Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2019 01
Ran by thuy (administrator) on THINK (10-01-2020 10:07:28)
Running from C:\Users\thuy\Desktop
Loaded Profiles: thuy (Available Profiles: thuy & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG;) C:\Program Files (x86)\Avira\Home Guard\Avira.HomeGuard.Service.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(The OpenVPN Project) C:\Program Files (x86)\Avira\VPN\OpenVpn\phantomvpn.exe
() C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lenovo Group Limited) C:\Users\thuy\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Farbar) C:\Users\thuy\Desktop\FRST64-2.1.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3136136 2019-01-31] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2872400 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [297256 2017-08-29] (Lenovo -> Lenovo Group Limited)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe /noui
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [228120 2019-12-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [sysTPL] => C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-01-24] (TLAPIA -> Tlapia)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories, Inc. -> Dolby Laboratories Inc.)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\System32\Userinit.exe, [26624 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2207474609-1572355238-1656547269-1001\...\Run: [Avira Phantom VPN] => C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe [842672 2019-12-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2207474609-1572355238-1656547269-1001\...\MountPoints2: {508377d8-0408-11e4-a5b3-3c970ed65f1c} - D:\MI.exe
HKU\S-1-5-21-2207474609-1572355238-1656547269-1001\...\MountPoints2: {85f44da0-3663-11e4-a5be-3c970ed65f1c} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2207474609-1572355238-1656547269-1001\...\MountPoints2: {9ed815c5-7966-11e4-9ab4-a44e31b45d88} - D:\AutoRun.exe
HKU\S-1-5-21-2207474609-1572355238-1656547269-1001\...\MountPoints2: {9ed815dc-7966-11e4-9ab4-a44e31b45d88} - D:\AutoRun.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-10-17] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{18CBEEAA-6708-41A1-9379-D08915333CF2}] -> C:\Program Files\ThinkVantage Fingerprint Software\provider.dll [2013-03-06] (AuthenTec, Inc. -> Authentec Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\ThinkPad\Bluetooth Software\\BtwCP.dll [2013-05-14] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Providers: [{D28973E5-8630-41af-8831-50A15FEB396B}] -> C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll [2013-05-14] (Broadcom Corporation -> Broadcom Corporation.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{AE583D93-8D1B-424F-9858-5623FB7824EE}] -> C:\Program Files\ThinkVantage Fingerprint Software\provider.dll [2013-03-06] (AuthenTec, Inc. -> Authentec Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-08-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:8877
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => http=127.0.0.1:8877
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => http=127.0.0.1:8877
ProxyEnable: [S-1-5-21-2207474609-1572355238-1656547269-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-2207474609-1572355238-1656547269-1001] => http=127.0.0.1:8877
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-15] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-15] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-15] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-15] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-15] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-15] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-15] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-15] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-15] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-15] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.2.1
Tcpip\..\Interfaces\{29ACEAA9-EF19-4E65-A6A9-C6DC8002DC8C}: [DhcpNameServer] 192.168.1.1 192.168.2.1
Tcpip\..\Interfaces\{61317E04-7DD4-4F31-B5EB-1DEE29B7D745}: [DhcpNameServer] 185.123.227.250

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-2207474609-1572355238-1656547269-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.firefox.com/
HKU\S-1-5-21-2207474609-1572355238-1656547269-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-2207474609-1572355238-1656547269-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2207474609-1572355238-1656547269-1001 -> DefaultScope {0D38A98D-6782-41FC-A139-E578B5AFABBB} URL =
SearchScopes: HKU\S-1-5-21-2207474609-1572355238-1656547269-1001 -> {0D38A98D-6782-41FC-A139-E578B5AFABBB} URL =
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2019-01-31] (Logitech Inc -> Logitech, Inc.)
BHO: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files\Lenovo\Password Manager\tvtpwm_ie_com.dll [2012-03-15] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Group Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\ssv.dll [2018-05-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2019-01-31] (Logitech Inc -> Logitech, Inc.)
BHO-x32: IePasswordManagerHelper Class -> {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} -> C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll [2012-03-15] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Group Limited)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-21] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKU\S-1-5-21-2207474609-1572355238-1656547269-1001 -> No Name - {41564952-412D-5637-4300-7A786E7484D7} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2018-03-07] (Skype Software Sarl -> Skype Technologies)

FireFox:
========
FF DefaultProfile: ob7t5ww2.default-1469523567706
FF ProfilePath: Profiles/4j837lu9.Utilisateur par défaut [not found] <==== ATTENTION
FF ProfilePath: Profiles/ob7t5ww2.default-1469523567706 [not found] <==== ATTENTION
FF ProfilePath: C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\4j837lu9.Utilisateur par défaut [2020-01-10]
FF Extension: (Ghostery – Bloqueur de publicité protégeant la vie privée) - C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\4j837lu9.Utilisateur par défaut\Extensions\firefox@ghostery.com.xpi [2019-10-19]
FF Extension: (Avira Password Manager) - C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\4j837lu9.Utilisateur par défaut\Extensions\passwordmanager@avira.com.xpi [2019-10-19]
FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\4j837lu9.Utilisateur par défaut\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-10-19]
FF Extension: (Déploiement de DoH) - C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\4j837lu9.Utilisateur par défaut\features\{ceeb298b-6d54-4c02-b210-0af88e7510b6}\doh-rollout@mozilla.org.xpi [2019-10-19]
FF ProfilePath: C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\ob7t5ww2.default-1469523567706 [2020-01-10]
FF NetworkProxy: Mozilla\Firefox\Profiles\ob7t5ww2.default-1469523567706 -> type", 4
FF Extension: (Protection Web Avira) - C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\ob7t5ww2.default-1469523567706\Extensions\abs@avira.com.xpi [2019-12-04]
FF Extension: (CaptainFact (Beta)) - C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\ob7t5ww2.default-1469523567706\Extensions\extension@captainfact.io.xpi [2019-04-21]
FF Extension: (Ghostery – Bloqueur de publicité protégeant la vie privée) - C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\ob7t5ww2.default-1469523567706\Extensions\firefox@ghostery.com.xpi [2019-11-23]
FF Extension: (French spelling dictionary) - C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\ob7t5ww2.default-1469523567706\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org.xpi [2019-10-25]
FF Extension: (Français Language Pack) - C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\ob7t5ww2.default-1469523567706\Extensions\langpack-fr@firefox.mozilla.org.xpi [2020-01-09]
FF Extension: (Avira Password Manager) - C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\ob7t5ww2.default-1469523567706\Extensions\passwordmanager@avira.com.xpi [2019-12-13]
FF Extension: (uBlock Origin) - C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\ob7t5ww2.default-1469523567706\Extensions\uBlock0@raymondhill.net.xpi [2019-11-27]
FF Extension: (Logitech SetPoint) - C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\ob7t5ww2.default-1469523567706\Extensions\{84380428-8c9d-4bdf-913d-b2c34d6562d9}.xpi [2020-01-06]
FF Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\thuy\AppData\Roaming\Mozilla\Firefox\Profiles\ob7t5ww2.default-1469523567706\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-10-23]
FF Extension: (Déploiement de DoH) - C:\Program Files\Mozilla Firefox\browser\features\doh-rollout@mozilla.org.xpi [2020-01-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2020-01-08] [not signed]
FF HKU\S-1-5-21-2207474609-1572355238-1656547269-1001\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: (ThinkVantage Password Manager) - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2019-10-19] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_303.dll [2019-12-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_303.dll [2019-12-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-05-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-05-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] ( Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-08-15] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2207474609-1572355238-1656547269-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-03-26] (Intel)
FF Plugin HKU\S-1-5-21-2207474609-1572355238-1656547269-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-03-26] (Intel)

Chrome:
=======
CHR DefaultProfile: Default
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [geempcnjhccnoepfmahaeemnnfnignab] - C:\Program Files (x86)\Lenovo\Password Manager\chrome_npapi_extension.crx [2012-03-15]
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [geempcnjhccnoepfmahaeemnnfnignab] - C:\Program Files (x86)\Lenovo\Password Manager\chrome_npapi_extension.crx [2012-03-15]
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3147344 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2914896 2019-10-08] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1210168 2019-12-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484768 2019-11-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484768 2019-11-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [567872 2019-11-23] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.HomeGuard; C:\Program Files (x86)\Avira\Home Guard\Avira.HomeGuard.Service.exe [32064 2019-04-29] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG;)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [612944 2019-12-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989536 2019-12-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [379632 2019-12-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S4 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2018-05-16] (LENOVO -> Lenovo.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-06-10] (Intel Corporation - pGFX -> Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Trusted Connect Service -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-09-15] (Lavasoft Limited -> Lavasoft Limited) [File not signed]
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [169768 2017-08-29] (Lenovo -> Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [120400 2017-04-03] (Lenovo -> Lenovo Group Limited)
S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
S4 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [337688 2018-09-06] (Lenovo -> Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] (Intel Corporation-Wireless Connectivity Solutions -> )
S4 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [35272 2016-05-04] (LENOVO -> SHAREit Technologies Co.Ltd)
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-01-24] (TLAPIA -> Tlapia)
R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-01-24] (TLAPIA -> Tlapia)
S4 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1028096 2010-08-31] (Lenovo Group Limited) [File not signed]
S4 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1526120 2013-09-25] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Group Limited)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation)
S2 CAMService; "C:\Program Files\Intel\CAM\bin\CAMService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 5U877; C:\Windows\System32\DRIVERS\5U877.sys [216704 2012-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Ricoh co.,Ltd.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [68152 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [222888 2019-12-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [175808 2019-09-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36072 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [35376 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation -> Broadcom Corporation.)
S3 btwampfl; C:\Windows\system32\drivers\btwampfl.sys [598808 2012-12-04] (Broadcom Corporation -> Broadcom Corporation.)
S3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [184144 2012-05-02] (Broadcom Corporation -> Broadcom Corporation.)
S3 btwavdt; C:\Windows\System32\DRIVERS\btwavdt.sys [210984 2012-03-06] (Broadcom Corporation -> Broadcom Corporation.)
S3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [39976 2011-09-18] (Broadcom Corporation -> Broadcom Corporation.)
S3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [21544 2012-03-06] (Broadcom Corporation -> Broadcom Corporation.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-04-09] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-04-09] (Disc Soft Ltd -> Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-07-28] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11524096 2014-07-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2018-12-19] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-07-13] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
R0 PMDRVS; C:\Windows\System32\DRIVERS\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc64.sys [101888 2011-05-26] (Microsoft Windows Hardware Compatibility Publisher -> REDC)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [53800 2018-11-21] (Synaptics Incorporated -> Synaptics Incorporated)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35784 2017-03-20] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-09] (Lenovo (Japan) Ltd. -> ThinkVantage Communications Utility)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2009-02-13] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S2 smihlp2; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\5U877.sys 144D54704A881047AE1084C6F1163060
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 0DC2A9882540DEA4A55B08785E09D8FC
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys 26CF0D8A24834D04B0DBE1979F96B035
C:\Windows\system32\drivers\amdppm.sys 268FFCDC7840795D535A2F9CDCB98760
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 308AD515A8226EA89C7C100F9660EAC3
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avdevprot.sys 7DAFDEA3021CCD195DC9E4B5D9009A10
C:\Windows\System32\DRIVERS\avgntflt.sys 0AECB4C15941572151FF8FFFE7C58296
C:\Windows\System32\DRIVERS\avipbb.sys 056C365DF7A98AD0E67616EF14444F4A
C:\Windows\System32\DRIVERS\avkmgr.sys EB5C2402E2F402A19504BF6CA9C3E06A
C:\Windows\System32\DRIVERS\avnetflt.sys 19B6F9073BD606B7ABEC03A0328FDC1B
C:\Windows\System32\Drivers\avusbflt.sys C1A0D77BAA3C48BA73E64513073CF3FD
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\drivers\bcbtums.sys 455EB0128FD08E07EACE0C6F754A3AAD
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthpan.sys 5A8951D195AFEF979C4AB02A129EBC37
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\system32\drivers\btwampfl.sys 96E22173FD0E2670A2A20C1EEECA162A
C:\Windows\System32\drivers\btwaudio.sys A771078558477068DFD8037B82EB00F8
C:\Windows\System32\DRIVERS\btwavdt.sys 9FF58F76024D25784755B01F926B00BE
C:\Windows\System32\DRIVERS\btwl2cap.sys B1ACFD00CDD13B48D86F46BFEC153BF9
C:\Windows\System32\DRIVERS\btwrchid.sys EDD953D635F3AA89EF902E3F82D60D22
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3963FEC1892368DD500E6ED1F5C286CE
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9DE8D00626F01DBD1879A6655D7A752D
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 97659D0CEBCF0DB9C265D3DE1B116ECF
C:\Windows\system32\drivers\dmvsc.sys F204A1B043A561407206CAFC4CBE76E9
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\DRIVERS\dtlitescsibus.sys 679FF716052109392D870F6A6C4A3535
C:\Windows\System32\DRIVERS\dtliteusbbus.sys E23FDD696839A4790682CA66C48D3F2F
C:\Windows\System32\drivers\dxgkrnl.sys 5CEF80AE869336376F550ECAE91E424A
C:\Windows\System32\DRIVERS\DzHDD64.sys 3CE83D7EE95D9C9F03323810A2E747DF
C:\Windows\System32\DRIVERS\e1c62x64.sys B9D6EF0377E1B3D904B2977C0BC34A0A
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys 7E45F8B117419ABA3BB26579F6E70324
C:\Windows\System32\Drivers\fastfat.sys 6EDFA237D25433C03F42FBFDB16BDD24
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys F3169EF73866BA0F98B505E5B5D8D811
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys CF5C9BD985120781200D35FD445D0BD5
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys CCFA835960E35F30D28A868E0B3B8722
C:\Windows\System32\DRIVERS\iaStorA.sys 8BE099617DA18FE085A40D47FC156B1B
C:\Windows\System32\DRIVERS\iaStorF.sys 005C0887D8B57A19883E3ADEF5478F05
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\ibmpmdrv.sys 4D4E1E92DDCEAD9C26118FFF05677963
C:\Windows\System32\DRIVERS\igdkmd64.sys A3EF4844203C77CDC4506E662FC33735
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelaud.sys 314285071F7117263BD246E35C17FD82
C:\Windows\System32\drivers\RTKVHD64.sys 0CDE7928C4B99C25AAED3B4E84E78168
C:\Windows\System32\DRIVERS\IntcDAud.sys 87871AB7AC797F922A6F3D4C874CED96
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys 6518C5A7088D16E0B258C976E9588D9F
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iusb3hcs.sys 68CF5515B176527523ED379915350AE3
C:\Windows\System32\DRIVERS\iusb3hub.sys EE522B28633D275BFE12EF70F4936E37
C:\Windows\System32\DRIVERS\iusb3xhc.sys 69AB13996A97F8168538F98FB832A86B
C:\Windows\System32\DRIVERS\iwdbus.sys 4487AD9C070D3973FE28AB4406555FC6
C:\Windows\System32\DRIVERS\kbdclass.sys C3CEAAF93C02A205B0712DEF98BAE544
C:\Windows\System32\DRIVERS\kbdhid.sys 73DD773AC3F96B229AF7C6BB0D9009FE
C:\Windows\System32\Drivers\ksecdd.sys 7EE31F75C06112AAC24CFA3421E7A2C0
C:\Windows\System32\Drivers\ksecpkg.sys 2218BEFC4EFE4BE5797BC62AC3B2D64A
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LHidFilt.Sys 8B125674D81F0A307F1FD8D5C4C8DE4D
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 148E1E28CB6EEBEC7B7694F63C0A9933
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys 5416CEB2916BBE635288C4D1075B045E
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys 124B5296DF58E1F0ED3E9122431B136D
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 0C22BF88FB8E50DF1AB9CA564D0BD270
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys 2EF08F96630129E503D0A9C13604574F
C:\Windows\System32\DRIVERS\mrxsmb10.sys DF0E99ABC53DFB2036386F3A90EF97BB
C:\Windows\System32\DRIVERS\mrxsmb20.sys 3E8048CF0BE9784B65615EBA75C95823
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys AA0C2BA3782E92BD85E2264BE418E67C
C:\Windows\System32\DRIVERS\nwifi.sys 9FB2A095B1166CB3C9A06651863B3452
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys 734837208CAFD6E0959A7A0333C95C9D
C:\Windows\System32\DRIVERS\Netwsw00.sys 9233F2F1A3CD407A6622F6D38F120838
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys DE7FCC77F4A503AF4CA6A47D49B3713D
C:\Windows\System32\Drivers\Npfs.sys F659AF9BC6E7555D89E39C5D0D8E236C
C:\Windows\System32\drivers\nsiproxy.sys BE313E566EEA2A4B7F9AAC9782A567D4
C:\Windows\System32\Drivers\Ntfs.sys 1065D9AFE491706EB00AD3CBB76C9E54
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys BE1A9309CD755AF6CC74028016BADCC7
C:\Windows\System32\DRIVERS\phantomtap.sys 007FD8D68E4D691DD4AEDD6F39B41B2C
C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS B4C1BF666DBD6899EC4A9A499DAA040B
C:\Windows\System32\DRIVERS\pmdrvs.sys D257B3A5E243E04867D1ABD2DA13B6F8
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys 626DAA3AFB2CD08CD21D9DBC5DD28134
C:\Windows\System32\DRIVERS\psadd.sys 05A4779E4994B21473EDBE85AABE8030
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 71B6F78D6444CCE6F77BC42917A4E8F7
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\risdxc64.sys 5A227511ED22DDFEDF7EF7323C8F7D2F
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys 57E908ED01D8DF05B9CC6A0C9869C7A2
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Apsx64.sys D1AC677E7066D3278356C875628B16D4
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys 17E3634CC92B9C268B713DE077CDB6F9
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys AD8E3D8893DC2769F16F3EB8371ABCF5
C:\Windows\System32\DRIVERS\srv2.sys 77DCA03FD9FB9B939F9764A0E7A8D365
C:\Windows\System32\DRIVERS\srvnet.sys 0C7610E300DDA0CB58347F8FF2654A55
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\drivers\vmstorfl.sys E269BA8899F56FA9A14ABB8D98BA8ABF
C:\Windows\system32\drivers\storvsc.sys 26F9B63705BFA9640D53FBD141041865
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 5D0AC35618986F00002F1896073EDF7A
C:\Windows\System32\DRIVERS\tap0901.sys BB3F041ACE6FF23FD8F51B4CDDAB111B
C:\Windows\System32\drivers\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\DRIVERS\tcpip.sys 7FB36A0A036ADDACE0A868E4A43C1C27
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 4DD986720F7CB7A8A5D1226793097B9A
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ApsHM64.sys D43EB8666214C14AB97080D4B11F5CAF
C:\Windows\System32\drivers\tpm.sys 48DDEF0B921DD331536CC82C1A8FF64F
C:\Windows\System32\drivers\Tppwr64v.sys 8ECC5302575EA6A27B04F5C258CE963F
C:\Windows\System32\DRIVERS\tssecsrv.sys 2CF58216424757ED29605B4F18EC443C
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Tvti2c.sys D4915DB03B19F9FD50EC084CC0ED15FC
C:\Windows\System32\DRIVERS\tvtvcamd.sys 760B34088C2AD8D634CC3784EF3A2CA2
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys C77B614D818386596EC5540E318AE034
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 5C3BE22E485B9BF11FCEFDC676C728D0
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys E6DFE1F33B1250A6E26EA6F6CE10B09C
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 3F9D3902CE931E2A28DD8452AE915B67
C:\Windows\system32\drivers\usbhub.sys 86B65EEBC03B936DE8B26E5A18D98FA2
C:\Windows\system32\drivers\usbohci.sys 099C2931C6F73EB1B9E13C560F61B50D
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 18C50A2277BCB1509A27F91A07377263
C:\Windows\system32\drivers\usbuhci.sys 5D7651347C7D702F4A5DE53603DC024F
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys 0312DCB72628E57C6F0FA087295F25B8
C:\Windows\system32\drivers\VMBusHID.sys 4A2F3A12A67BF9D4BCF2EFBADD801BA9
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys 85C5468BC395819AE2A0C747334BA14C
C:\Windows\System32\drivers\volsnap.sys B52F1F5F55CD773BA89E5739B82E9C34
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys 6F96FDED5AFAC6151E94430F2C1EA833
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\WSDScan.sys 0BEB414B1948E84BBA57F5F4EA5BD689
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-10 10:00 - 2020-01-10 10:00 - 000050933 _____ C:\Users\thuy\Desktop\Addition.txt
2020-01-10 09:59 - 2020-01-10 10:08 - 000052987 _____ C:\Users\thuy\Desktop\FRST.txt
2020-01-10 09:59 - 2020-01-10 10:07 - 000000000 ____D C:\FRST
2020-01-10 09:48 - 2020-01-10 09:48 - 002434048 _____ (Farbar) C:\Users\thuy\Desktop\FRST64-2.1.exe
2020-01-09 13:02 - 2019-12-06 12:27 - 000492032 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2020-01-09 13:02 - 2019-11-28 10:33 - 000710072 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2020-01-09 13:02 - 2019-11-28 10:32 - 004061616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2020-01-09 13:02 - 2019-11-28 10:32 - 003967416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2020-01-09 13:02 - 2019-11-28 10:32 - 001320248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2020-01-09 13:02 - 2019-11-28 10:32 - 000627664 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2020-01-09 13:02 - 2019-11-28 10:32 - 000264120 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2020-01-09 13:02 - 2019-11-28 10:32 - 000155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2020-01-09 13:02 - 2019-11-28 10:32 - 000097208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2020-01-09 13:02 - 2019-11-28 10:31 - 005554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2020-01-09 13:02 - 2019-11-28 10:31 - 001671504 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 10:04 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2020-01-09 13:02 - 2019-11-28 10:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2020-01-09 13:02 - 2019-11-28 10:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2020-01-09 13:02 - 2019-11-28 10:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2020-01-09 13:02 - 2019-11-28 10:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2020-01-09 13:02 - 2019-11-28 09:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2020-01-09 13:02 - 2019-11-28 09:58 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2020-01-09 13:02 - 2019-11-28 09:58 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2020-01-09 13:02 - 2019-11-28 09:58 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2020-01-09 13:02 - 2019-11-28 09:58 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2020-01-09 13:02 - 2019-11-28 09:57 - 003233280 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2020-01-09 13:02 - 2019-11-28 09:57 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2020-01-09 13:02 - 2019-11-28 09:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2020-01-09 13:02 - 2019-11-28 09:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 09:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 09:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 09:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2020-01-09 13:02 - 2019-11-28 09:56 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2020-01-09 13:02 - 2019-11-28 09:56 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2020-01-09 13:02 - 2019-11-28 09:53 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2020-01-09 13:02 - 2019-11-28 09:53 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2020-01-09 13:02 - 2019-11-28 09:52 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2020-01-09 13:02 - 2019-11-28 09:52 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2020-01-09 13:02 - 2019-11-28 09:52 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2020-01-09 13:02 - 2019-11-28 09:52 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2020-01-09 13:02 - 2019-11-28 09:51 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2020-01-09 13:02 - 2019-11-28 09:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2020-01-09 13:02 - 2019-11-28 09:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2020-01-09 13:02 - 2019-11-28 09:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2020-01-09 13:02 - 2019-11-28 09:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2020-01-09 13:02 - 2019-11-28 09:51 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2020-01-09 13:02 - 2019-11-28 09:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2020-01-09 13:02 - 2019-11-21 07:48 - 000629984 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2020-01-09 13:02 - 2019-11-15 09:32 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2020-01-09 13:02 - 2019-11-15 09:29 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2020-01-09 13:02 - 2019-11-15 09:29 - 001330176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2020-01-09 13:02 - 2019-11-15 09:29 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2020-01-09 13:02 - 2019-11-15 09:29 - 000479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2020-01-09 13:02 - 2019-11-15 09:29 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2020-01-09 13:02 - 2019-11-15 09:29 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2020-01-09 13:02 - 2019-11-15 09:29 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2020-01-09 13:02 - 2019-11-15 09:29 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2020-01-09 13:02 - 2019-11-15 09:29 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2020-01-09 13:02 - 2019-11-15 09:29 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2020-01-09 13:02 - 2019-11-15 09:25 - 000385248 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2020-01-09 13:02 - 2019-11-15 09:22 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2020-01-09 13:02 - 2019-11-15 09:22 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2020-01-09 13:02 - 2019-11-15 09:22 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2020-01-09 13:02 - 2019-11-15 09:22 - 000517632 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2020-01-09 13:02 - 2019-11-15 09:22 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2020-01-09 13:02 - 2019-11-15 09:22 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2020-01-09 13:02 - 2019-11-15 09:22 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2020-01-09 13:02 - 2019-11-15 09:22 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2020-01-09 13:02 - 2019-11-15 09:21 - 000623104 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2020-01-09 13:02 - 2019-11-15 09:21 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2020-01-09 13:02 - 2019-11-15 09:21 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2020-01-09 13:02 - 2019-11-15 09:21 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2020-01-09 13:02 - 2019-11-15 09:21 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2020-01-09 13:02 - 2019-11-15 09:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2020-01-09 13:02 - 2019-11-15 09:21 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2020-01-09 13:02 - 2019-11-15 09:06 - 000748544 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2020-01-09 13:02 - 2019-11-15 09:04 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2020-01-09 13:02 - 2019-11-15 08:59 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2020-01-09 13:02 - 2019-11-15 08:59 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2020-01-09 13:02 - 2019-11-15 08:45 - 000327680 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2020-01-09 13:02 - 2019-11-14 18:34 - 003187712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2020-01-09 13:02 - 2019-09-17 07:13 - 000455392 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2020-01-08 15:14 - 2020-01-08 15:15 - 002362669 _____ C:\Users\thuy\Downloads\ds_dg7000g_en_02(1).pdf
2020-01-08 10:39 - 2020-01-08 11:51 - 000000000 ____D C:\Windows\system32\%ProgramData%
2020-01-07 14:09 - 2020-01-07 14:17 - 196835056 _____ (Logitech Inc.) C:\Users\thuy\Downloads\Options_8.0.863.exe
2020-01-07 11:31 - 2020-01-07 11:32 - 002362669 _____ C:\Users\thuy\Downloads\ds_dg7000g_en_02.pdf
2020-01-07 11:14 - 2020-01-07 11:14 - 003210152 _____ (Lenovo ) C:\Users\thuy\Downloads\LSBSetup(4).exe
2020-01-07 10:26 - 2020-01-07 10:26 - 000959884 _____ C:\Users\thuy\Downloads\542.population.societes.2017.mars.fr.fr.pdf
2020-01-07 10:26 - 2020-01-07 10:26 - 000591519 _____ C:\Users\thuy\Downloads\population.societes.564.fr.esperance.vie.france.2019.fr.pdf
2020-01-06 16:28 - 2020-01-06 16:34 - 000000000 ____D C:\Windows\TempInst
2020-01-06 16:28 - 2019-12-11 18:42 - 000949632 _____ (Lenovo.) C:\Windows\system32\ibmpmsvc.exe
2020-01-06 16:28 - 2019-12-11 18:42 - 000892288 _____ (Lenovo.) C:\Windows\system32\LPlatSvc.exe
2020-01-06 16:28 - 2019-12-11 18:42 - 000098688 _____ (Lenovo.) C:\Windows\system32\ibmpmctl.exe
2020-01-06 16:28 - 2019-12-11 18:42 - 000080144 _____ (Lenovo.) C:\Windows\system32\Drivers\ibmpmdrv.sys
2020-01-06 16:28 - 2019-12-11 18:42 - 000038160 _____ (Lenovo.) C:\Windows\system32\Drivers\pmdrvs.sys
2020-01-06 16:13 - 2020-01-08 11:51 - 000000000 ____D C:\Users\thuy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2020-01-06 16:13 - 2020-01-06 16:13 - 003210152 _____ (Lenovo ) C:\Users\thuy\Downloads\LSBSetup(3).exe
2020-01-06 15:58 - 2020-01-06 15:58 - 014036632 _____ (Logitech, Inc.) C:\Users\thuy\Downloads\FirmwareUpdateTool_1.2.169_x86.exe
2020-01-06 15:56 - 2020-01-08 11:51 - 000000000 ____D C:\Windows\pss
2020-01-06 15:13 - 2020-01-06 15:13 - 000000000 ____D C:\ProgramData\Logitech
2020-01-06 15:12 - 2020-01-08 11:51 - 000000000 ____D C:\Program Files\Logitech
2020-01-06 15:12 - 2020-01-06 15:12 - 000000000 ____D C:\Users\thuy\AppData\Local\Logishrd
2020-01-06 15:11 - 2020-01-06 15:12 - 000000000 ____D C:\Users\Public\Documents\Logishrd
2020-01-06 15:09 - 2020-01-08 11:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2020-01-06 15:09 - 2020-01-06 15:09 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2020-01-06 15:08 - 2020-01-08 11:51 - 000000000 ____D C:\Program Files\Common Files\LogiShrd
2020-01-06 15:03 - 2020-01-06 15:06 - 086804848 _____ (Logitech Inc.) C:\Users\thuy\Downloads\SetPoint6.69.126_64.exe
2020-01-06 15:03 - 2020-01-06 15:04 - 054341784 _____ C:\Users\thuy\Downloads\logitech-wireless-combo-mk345(1).pdf
2020-01-05 16:51 - 2020-01-05 16:53 - 000000000 ____D C:\5895e47bf911fe5036
2020-01-05 16:40 - 2020-01-05 16:46 - 011313360 _____ (Microsoft Corporation) C:\Users\thuy\Downloads\windowsupdateagent-7.6-x64.exe
2020-01-05 15:19 - 2020-01-07 13:53 - 000345291 _____ C:\Users\thuy\Desktop\Daily accounting 2020.xlsx
2019-12-27 13:18 - 2019-12-27 13:18 - 003210152 _____ (Lenovo ) C:\Users\thuy\Downloads\LSBSetup(2).exe
2019-12-27 11:16 - 2019-12-27 11:17 - 003210152 _____ (Lenovo ) C:\Users\thuy\Downloads\LSBSetup(1).exe
2019-12-27 08:26 - 2019-12-27 08:26 - 001250638 _____ C:\Users\thuy\Downloads\msi-radeon-rx-570-armor-8g-oc-datasheet.pdf
2019-12-24 11:42 - 2019-12-24 11:46 - 192733048 _____ (Lenovo Group Limited ) C:\Users\thuy\Downloads\tp_x230x_tablet_w732_201308.exe
2019-12-24 11:13 - 2020-01-07 14:32 - 000000000 ____D C:\ProgramData\Logishrd
2019-12-24 11:08 - 2019-12-24 11:08 - 054341784 _____ C:\Users\thuy\Downloads\logitech-wireless-combo-mk345.pdf
2019-12-23 19:15 - 2020-01-09 14:59 - 000026793 _____ C:\Users\thuy\Desktop\ordi DIY.xlsx
2019-12-23 16:46 - 2019-12-27 10:59 - 000001802 _____ C:\Users\thuy\Desktop\CrystalDiskInfo.lnk
2019-12-23 16:46 - 2019-12-23 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2019-12-23 16:46 - 2019-12-23 16:46 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2019-12-20 18:55 - 2019-12-20 18:55 - 000002906 _____ C:\Users\thuy\Desktop\tot.txt
2019-12-20 17:00 - 2020-01-06 20:09 - 000029461 _____ C:\Users\thuy\Desktop\popo.txt
2019-12-18 16:45 - 2019-12-18 16:45 - 000392450 _____ C:\Users\thuy\Downloads\Asiajet-Conseiller-voyages-indiv-TH-L-C.pdf
2019-12-17 13:30 - 2019-12-17 13:30 - 000045134 _____ C:\Users\thuy\Downloads\mpdf.pdf
2019-12-15 15:50 - 2019-12-15 15:50 - 000023422 _____ C:\Users\thuy\Desktop\Mediapart.txt
2019-12-13 20:14 - 2019-12-13 20:14 - 006199352 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2019-12-11 13:09 - 2019-12-11 13:09 - 000008641 _____ C:\Users\thuy\Documents\Classeur1.xlsx
2019-12-10 16:13 - 2019-12-10 16:14 - 003126690 _____ C:\Users\thuy\Downloads\B1C06aFeFbS.pdf
2019-12-10 16:13 - 2019-12-10 16:14 - 001472171 _____ C:\Users\thuy\Downloads\A1hKLz5qJGL.pdf
2019-12-10 13:53 - 2019-12-10 13:53 - 000214065 _____ C:\Users\thuy\Downloads\Essence_de_térébenthine.pdf
2019-12-10 13:53 - 2019-12-10 13:53 - 000179686 _____ C:\Users\thuy\Downloads\Térébenthine.pdf
2019-12-08 11:03 - 2019-12-08 11:04 - 002719088 _____ (Lenovo ) C:\Users\thuy\Downloads\LSBSetup.exe
2019-12-08 10:51 - 2019-12-08 10:53 - 060742352 _____ (Lenovo) C:\Users\thuy\Downloads\lscsetup_x86_34003.exe
2019-12-06 22:32 - 2019-12-06 22:36 - 006133560 _____ (Crystal Dew World ) C:\Users\thuy\Downloads\CrystalDiskInfo8_3_2a.exe
2019-12-06 22:30 - 2019-12-06 22:30 - 000000000 ____D C:\Users\thuy\Downloads\CrystalDiskMark6_0_2
2019-12-06 22:28 - 2019-12-06 22:28 - 003067825 _____ C:\Users\thuy\Downloads\CrystalDiskMark6_0_2.zip
2019-12-06 21:48 - 2019-12-06 21:48 - 000040466 _____ C:\Users\thuy\Downloads\SIPO.pdf
2019-12-04 19:17 - 2019-12-04 19:17 - 000488191 _____ C:\Users\thuy\Downloads\Les_12_Secrets_Pour_Progresser_3_Fois_Plus_Vite_A_La_Guitare.pdf
2019-12-04 19:17 - 2019-12-04 19:17 - 000041122 _____ C:\Users\thuy\Downloads\exercice_en_la_majeur_au_bottleneck_www.instinctguitare.com_.zip
2019-12-04 19:16 - 2019-12-04 19:16 - 000060731 _____ C:\Users\thuy\Downloads\exercice_en_la_majeur_au_bottleneck_www.instinctguitare.com_.pdf
2019-11-29 13:43 - 2019-11-29 13:43 - 000001142 _____ C:\Users\thuy\AppData\Roaming\Microsoft\Windows\Start Menu\LINE.lnk
2019-11-29 13:43 - 2019-11-29 13:43 - 000000000 ____D C:\Users\thuy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINE
2019-11-29 13:42 - 2019-11-29 13:43 - 000000000 ____D C:\Users\thuy\AppData\Local\LINE
2019-11-25 15:34 - 2019-11-25 15:34 - 000648230 _____ C:\Users\thuy\Downloads\Théorème_de_Thalès.pdf
2019-11-25 14:21 - 2019-11-27 11:30 - 000000000 ____D C:\ProgramData\McAfee
2019-11-25 14:21 - 2019-11-26 18:26 - 000000000 _____ C:\Users\thuy\AppData\Roaming\MCVi2UserDetail.ini
2019-11-25 09:54 - 2019-11-25 09:54 - 000001706 _____ C:\Users\thuy\Desktop\Coran.lnk
2019-11-25 09:37 - 2019-11-28 22:49 - 000000000 ____D C:\Users\thuy\Documents\Coran
2019-11-24 17:06 - 2019-11-24 17:06 - 000059201 _____ C:\Users\thuy\Desktop\mails benoit.txt
2019-11-14 13:39 - 2019-11-27 12:43 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-11-14 13:34 - 2019-11-14 13:34 - 000000000 ____D C:\Program Files (x86)\MSECache
2019-11-10 11:59 - 2019-11-10 11:59 - 000031378 _____ C:\Users\thuy\Documents\Avira report.xlsx
2019-11-09 16:27 - 2019-11-09 16:28 - 000587900 _____ C:\Users\thuy\Documents\CFM2007-0402.pdf
2019-11-02 14:16 - 2020-01-10 09:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-11-02 14:09 - 2019-11-02 14:10 - 000000000 ____D C:\Users\thuy\Documents\informatique
2019-10-28 19:17 - 2019-11-11 13:42 - 000000000 ____D C:\Users\thuy\Documents\Four a pain
2019-10-28 15:12 - 2019-10-28 15:12 - 000001281 _____ C:\Users\Public\Desktop\Skype.lnk
2019-10-27 16:49 - 2019-10-27 16:49 - 000955435 _____ C:\Users\thuy\Downloads\PADI Asia Pacific Price List English IM & DM.pdf
2019-10-26 10:28 - 2019-10-26 10:28 - 000000000 ____D C:\Program Files\WinPcap
2019-10-26 10:22 - 2019-10-26 10:23 - 019646273 _____ C:\Users\thuy\Documents\SwuData.zip
2019-10-25 11:40 - 2019-10-25 11:40 - 006164184 _____ (Avira Operations GmbH & Co. KG) C:\Users\thuy\Downloads\avira_fr_aps10_3014437527_3mwwdcdbm7smyupcleza_wd.exe
2019-10-24 13:25 - 2019-12-07 14:16 - 000222888 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2019-10-24 13:25 - 2019-10-24 13:25 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2019-10-24 13:25 - 2019-10-24 13:25 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2019-10-24 13:25 - 2019-09-19 10:07 - 000175808 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2019-10-24 13:25 - 2019-06-07 15:09 - 000068152 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2019-10-24 13:25 - 2019-03-20 18:50 - 000078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2019-10-24 13:25 - 2019-03-20 18:50 - 000036072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2019-10-24 13:25 - 2019-03-20 18:50 - 000035376 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2019-10-24 13:23 - 2020-01-09 12:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-10-24 13:22 - 2019-10-24 13:22 - 006164184 _____ (Avira Operations GmbH & Co. KG) C:\Users\thuy\Downloads\avira_en_froe3_5db13f192329b__pawwws.exe
2019-10-23 09:59 - 2020-01-07 14:32 - 000000000 ____D C:\Users\thuy\AppData\Roaming\Logishrd
2019-10-23 09:59 - 2020-01-06 15:11 - 000000000 ____D C:\Users\thuy\AppData\Roaming\Logitech
2019-10-23 09:03 - 2019-10-23 09:03 - 000000000 ____D C:\Users\thuy\Documents\Bluetooth Exchange Folder
2019-10-22 17:54 - 2019-10-22 17:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2019-10-22 17:53 - 2020-01-08 11:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2019-10-22 17:53 - 2019-10-22 17:53 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2019-10-22 17:53 - 2019-10-22 17:53 - 000000000 ____D C:\Program Files\Realtek
2019-10-22 17:53 - 2019-10-22 17:53 - 000000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2019-10-22 17:53 - 2013-09-13 19:38 - 000646313 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2019-10-22 17:53 - 2013-09-13 18:54 - 003641688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2019-10-22 17:53 - 2013-09-13 14:23 - 032882688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2019-10-22 17:53 - 2013-09-12 19:23 - 000149208 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2019-10-22 17:53 - 2013-09-12 18:03 - 002586840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2019-10-22 17:53 - 2013-09-03 14:49 - 002103040 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2019-10-22 17:53 - 2013-08-20 20:17 - 002809048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2019-10-22 17:53 - 2013-08-07 17:41 - 000113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2019-10-22 17:53 - 2013-08-06 09:47 - 000947248 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2019-10-22 17:53 - 2013-08-06 04:56 - 006219096 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2019-10-22 17:53 - 2013-08-06 04:56 - 001908568 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2019-10-22 17:53 - 2013-08-06 04:56 - 000312152 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2019-10-22 17:53 - 2013-08-06 04:56 - 000261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2019-10-22 17:53 - 2013-08-05 18:11 - 002743328 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2019-10-22 17:53 - 2013-08-02 20:16 - 001005784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2019-10-22 17:53 - 2013-06-05 21:42 - 000208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2019-10-22 17:53 - 2013-04-24 17:16 - 001662024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2019-10-22 17:53 - 2013-02-20 18:55 - 001284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2019-10-22 17:53 - 2012-10-02 14:41 - 000501192 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2019-10-22 17:53 - 2012-10-02 14:41 - 000487368 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2019-10-22 17:53 - 2012-10-02 14:41 - 000415688 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2019-10-22 17:53 - 2012-08-31 19:18 - 007164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2019-10-22 17:53 - 2012-08-31 19:17 - 000434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2019-10-22 17:53 - 2012-08-31 19:17 - 000141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2019-10-22 17:53 - 2012-08-31 19:17 - 000124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2019-10-22 17:53 - 2012-08-31 19:17 - 000075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2019-10-22 17:53 - 2012-07-24 16:13 - 000002428 _____ C:\Windows\system32\Drivers\SAMSFPA.DAT
2019-10-22 17:53 - 2012-03-08 11:47 - 000108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2019-10-22 17:53 - 2012-01-30 11:43 - 000836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2019-10-22 17:53 - 2012-01-10 10:20 - 000065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2019-10-22 17:53 - 2011-12-20 15:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2019-10-22 17:53 - 2011-11-22 16:28 - 000014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2019-10-22 17:53 - 2011-09-02 14:21 - 000221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2019-10-22 17:53 - 2011-09-02 14:21 - 000081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2019-10-22 17:53 - 2011-09-02 14:21 - 000078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2019-10-22 17:53 - 2011-08-23 17:00 - 000603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2019-10-22 17:53 - 2011-05-31 09:42 - 001756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2019-10-22 17:53 - 2011-05-31 09:42 - 001568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2019-10-22 17:53 - 2011-05-31 09:42 - 001486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2019-10-22 17:53 - 2011-05-31 09:42 - 000728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2019-10-22 17:53 - 2011-05-31 09:42 - 000712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2019-10-22 17:53 - 2011-05-31 09:42 - 000693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2019-10-22 17:53 - 2011-05-31 09:42 - 000491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2019-10-22 17:53 - 2011-05-31 09:42 - 000432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2019-10-22 17:53 - 2011-05-31 09:42 - 000428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2019-10-22 17:53 - 2011-05-31 09:42 - 000242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2019-10-22 17:53 - 2011-05-31 09:42 - 000242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2019-10-22 17:53 - 2011-05-31 09:42 - 000241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2019-10-22 17:53 - 2011-03-17 12:17 - 001361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2019-10-22 17:53 - 2011-03-07 17:11 - 000148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2019-10-22 17:53 - 2010-11-08 07:31 - 000375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2019-10-22 17:53 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2019-10-22 17:53 - 2010-11-08 07:31 - 000310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2019-10-22 17:53 - 2010-11-08 07:31 - 000204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2019-10-22 17:53 - 2010-11-08 07:31 - 000101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2019-10-22 17:53 - 2010-11-08 07:31 - 000078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2019-10-22 17:53 - 2010-11-03 18:30 - 000149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2019-10-22 17:53 - 2010-07-22 16:48 - 000074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2019-10-22 17:53 - 2009-11-24 09:55 - 000518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2019-10-22 17:53 - 2009-11-24 09:55 - 000211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2019-10-22 17:53 - 2009-11-24 09:55 - 000198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2019-10-22 17:53 - 2009-11-24 09:55 - 000155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2019-10-20 18:37 - 2019-10-20 18:37 - 006164184 _____ (Avira Operations GmbH & Co. KG) C:\Users\thuy\Downloads\avira_fr_aps10_3014437527_rw7b02km8usjmp7x6wls_wd.exe
2019-10-20 11:43 - 2019-10-20 11:43 - 005849197 _____ C:\Users\thuy\Documents\Construction bateaux de peche.pdf
2019-10-20 11:41 - 2019-10-20 11:41 - 000000890 _____ C:\Users\thuy\Desktop\Downloads.lnk
2019-10-20 09:48 - 2019-12-13 20:14 - 000004282 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-10-19 18:50 - 2019-10-19 18:50 - 000001860 _____ C:\Users\thuy\Desktop\Bande dessinees - Shortcut.lnk
2019-10-19 18:50 - 2019-10-19 18:50 - 000001800 _____ C:\Users\thuy\Desktop\Agriculture.lnk
2019-10-19 18:50 - 2019-10-19 18:50 - 000001793 _____ C:\Users\thuy\Desktop\Menuiserie.lnk
2019-10-19 18:50 - 2019-10-19 18:50 - 000001793 _____ C:\Users\thuy\Desktop\Apiculture.lnk
2019-10-19 18:50 - 2019-10-19 18:50 - 000001763 _____ C:\Users\thuy\Desktop\Recettes.lnk
2019-10-19 18:50 - 2019-10-19 18:50 - 000001747 _____ C:\Users\thuy\Desktop\Acier.lnk
2019-10-19 18:50 - 2019-10-19 18:50 - 000001736 _____ C:\Users\thuy\Desktop\guitare.lnk
2019-10-19 16:46 - 2019-10-19 16:46 - 000000000 ____D C:\ad4222aa0e9523f43e03e86a13f5
2019-10-19 13:39 - 2019-10-19 13:39 - 000001083 _____ C:\Users\thuy\Desktop\Documents.lnk
2019-10-18 16:52 - 2019-10-18 16:52 - 000000000 ____D C:\Users\thuy\AppData\Roaming\Sun
2019-10-18 13:19 - 2019-10-11 09:22 - 000338944 _____ (Microsoft Corporation) C:\Windows\system32\sipnotify.exe
2019-10-16 10:59 - 2018-11-21 21:34 - 000182824 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo14-1.dll
2019-10-16 10:59 - 2018-11-21 21:33 - 001056808 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2019-10-16 10:59 - 2018-11-21 21:33 - 000553000 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
2019-10-16 10:59 - 2018-11-21 21:33 - 000470568 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2019-10-16 10:59 - 2018-11-21 21:33 - 000234536 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2019-10-16 10:59 - 2018-11-21 21:33 - 000122920 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
2019-10-16 10:59 - 2018-11-21 21:33 - 000053800 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2019-10-15 16:59 - 2019-10-15 16:59 - 000001053 _____ C:\Users\thuy\Music - Shortcut.lnk

==================== Three months (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-10 10:07 - 2016-11-18 16:38 - 000000000 ____D C:\Users\thuy\AppData\LocalLow\Mozilla
2020-01-10 09:57 - 2018-01-20 15:22 - 000007986 _____ C:\Windows\BRRBCOM.INI
2020-01-10 09:44 - 2009-07-14 12:13 - 000772352 _____ C:\Windows\system32\PerfStringBackup.INI
2020-01-10 09:44 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf
2020-01-10 09:42 - 2009-07-14 11:45 - 000033936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-01-10 09:42 - 2009-07-14 11:45 - 000033936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-01-10 09:37 - 2016-03-28 14:36 - 000000000 __SHD C:\Users\thuy\IntelGraphicsProfiles
2020-01-10 09:35 - 2014-02-01 07:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-10 09:35 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-09 15:17 - 2018-05-14 19:01 - 000000000 ____D C:\Users\thuy\Documents\Boulot
2020-01-09 13:13 - 2014-03-05 19:26 - 000000000 ____D C:\Program Files (x86)\Avira
2020-01-09 13:06 - 2009-07-14 11:45 - 000425000 _____ C:\Windows\system32\FNTCACHE.DAT
2020-01-09 12:30 - 2014-03-11 20:09 - 000003062 _____ C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2020-01-09 12:30 - 2014-03-05 19:26 - 000000000 ____D C:\ProgramData\Avira
2020-01-08 11:51 - 2019-07-05 13:46 - 000000000 ____D C:\Users\Public\PrivacyPal Sessions
2020-01-08 11:51 - 2018-02-07 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo
2020-01-08 11:51 - 2017-08-04 17:18 - 000000000 ____D C:\Users\thuy\AppData\Local\LenovoServiceBridge
2020-01-08 11:51 - 2015-04-10 13:51 - 000000000 ____D C:\ProgramData\Package Cache
2020-01-08 11:51 - 2014-02-27 01:08 - 000000000 ____D C:\Users\thuy\AppData\Local\Microsoft Help
2020-01-08 11:51 - 2014-02-01 06:50 - 000000000 ____D C:\Users\thuy\AppData\Roaming\vlc
2020-01-08 11:51 - 2013-11-10 10:09 - 000000000 ____D C:\Windows\System32\Tasks\TVT
2020-01-08 11:51 - 2013-11-10 10:06 - 000000000 ____D C:\swshare
2020-01-08 11:51 - 2013-11-10 10:04 - 000000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2020-01-08 11:51 - 2013-11-10 09:58 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2020-01-08 11:51 - 2013-11-09 17:41 - 000000000 ____D C:\ProgramData\Lenovo
2020-01-08 11:51 - 2009-07-14 12:32 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2020-01-08 11:51 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\system32\NDF
2020-01-08 11:51 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\security
2020-01-08 11:51 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\registration
2020-01-08 11:51 - 2009-07-14 10:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2020-01-06 17:01 - 2014-09-25 00:48 - 000000000 ____D C:\Users\thuy\AppData\Local\ElevatedDiagnostics
2020-01-06 16:09 - 2017-09-13 11:45 - 000002211 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2020-01-06 11:08 - 2019-03-30 13:03 - 000143974 _____ C:\Users\thuy\Documents\Daily accounting 2019.xlsx
2020-01-05 17:10 - 2016-01-12 13:39 - 000007596 _____ C:\Users\thuy\AppData\Local\Resmon.ResmonCfg
2019-12-27 11:28 - 2014-02-01 14:24 - 000000000 ____D C:\Users\thuy\AppData\Local\Lenovo
2019-12-27 11:28 - 2013-11-10 10:01 - 000000000 ____D C:\Program Files (x86)\Lenovo
2019-12-25 15:56 - 2014-03-05 19:27 - 000000000 ____D C:\Users\thuy\AppData\Roaming\Avira
2019-12-24 10:40 - 2017-04-13 20:04 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-12-20 18:55 - 2018-08-06 08:55 - 000000000 ____D C:\Users\thuy\Documents\Excel sheets
2019-12-17 14:15 - 2018-06-14 07:49 - 000000000 ____D C:\Users\thuy\Documents\Diving BKK
2019-12-13 20:14 - 2018-05-21 22:15 - 000004454 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-12-13 20:14 - 2014-02-01 08:21 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-12-13 20:14 - 2014-02-01 08:21 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-12-13 20:14 - 2014-02-01 08:21 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-12-13 20:14 - 2014-02-01 08:21 - 000000000 ____D C:\Windows\system32\Macromed
2019-12-11 12:54 - 2009-07-14 10:20 - 000000000 ____D C:\PerfLogs

==================== Files in the root of some directories =======

2009-02-13 15:02 - 2009-02-13 15:02 - 000080896 ____N (Microsoft Corporation) C:\Program Files\devcon_amd64.exe
2017-04-09 14:57 - 2017-04-09 14:57 - 000133470 _____ () C:\Users\thuy\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
2019-11-25 14:21 - 2019-11-26 18:26 - 000000000 _____ () C:\Users\thuy\AppData\Roaming\MCVi2UserDetail.ini
2015-01-05 16:29 - 2018-05-13 16:42 - 000038972 _____ () C:\Users\thuy\AppData\Roaming\Microsoft Excel 97-2003.ADR
2018-05-13 16:17 - 2018-05-13 16:17 - 000038984 _____ () C:\Users\thuy\AppData\Roaming\Valeurs séparées par une virgule (Windows).ADR
2015-02-18 04:19 - 2015-02-18 04:19 - 000006144 _____ () C:\Users\thuy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-20 02:29 - 2015-12-10 11:57 - 000004096 ____H () C:\Users\thuy\AppData\Local\keyfile3.drm
2019-12-25 16:10 - 2019-12-25 16:10 - 000000000 _____ () C:\Users\thuy\AppData\Local\oobelibMkey.log
2016-01-12 13:39 - 2020-01-05 17:10 - 000007596 _____ () C:\Users\thuy\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2019-08-27 18:29 - 2019-08-27 18:29 - 000546952 _____ (Logitech) C:\Users\thuy\AppData\Local\Temp\LDeviceInstaller.exe
2020-01-06 15:09 - 2018-06-14 05:10 - 000100488 _____ () C:\Users\thuy\AppData\Local\Temp\LMkRstPt.exe
2020-01-06 11:34 - 2019-08-27 18:15 - 000058848 _____ (Logitech Inc.) C:\Users\thuy\AppData\Local\Temp\LogiOptionsfileUninstaller.exe
2019-08-27 18:29 - 2019-08-27 18:29 - 004139656 _____ (Logitech, Inc.) C:\Users\thuy\AppData\Local\Temp\PlugInInstallerUtility.exe
2019-08-27 18:29 - 2019-08-27 18:29 - 002733192 _____ (Logitech, Inc.) C:\Users\thuy\AppData\Local\Temp\PlugInInstallLib.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\SysWOW64\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=E:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
extendedinput Yes
default {current}
resumeobject {76120c15-492a-11e3-8d84-3c970ed65f1c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0
customactions 0x10000ba000001
0x54000001
custom:54000001 {572bcd55-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\tvtos\winpe.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description WinPE
osdevice ramdisk=[boot]\tvtos\winpe.wim,{ramdiskoptions}
systemroot \windows
nx OptIn
bootstatuspolicy IgnoreShutdownFailures
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {6cc5ee45-8b11-11e3-acd6-a4db304607ea}
device ramdisk=[E:]\recovery\windowsre\winre.wim,{6cc5ee46-8b11-11e3-acd6-a4db304607ea}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\recovery\windowsre\winre.wim,{6cc5ee46-8b11-11e3-acd6-a4db304607ea}
systemroot \windows
nx OptIn
bootstatuspolicy IgnoreShutdownFailures
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {6cc5ee45-8b11-11e3-acd6-a4db304607ea}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {76120c15-492a-11e3-8d84-3c970ed65f1c}
nx OptIn

Resume from Hibernate
---------------------
identifier {76120c15-492a-11e3-8d84-3c970ed65f1c}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=E:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
bootstatuspolicy IgnoreShutdownFailures

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
bootstatuspolicy IgnoreShutdownFailures
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {6cc5ee46-8b11-11e3-acd6-a4db304607ea}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Setup Ramdisk Options
---------------------
identifier {ramdiskoptions}
description Ramdisk options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi


LastRegBack: 2018-10-25 07:25

==================== End of FRST.txt ============================