Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.02.2019 01
Ran by thuy (10-01-2020 10:08:26)
Running from C:\Users\thuy\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-02-01 07:21:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2207474609-1572355238-1656547269-500 - Administrator - Disabled)
Guest (S-1-5-21-2207474609-1572355238-1656547269-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2207474609-1572355238-1656547269-1004 - Limited - Enabled)
thuy (S-1-5-21-2207474609-1572355238-1656547269-1001 - Administrator - Enabled) => C:\Users\thuy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.303 - Adobe)
Avira (HKLM-x32\...\{4e6a365c-99da-4552-bea4-b13f55457be4}) (Version: 1.2.141.10870 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{93A3C9E9-C927-43EC-B42F-29C3B5670A2E}) (Version: 1.2.141.10870 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.1912.1683 - Avira Operations GmbH & Co. KG)
Avira Home Guard (HKLM-x32\...\{B44A6ACF-D50A-4CAC-9A8E-246402BDC101}) (Version: 1.1.10.773 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.30.1.28144 - Avira Operations GmbH & Co. KG)
Avira Privacy Pal (HKLM-x32\...\{F2BC8305-DFBE-4C02-A906-9BBD8EE299A3}_is1) (Version: 2.1.0.1934 - Avira Operations GmbH & Co. KG)
Brother MFL-Pro Suite DCP-T500W (HKLM-x32\...\{BA07A125-6AC7-4293-89D6-391676FFD041}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Complément Office 2007 - Microsoft Enregistrer en tant que PDF ou XPS (Beta) (HKLM-x32\...\{30120000-00B2-040C-0000-0000000FF1CE}) (Version: 12.0.4407.1005 - Microsoft Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
CrystalDiskInfo 8.3.2 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.3.2 - Crystal Dew World)
DicoThai (HKLM-x32\...\{F24CED0F-FA4B-48C6-B0D5-313EE02AEF6F}) (Version: 1.20 - Degnau)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
DSAT Gas Mix Calculator (HKLM-x32\...\DSAT Gas Mix Calculator) (Version: - )
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Gestionnaire d'alimentation (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.15 - Lenovo Group Limited)
Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41900) (Version: 3.8.0.41900.72 - Intel)
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
Lenovo Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.82.00.20 - Lenovo)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.21 - Lenovo)
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.23.0 - Lenovo)
Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.86.25 - Lenovo)
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{C6FB6B4A-1378-4CD3-9CD3-42BA69FCBD43}) (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{053ACA98-6B07-4DD0-9DB3-F51E3EB1780C}) (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo Service Bridge (HKU\S-1-5-21-2207474609-1572355238-1656547269-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.0.4 - Lenovo)
Lenovo Solution Center (HKLM\...\{5E35CA26-A9A2-47B8-AB52-8D0C9A3CA685}) (Version: 03.12.003 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0072 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
LINE (HKU\S-1-5-21-2207474609-1572355238-1656547269-1001\...\LINE) (Version: 5.21.2.2077 - LINE Corporation)
Logitech SetPoint 6.69 (HKLM\...\sp6) (Version: 6.69.126 - Logitech)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version: - Microsoft)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{51EFB347-1F3D-4BAC-8B79-F056B904FE21}) (Version: - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version: - Microsoft)
Mise à jour Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version: - Microsoft)
Mozilla Firefox 69.0.3 (x64 fr) (HKLM\...\Mozilla Firefox 69.0.3 (x64 fr)) (Version: 69.0.3 - Mozilla)
Mozilla Firefox 72.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 72.0.1 (x64 en-US)) (Version: 72.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 71.0 - Mozilla)
RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{BDB3E73F-5ECA-441D-96E1-F1CFCF3D427D}) (Version: 4.52.0005.00 - Lenovo Group Limited)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.54 (HKLM-x32\...\Skype_is1) (Version: 8.54 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.)
sysTPL (HKLM-x32\...\{4B74BC31-B353-4B8F-8CBE-DAB4FF326FF1}) (Version: 1.4.1.2 - Tlapia) <==== ATTENTION
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.24 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.26.88 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage Password Manager (HKLM\...\{23520BCC-F76C-4287-87E1-0545EDF6FE96}) (Version: 4.00.0026.00 - Lenovo Group Limited)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel)
Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
WinPcap for Avira 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Domotz, Inc)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2207474609-1572355238-1656547269-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2207474609-1572355238-1656547269-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2207474609-1572355238-1656547269-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => -> No File
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-11-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2019-11-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-28] (win.rar GmbH -> Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0988D695-E5CB-4B10-B777-AFCA6B870093} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {119AAE94-3CE3-4491-9E26-2CE0B411820F} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {267C6BEE-51CE-4A68-9F97-B16C732CFDB0} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work => C:\Windows\SYSTEM32\WorkFoldersSystemTray.exe (Microsoft Windows -> Microsoft Corporation)
Task: {2779C59F-B947-440E-B9D1-F63C18E2C527} - \AdobeGCInvoker-1.0-THINK-thuy -> No File <==== ATTENTION
Task: {2AAC58CA-7EF6-46D2-8667-366258085D1F} - System32\Tasks\{42E211D0-151C-4105-B233-85D45513F610} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.18.85.111/fr/go/help.faq.installer?LastError=1603
Task: {2BAE5ACE-BD22-4DA0-8FE8-34BAE6BFEAE2} - System32\Tasks\AdobeAAMUpdater-1.0-THINK-thuy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {2D7A33FB-70D5-4146-9CE6-A50CEAF54686} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Inc. -> Adobe Systems)
Task: {2DE070CD-20BA-440B-AD3A-B618C4995D67} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe (Lenovo -> )
Task: {2DFA6616-06A7-4953-99AB-164549EABCCA} - System32\Tasks\{07C18A49-EA5B-4567-A588-F1FE4EEB35FC} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.18.0.111/fr/go/help.faq.installer?LastError=1603
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {31BE022E-88F6-438A-8408-B36C44BF0084} - System32\Tasks\Lenovo\LSC\RebootCountTask => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: {32D913F4-6EA1-41EB-BC8B-CFF251F16292} - System32\Tasks\Ivanti\PatchSDK\Deployments\LaunchSTDeployForPostBootActions (166faa43-f2b7-429a-9483-50c8ff143a94) => C:\ProgramData\Avira\SoftwareUpdater\TempRepository\Installations\InstallationSandbox#2019-10-22-T-10-25-09\STDeploy.exe
Task: {36926C6A-E1BF-488F-8AF4-42B4FEBA2250} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {426F72A7-397E-4C5C-AEEC-B97C9CF58724} - System32\Tasks\{68F34486-C453-4AC6-B18D-51779862CA53} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.12.0.101.375/fr/go/help.faq.installer?LastError=1603
Task: {4603F58C-DCA6-47A0-B8A5-A4B5E94F6341} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2207474609-1572355238-1656547269-1001 => C:\Users\thuy\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {4CD6E3E1-E988-44B5-8BAC-37CA46EC2D8D} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe
Task: {4CF709CC-6D2D-437B-993D-984600DE347E} - System32\Tasks\Intel\Intel Service Manager => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel® Services Manager -> Intel Corporation)
Task: {5B4E1C2B-0F43-467F-9AAE-06542A41AD07} - System32\Tasks\TVT\LaunchRnR => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Limited Group Corporation)
Task: {697E6F00-26E2-4546-9FA3-A3829E5C905F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {6E230190-77CB-4A36-B98B-13D890D7E662} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe (Lenovo -> Lenovo Group Limited)
Task: {6EDD8989-9039-49DE-A682-BD83F5B71A64} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe (LENOVO -> Lenovo)
Task: {7E059AE5-9B0B-4AF9-9AEE-CEC745114453} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe (Lenovo -> )
Task: {7E78365C-4B77-4E7D-BD08-2F5817824BDC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Inc. -> Adobe)
Task: {80B37E62-FA7B-417D-8054-BA8094281896} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2207474609-1572355238-1656547269-1001
Task: {8E17D882-CC40-4D5D-AA8F-7A9FF1AC5A5B} - System32\Tasks\{731E5DBD-7A52-412F-A08B-6D29450AD31C} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.10.80.101/fr/go/help.faq.installer?LastError=1603
Task: {8E620025-7572-48F4-AC9E-EAE6C323C257} - System32\Tasks\{A028C4C2-46AC-44B8-91F4-E011C4E81898} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.13.0.101&LastError=12002
Task: {8E74D1FD-5CBF-4007-8ACF-CCA27BFD56DB} - System32\Tasks\TVT\UpdateRnR => C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsetsched.exe () [File not signed]
Task: {8FA87117-DF9A-445F-AE68-28643CA87E05} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {8FCF5F9F-CB36-4936-BB7D-977CF265E43E} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe (Lenovo -> Lenovo)
Task: {97D643DB-9151-4F60-AB9F-3AEEAA135FF6} - System32\Tasks\TVT\ChangePWD => C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrcmd.exe (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Limited Group Corporation)
Task: {99BFBE1C-77E6-46B1-B269-0BE735518FB6} - System32\Tasks\Lenovo\LSC\Time72Task => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: {9A0188D2-B8FD-42E2-A995-4DDA01AB62C8} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Lenovo -> Lenovo)
Task: {A7906463-11D3-4161-8FF1-2EA211D21C1D} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_303_Plugin.exe (Adobe Inc. -> Adobe)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B4322232-62D6-4CF2-B514-AA311BFDC5ED} - System32\Tasks\{47FA78B6-9107-4138-A902-704F5BFFDDFB} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.12.0.101.375/fr/go/help.faq.installer?LastError=1603
Task: {B479D6CC-8621-49CD-AEF1-42BBCF7FA71D} - System32\Tasks\{10CE213E-20FA-4531-B812-2DC6CF2DF0EA} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.17.0.105/fr/go/help.faq.installer?LastError=1603
Task: {BD4E2776-8383-426B-ADD0-540412E7C66A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe (LENOVO -> Lenovo)
Task: {C1E76529-9751-46AD-B9BC-03D6B9A59A5D} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {C58D7B41-4180-42E3-8D59-3EC36CFAA9A5} - System32\Tasks\{3909D608-F0DF-4F48-8C4E-72106E321FA4} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.12.0.101.375/fr/go/help.faq.installer?LastError=1603
Task: {CC847FD3-603B-4DAF-B546-53BD36BBD284} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {DD92BD38-F7D2-42B8-9FF1-C95FF0839C1D} - System32\Tasks\{9B9F8D02-4820-4444-ADD0-C5EC35D90AE3} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.32.0.104.375/fr/abandoninstall?page=tsProgressBar
Task: {E734A22E-985D-416F-8117-5CBA1E4D10F4} - System32\Tasks\{91F75C40-0D30-423B-B3F7-758F80C9176C} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.10.0.101.375/fr/go/help.faq.installer?LastError=1603
Task: {F34DB813-A46C-4EB5-9E31-8D51E3D91EB3} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe () [File not signed]
Task: {F9B2EF82-BA8B-4207-B308-8B0BF70BAE32} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe (Lenovo -> )
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) ==============

2013-11-10 10:05 - 2018-05-16 06:08 - 000113960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2019-10-22 17:53 - 2012-03-21 11:05 - 000051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2018-01-20 15:21 - 2015-04-21 16:48 - 000143360 ____R () C:\Windows\system32\BrSNMP64.dll
2020-01-06 16:22 - 2018-03-26 18:16 - 000027976 _____ () C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
2019-10-24 13:25 - 2019-07-05 00:13 - 001387128 _____ () C:\Program Files (x86)\Avira\Antivirus\crypto-45.dll
2019-10-24 13:25 - 2019-07-05 00:13 - 000330992 _____ () C:\Program Files (x86)\Avira\Antivirus\ssl-47.dll
2019-02-25 13:33 - 2019-02-25 13:33 - 003663872 _____ () C:\Program Files (x86)\Avira\Home Guard\FingKit\overlook.dll
2018-12-05 17:01 - 2018-12-05 17:01 - 000037376 _____ () C:\Program Files (x86)\Avira\Home Guard\FingKit\boost_iostreams-vc90-mt-1_58.dll
2018-12-05 17:01 - 2018-12-05 17:01 - 000059904 _____ () C:\Program Files (x86)\Avira\Home Guard\FingKit\zlib1.dll
2018-12-05 17:01 - 2018-12-05 17:01 - 001016320 _____ () C:\Program Files (x86)\Avira\Home Guard\FingKit\libprotobuf.dll
2018-12-05 17:01 - 2018-12-05 17:01 - 000412160 _____ () C:\Program Files (x86)\Avira\Home Guard\FingKit\netsnmp.dll
2018-12-05 17:01 - 2018-12-05 17:01 - 000086016 _____ () C:\Program Files (x86)\Avira\Home Guard\FingKit\boost_thread-vc90-mt-1_58.dll
2018-12-05 17:01 - 2018-12-05 17:01 - 000012800 _____ () C:\Program Files (x86)\Avira\Home Guard\FingKit\boost_system-vc90-mt-1_58.dll
2018-12-05 17:01 - 2018-12-05 17:01 - 000022528 _____ () C:\Program Files (x86)\Avira\Home Guard\FingKit\boost_chrono-vc90-mt-1_58.dll
2018-12-05 17:01 - 2018-12-05 17:01 - 000041984 _____ () C:\Program Files (x86)\Avira\Home Guard\FingKit\boost_date_time-vc90-mt-1_58.dll
2018-12-05 17:01 - 2018-12-05 17:01 - 000098304 _____ () C:\Program Files (x86)\Avira\Home Guard\FingKit\boost_filesystem-vc90-mt-1_58.dll
2018-12-05 17:01 - 2018-12-05 17:01 - 000360960 _____ () C:\Program Files (x86)\Avira\Home Guard\FingKit\boost_locale-vc90-mt-1_58.dll
2019-12-17 21:36 - 2019-12-17 21:36 - 000167312 _____ () C:\Program Files (x86)\Avira\VPN\OpenVpn\lzo2.dll
2019-12-17 21:36 - 2019-12-17 21:36 - 000168904 _____ () C:\Program Files (x86)\Avira\VPN\OpenVpn\libpkcs11-helper-1.dll
2015-08-14 02:17 - 2015-08-14 02:17 - 001243936 ____N () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-07-18 00:30 - 2017-07-18 00:30 - 000863744 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Temp:FCA8C9CD [116]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2009-06-11 04:00 - 000000824 ____N C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\PROGRAMDATA\ORACLE\JAVA\JAVAPATH;C:\PROGRAM FILES (X86)\INTEL\ICLS CLIENT\;C:\PROGRAM FILES\INTEL\ICLS CLIENT\;%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;;C:\PROGRAM FILES\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\DAL;C:\PROGRAM FILES\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\IPT;C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\DAL;C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\IPT;C:\SWTOOLS\READYAPPS;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO;C:\PROGRAM FILES (X86)\LENOVO\ACCESS CONNECTIONS\;C:\PROGRAM FILES (X86)\SKYPE\PHONE\;C:\PROGRAM FILES\INTEL\WIFI\BIN\;C:\PROGRAM FILES\COMMON FILES\INTEL\WIRELESSCOMMON\;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\3.0\BIN\X86;C:\PROGRAM FILES (X86)\INTEL\OPENCL SDK\3.0\BIN\X64;C:\PROGRAM FILES (X86)\COMMON FILES\LENOVO\EASYPLUSSDK\BIN;C:\Program Files\ThinkPad\Bluetooth Software\;C:\Program Files\ThinkPad\Bluetooth Software\syswow64
HKU\S-1-5-21-2207474609-1572355238-1656547269-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\thuy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 185.123.227.250 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: DozeSvc => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power Manager DBC Service => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: ShareItSvc => 3
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TVT Backup Service => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wudfsvc => 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{1A63F5EC-E1C0-430D-B014-7B791E9240C8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{3A1A4AA7-83CE-4920-8E59-A4B591A78BF9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4CBCBD7E-C235-4990-BB25-705C3261380C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{52EB98BA-1D10-42DC-99A5-1A81D2978FCB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{10D30D24-2F3F-4143-BBEE-8DCD4C7AD267}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AB7E737E-8746-46C3-BB14-CDE15FE087BD}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [{B3A9414A-435D-4088-BFE2-0BF7C04CBFDC}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [TCP Query User{55570303-D002-4A79-B149-AF1C87F0D019}C:\program files\intel corporation\intel widi\widiapp.exe] => (Block) C:\program files\intel corporation\intel widi\widiapp.exe (Intel Corporation -> Intel Corporation)
FirewallRules: [UDP Query User{7B6CAE3C-AEFF-4DF9-B562-B254A2AF743E}C:\program files\intel corporation\intel widi\widiapp.exe] => (Block) C:\program files\intel corporation\intel widi\widiapp.exe (Intel Corporation -> Intel Corporation)
FirewallRules: [{9BD4D80C-F272-4C67-B138-612FF942D36C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{691737FF-8B15-4C02-AA01-AF7433DB3AA8}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [{FF9EDEAD-17F6-4A64-8B71-05B5E70A5D37}] => (Allow) C:\Program Files (x86)\SHAREit\SHAREit\SHAREit.exe (LENOVO -> SHAREit Technologies Co.Ltd)
FirewallRules: [{EA21632A-5520-4542-B11B-AD34E8F1145A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{102727DA-4E5C-458B-B3C6-D755DB328315}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3C8ECE86-F90B-4082-B535-6084E5207E26}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{8EFD0B95-2EA5-4796-B17D-507BB19302E7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{F1415102-5BBC-4E9F-B43D-298875C24F0F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{5E6C669C-9CD7-496A-BC9F-FCAE47AF61F2}] => (Allow) C:\Program Files (x86)\Avira\Home Guard\Avira.HomeGuard.Service.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG;)
FirewallRules: [{7CB7FD5F-C1FF-4A5E-AEFA-1A6E2A7B2833}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{81A3E2BC-3E64-472C-A1FB-B1D1E108C8CC}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{76B9809C-DE9E-4858-BE3B-C23A9D7BE3E3}] => (Allow) C:\Users\thuy\AppData\Local\LINE\bin\5.20.2.2045\LINE.exe No File
FirewallRules: [{3A810ACE-952D-4DB0-9A31-743103620500}] => (Allow) C:\Users\thuy\AppData\Local\LINE\bin\5.20.2.2045\LINE.exe No File
FirewallRules: [{DEF8776E-A96E-4EF9-ADF2-110E6A5D36F6}] => (Allow) C:\Users\thuy\AppData\Local\LINE\bin\5.20.2.2045\LineUpdater.exe No File
FirewallRules: [{DF680CC7-E1B5-48BC-84DC-2E9579CC76F3}] => (Allow) C:\Users\thuy\AppData\Local\LINE\bin\5.20.2.2045\LineUpdater.exe No File
FirewallRules: [{8C60A023-F26A-4C6D-BB75-3990FA4B726F}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe No File
FirewallRules: [{54855659-A602-4BF1-ACE5-4BC680F87A1D}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe No File
FirewallRules: [{F704A6DD-7E8E-4FB3-B9DF-CA5ADA1F33FC}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe No File
FirewallRules: [{5E827900-85BA-41A1-B9CF-3E472CE5815B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{FFE6BC72-E857-4C97-AD15-EBAFAD31FB53}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [TCP Query User{3C129E54-954B-4098-BE6B-3FE4C834FF50}C:\programdata\logishrd\logioptions\software\8.0.863\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\8.0.863\logioptionsmgr.exe No File
FirewallRules: [UDP Query User{0FDECBA6-035A-4BBD-B24C-E6CB472C14E5}C:\programdata\logishrd\logioptions\software\8.0.863\logioptionsmgr.exe] => (Allow) C:\programdata\logishrd\logioptions\software\8.0.863\logioptionsmgr.exe No File
FirewallRules: [{5D6DD76C-2087-40C6-86D3-0723E08EA17B}] => (Block) C:\programdata\logishrd\logioptions\software\8.0.863\logioptionsmgr.exe No File
FirewallRules: [{2F092509-8695-4067-99F8-30C52313B819}] => (Block) C:\programdata\logishrd\logioptions\software\8.0.863\logioptionsmgr.exe No File

==================== Restore Points =========================

08-01-2020 11:49:24 Restore Operation
08-01-2020 17:38:03 Device Driver Package Install: Phantom TAP-Windows Provider V9 Network adapters
09-01-2020 12:55:56 Windows Update
09-01-2020 13:02:18 Windows Update

==================== Faulty Device Manager Devices =============

Name: TouchChip Fingerprint Coprocessor (WBF advanced mode)
Description: TouchChip Fingerprint Coprocessor (WBF advanced mode)
Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}
Manufacturer: AuthenTec
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2020 09:37:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/09/2020 01:12:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/09/2020 01:08:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/09/2020 01:04:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchProtocolHost.exe, version: 7.0.7601.23930, time stamp: 0x59deb992
Faulting module name: SHELL32.dll, version: 6.1.7601.23893, time stamp: 0x5993136a
Exception code: 0xc0000005
Fault offset: 0x0000000000209482
Faulting process id: 0x878
Faulting application start time: 0x01d5c6b27b10be4e
Faulting application path: C:\Windows\system32\SearchProtocolHost.exe
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: d86676b3-32a5-11ea-98b7-3c970ed65f1c

Error: (01/09/2020 10:12:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/08/2020 05:37:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/08/2020 04:26:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Avira.SystemSpeedup.Maintenance.exe, version: 6.3.0.10788, time stamp: 0x5d9f2b9a
Faulting module name: clr.dll, version: 4.7.2661.0, time stamp: 0x5ac79765
Exception code: 0xc0000409
Fault offset: 0x002f83fa
Faulting process id: 0x2944
Faulting application start time: 0x01d5c605a4dda6e7
Faulting application path: C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Report Id: e446e5b0-31f8-11ea-90d8-3c970ed65f1c

Error: (01/08/2020 11:54:39 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.


System errors:
=============
Error: (01/10/2020 09:38:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2020 09:37:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2020 09:37:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Windows Driver Foundation - User-mode Driver Framework service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/10/2020 09:37:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Windows Driver Foundation - User-mode Driver Framework service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/10/2020 09:37:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CAM Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/10/2020 09:35:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Windows Driver Foundation - User-mode Driver Framework service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/10/2020 09:35:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SMI Helper Driver (smihlp2) service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/09/2020 01:39:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Mozilla Maintenance Service service terminated with the following error:
Incorrect function.


Windows Defender:
===================================
Date: 2019-10-24 13:09:20.567
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:
Previous Engine Version:
Error code:0x80070002
Error description:The system cannot find the file specified.

Date: 2019-10-24 13:04:20.484
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:
Previous Engine Version:
Error code:0x80070002
Error description:The system cannot find the file specified.

Date: 2019-10-24 13:00:11.167
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

Date: 2019-10-24 13:00:11.167
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:Signature Update Folder
Signature Type:AntiSpyware
Update Type:Delta
Current Engine Version:
Previous Engine Version:
Error code:0x80070002
Error description:The system cannot find the file specified.

Date: 2015-09-03 14:13:18.273
Description:
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x80070002
Error description:The system cannot find the file specified.
Signature version:0.0.0.0
Engine version:0.0.0.0

CodeIntegrity:
===================================

Date: 2019-12-02 10:31:19.353
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-12-02 10:31:19.011
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-12-02 10:31:18.636
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-11-24 16:29:02.972
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-11-24 16:29:02.413
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-11-24 16:29:01.927
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-11-24 16:15:32.262
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2019-11-24 16:15:31.105
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
Percentage of memory in use: 95%
Total physical RAM: 3791.79 MB
Available physical RAM: 180.77 MB
Total Virtual: 7581.73 MB
Available Virtual: 3488.72 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:159.21 GB) (Free:32.41 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (SYSTEM_DRV) (Fixed) (Total:1.46 GB) (Free:0.65 GB) NTFS ==>[system with boot components (obtained from drive)]


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 167.7 GB) (Disk ID: 84F8BDDA)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=159.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7 GB) - (Type=84)

==================== End of Addition.txt ============================