9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E726323C-8F24-46FE-8E0B-1A28FF351DBE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\{446CCCA1-D16E-0174-304D-47744D071283}.job => C:\PROGRA~2\COMMON~1\446CCC~1\Hugon.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\manon_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\mydlink services plugin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ldibdoepbjbkkcbgndfljnphngpglhbb

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 22:35 - 2015-01-20 22:35 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 001346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-03-06 18:44 - 2018-02-05 14:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-06 18:44 - 2018-03-01 10:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-03 14:37 - 2017-06-01 16:56 - 002628608 _____ () C:\Program Files (x86)\Free Audio Editor 2017\FFProductUpdater.exe
2018-02-13 19:07 - 2018-02-09 23:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-13 19:07 - 2018-02-09 23:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2013-02-13 01:35 - 2012-06-25 13:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2018-03-04 18:30 - 2018-03-04 18:30 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-03-04 18:30 - 2018-03-04 18:30 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-03-04 18:30 - 2018-03-04 18:30 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-03-04 18:30 - 2018-03-04 18:30 - 000275160 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2014-07-28 10:02 - 2014-08-05 09:22 - 001489408 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-07-28 10:02 - 2014-05-19 16:19 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2018-03-04 08:18 - 000000887 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1520329765-1441435639-3147742023-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\manon_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "vProt"
HKU\S-1-5-21-1520329765-1441435639-3147742023-1004\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1520329765-1441435639-3147742023-1004\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1520329765-1441435639-3147742023-1004\...\StartupApproved\Run: => "Discord"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1D480542-80F8-4334-8CB7-62B9B2135B2B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{9AECD557-520A-4FB5-AD48-C448CB9B3761}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{CB5A6285-DDF2-4D91-827C-85A99ABBBF5D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D2D6AEB-9611-4DAC-BB8E-CF08285404BD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5667936A-A338-4AA2-9166-2F063204EBAC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2205238A-596B-415A-907E-A7C6989BD287}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F4E92F17-6AEF-4628-8615-7E51BEE451F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{8FA9A630-FCC2-42F6-B8E6-99AF28A6333C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{B84959C5-1C9A-4D0D-8065-47DDFBC63BE9}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [{6D825852-73FB-4ED9-AE12-84893751082E}] => (Allow) C:\Users\Public\Games\World of Warcraft\Launcher.exe
FirewallRules: [{D6AC3F8C-F1DC-480F-93C0-D2A92F7C401F}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{DB171846-2DDB-427A-9E80-39D2FA117B77}] => (Allow) C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe
FirewallRules: [{9F4A61DF-83BA-405B-8B5D-DA95B898F9CC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{837C94B5-77A6-41FF-A917-CFAA7D0148EF}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{74D28DEE-6FD0-46E4-9CC0-E4BDBC945B29}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F02B2621-49CA-41D5-8FE3-67CC82EE7447}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4119D3C8-5269-4DBC-9B17-A38F9818B26B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DE30DA44-2326-4454-B7F1-6A5DE84EB829}] => (Allow) C:\Users\manon_000\AppData\Local\Chromium\Application\chrome.exe

==================== Restore Points =========================

23-02-2018 06:26:24 Scheduled Checkpoint
04-03-2018 22:45:15 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2018 06:50:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 11.7.0.1013, time stamp: 0x50aa9310
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0585e5bd
Faulting process id: 0x27a4
Faulting application start time: 0x01d3b66eff1a2b17
Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 2005bc11-b393-433f-8595-771b969a47e9
Faulting package full name:
Faulting package-relative application ID:

Error: (03/07/2018 06:50:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/06/2018 07:55:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 11.7.0.1013, time stamp: 0x50aa9310
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0599e5bd
Faulting process id: 0x223c
Faulting application start time: 0x01d3b5aed74524e1
Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 6aa3afe3-5fee-48ba-8402-1416cbde2f9d
Faulting package full name:
Faulting package-relative application ID:

Error: (03/06/2018 07:55:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/06/2018 07:47:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 11.7.0.1013, time stamp: 0x50aa9310
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0628e5bd
Faulting process id: 0x23c8
Faulting application start time: 0x01d3b5adc57d979c
Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 0c5a2dde-069c-4f7d-8bd3-cea5a35b556a
Faulting package full name:
Faulting package-relative application ID:

Error: (03/06/2018 07:47:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (03/06/2018 06:58:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IAStorDataMgrSvc.exe, version: 11.7.0.1013, time stamp: 0x50aa9310
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x05d7e5bd
Faulting process id: 0x21ac
Faulting application start time: 0x01d3b5a6de62dbc5
Faulting application path: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Faulting module path: unknown
Report Id: 7f1db497-d045-4547-b6f5-a9e3f3bc028d
Faulting package full name:
Faulting package-relative application ID:

Error: (03/06/2018 06:58:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
at IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
at IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (03/08/2018 05:45:10 AM) (Source: DCOM) (EventID: 10016) (User: MOM-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user MOM-PC\manon_000 SID (S-1-5-21-1520329765-1441435639-3147742023-1004) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/08/2018 05:34:39 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (03/07/2018 08:43:24 PM) (Source: DCOM) (EventID: 10016) (User: MOM-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user MOM-PC\manon_000 SID (S-1-5-21-1520329765-1441435639-3147742023-1004) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/07/2018 08:07:24 PM) (Source: DCOM) (EventID: 10016) (User: MOM-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user MOM-PC\manon_000 SID (S-1-5-21-1520329765-1441435639-3147742023-1004) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/07/2018 07:59:54 PM) (Source: DCOM) (EventID: 10016) (User: MOM-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user MOM-PC\manon_000 SID (S-1-5-21-1520329765-1441435639-3147742023-1004) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/07/2018 07:49:09 PM) (Source: DCOM) (EventID: 10016) (User: MOM-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user MOM-PC\manon_000 SID (S-1-5-21-1520329765-1441435639-3147742023-1004) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/07/2018 07:43:44 PM) (Source: DCOM) (EventID: 10016) (User: MOM-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user MOM-PC\manon_000 SID (S-1-5-21-1520329765-1441435639-3147742023-1004) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/07/2018 07:19:44 PM) (Source: DCOM) (EventID: 10016) (User: MOM-PC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user MOM-PC\manon_000 SID (S-1-5-21-1520329765-1441435639-3147742023-1004) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2018-03-08 05:34:39.649
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-08 05:34:39.647
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-08 05:34:38.118
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-08 05:34:38.117
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-08 05:34:32.381
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-08 05:34:32.380
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-08 05:34:31.135
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-08 05:34:31.133
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz
Percentage of memory in use: 36%
Total physical RAM: 8137.11 MB
Available physical RAM: 5176.14 MB
Total Virtual: 9417.11 MB
Available Virtual: 6158.14 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:915.79 GB) (Free:854.95 GB) NTFS
Drive d: (Image) (Fixed) (Total:5.86 GB) (Free:1.72 GB) NTFS
Drive e: (System) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{7a62d51d-79c8-11e3-be6f-806e6f6e6963}\ (Recovery) (Fixed) (Total:9.77 GB) (Free:2.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: E30E17EB)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5.9 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================