Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-03-2019
Ran by LFS Hyper & EFM (administrator) on DESKTOP-UJ4L4QK (08-03-2019 10:16:20)
Running from C:\Users\LFS Hyper & EFM\Desktop
Loaded Profiles: LFS Hyper & EFM (Available Profiles: LFS Hyper & EFM)
Platform: Microsoft Windows 10 Pro Insider Preview Version 1703 16353.1000 (X86) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Microsoft Corporation C:\Windows\System32\smss.exe
Microsoft Corporation C:\Windows\System32\csrss.exe
Microsoft Corporation C:\Windows\System32\wininit.exe
Microsoft Corporation C:\Windows\System32\csrss.exe
Microsoft Corporation C:\Windows\System32\winlogon.exe
Microsoft Corporation C:\Windows\System32\services.exe
Microsoft Corporation C:\Windows\System32\lsass.exe
Microsoft Corporation C:\Windows\System32\dwm.exe
Microsoft Corporation C:\Windows\System32\WUDFHost.exe
Microsoft Corporation C:\Windows\System32\XtaCache.exe
Microsoft Corporation C:\Windows\System32\spoolsv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
Microsoft Corporation C:\Windows\System32\SecurityHealthService.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
Microsoft Corporation C:\Windows\System32\sihost.exe
Microsoft Corporation C:\Windows\System32\taskhostw.exe
(Glarysoft LTD -> Glarysoft Ltd) C:\Program Files (x86)\Glarysoft\Software Update Pro\SoftwareUpdatePro.exe
Microsoft Corporation C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Verbatim) [File not signed] C:\Windows\Temp\SecurePro.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\Shared files\VMXPLXShare\Service\VMXPLXService.exe
Microsoft Corporation C:\Windows\System32\dasHost.exe
Microsoft Corporation C:\Windows\System32\ApplicationFrameHost.exe
Microsoft Corporation C:\Windows\System32\RuntimeBroker.exe
Microsoft Corporation C:\Windows\System32\RuntimeBroker.exe
Failed to access process -> MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysArm32\WerFault.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.596.0_arm__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\349153ccea74659a72f72a4aa35a9866\WindowsUpdateBox.exe
Microsoft Corporation C:\Windows\System32\CompatTelRunner.exe
Microsoft Corporation C:\Windows\System32\conhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\LFS Hyper & EFM\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\$WINDOWS.~BT\Sources\setuphost.exe
Microsoft Corporation C:\Windows\System32\RuntimeBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VMXPLXService] => C:\Program Files (x86)\CyberLink\Shared files\VMXPLXShare\Service\VMXPLXService.exe [229144 2016-05-27] (CyberLink Corp. -> CyberLink Corp.)
HKLM\...\Winlogon: [Userinit] <==== ATTENTION
HKLM\...\Winlogon: [Shell] C:\Windows\system32\explorer.exe [3470360 2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\InprocServer32: [Default-wbemess] <==== ATTENTION
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [20488312 2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [20488312 2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2386456517-1555999374-3366907636-1004\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\LFS Hyper & EFM\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2386456517-1555999374-3366907636-1004\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\LFS Hyper & EFM\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2386456517-1555999374-3366907636-1004\...\MountPoints2: {284b2d60-19ab-11e9-880e-00800f117000} - "D:\SecurePro.exe"
HKLM\...\Providers\Internet Print Provider: inetpp.dll
HKLM\...\Providers\LanMan Print Services: win32spl.dll
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codeca.acm [70144 2017-08-26] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\mscories.dll [2017-08-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{48B4E58D-2791-456C-9091-D524C6C706F2}] -> C:\Windows\SysWOW64\devicengccredprov.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{D6886603-9D2F-4EB2-B667-1971041FA96B}] -> C:\Windows\SysWOW64\ngccredprov.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{0E28E245-9368-4853-AD84-6DA3BA35BB75}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{17D89FEC-5C44-4972-B12D-241CAEF74509}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{1A6364EB-776B-4120-ADE1-B63A406A76B5}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{2A8FDC61-2347-4C87-92F6-B05EB91A201A}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{42B5FAAE-6536-11d2-AE5A-0000F87571E3}] -> C:\Windows\SysWOW64\gpscript.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4B7C3B0F-E993-4E06-A241-3FBE06943684}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] -> C:\Windows\SysWOW64\iedkcs32.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{5794DAFD-BE60-433f-88A2-1A31939AC01F}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{6232C319-91AC-4931-9385-E70C2B099F0E}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{728EE579-943C-4519-9EF7-AB56765798ED}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{74EE6C03-5363-4554-B161-627540339CAB}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{7B849a69-220F-451E-B3FE-2CB811AF94AE}] -> C:\Windows\SysWOW64\iedkcs32.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{91FBB303-0CD5-4055-BF42-E512A681B325}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{A3F3E39B-5D83-4940-B954-28315B82F0A8}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{AADCED64-746C-4633-A97C-D61349046527}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{B087BE9D-ED37-454f-AF9C-04291E351182}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}] -> C:\Windows\SysWOW64\iedkcs32.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{E5094040-C46C-4115-B030-04FB2E545B00}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{F9C77450-3A41-477E-9310-9ACD617BD9E3}] -> C:\Windows\SysWOW64\gpprefcl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
ShellServiceObjects: WebCheck -> {EF4D1E1A-1C87-4AA8-8934-E68E4367468D} => C:\Windows\SysWOW64\shdocvw.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
ShellServiceObjects: Bluetooth Authentication Agent SSO -> {F08C5AC2-E722-4116-ADB7-CE41B527994B} => C:\Windows\SysWOW64\bthprops.cpl [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Startup: C:\Users\LFS Hyper & EFM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecurePro.lnk [2019-03-08]
ShortcutTarget: SecurePro.lnk -> C:\Windows\Temp\SecurePro.exe (Verbatim) [File not signed]

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{474ed7e0-93b9-48ed-a459-551c8d609e6f}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
URLSearchHook: HKU\S-1-5-21-2386456517-1555999374-3366907636-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Windows -> Microsoft Corporation)
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2017-08-26] (Microsoft Windows -> Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2017-08-26] (Microsoft Windows -> Microsoft Corporation)
S3 PrintNotify; C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_arm64_7d4e6ab36c1cf9d9\arm64\PrintConfig.dll [3116544 2017-08-26] (Microsoft Windows -> Microsoft Corporation)
S3 AJRouter; %SystemRoot%\System32\AJRouter.dll [X]
S3 ALG; %SystemRoot%\System32\alg.exe [X]
S3 AppIDSvc; %SystemRoot%\System32\appidsvc.dll [X]
R3 Appinfo; %SystemRoot%\System32\appinfo.dll [X]
S3 AppReadiness; %SystemRoot%\system32\AppReadiness.dll [X]
R3 AppXSvc; %SystemRoot%\system32\appxdeploymentserver.dll [X]
S3 AssignedAccessManagerSvc; %SystemRoot%\System32\assignedaccessmanagersvc.dll [X]
R2 AudioEndpointBuilder; %SystemRoot%\System32\AudioEndpointBuilder.dll [X]
R2 Audiosrv; %SystemRoot%\System32\Audiosrv.dll [X]
S3 AxInstSV; %SystemRoot%\System32\AxInstSV.dll [X]
S3 BDESVC; %SystemRoot%\System32\bdesvc.dll [X]
R2 BFE; %SystemRoot%\System32\bfe.dll [X]
S3 BITS; %SystemRoot%\System32\qmgr.dll [X]
R2 BrokerInfrastructure; %SystemRoot%\System32\bisrv.dll [X]
S4 Browser; %SystemRoot%\System32\browser.dll [X]
S3 BthHFSrv; %SystemRoot%\System32\BthHFSrv.dll [X]
S3 bthserv; %SystemRoot%\system32\bthserv.dll [X]
S3 camsvc; %SystemRoot%\system32\CapabilityAccessManager.dll [X]
R2 CDPSvc; %SystemRoot%\System32\CDPSvc.dll [X]
S2 CDPUserSvc; %SystemRoot%\System32\CDPUserSvc.dll [X]
S3 CertPropSvc; %SystemRoot%\System32\certprop.dll [X]
S3 ClipSVC; %SystemRoot%\System32\ClipSVC.dll [X]
R2 CryptSvc; %SystemRoot%\system32\cryptsvc.dll [X]
S3 CscService; %SystemRoot%\System32\cscsvc.dll [X]
R2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S3 defragsvc; %Systemroot%\System32\defragsvc.dll [X]
R2 DeviceAssociationService; %SystemRoot%\system32\das.dll [X]
R3 DeviceInstall; %SystemRoot%\system32\umpnpmgr.dll [X]
S3 DevicesFlowUserSvc; %SystemRoot%\System32\DevicesFlowBroker.dll [X]
S3 DevQueryBroker; %SystemRoot%\system32\DevQueryBroker.dll [X]
S3 diagnosticshub.standardcollector.service; %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [X]
R2 DiagTrack; %SystemRoot%\system32\diagtrack.dll [X]
S3 dmwappushservice; %SystemRoot%\system32\dmwappushsvc.dll [X]
R2 Dnscache; %SystemRoot%\System32\dnsrslvr.dll [X]
R2 DoSvc; %SystemRoot%\system32\dosvc.dll [X]
S3 dot3svc; %SystemRoot%\System32\dot3svc.dll [X]
R2 DPS; %SystemRoot%\system32\dps.dll [X]
S3 DsmSvc; %SystemRoot%\System32\DeviceSetupManager.dll [X]
S3 DsSvc; %SystemRoot%\System32\DsSvc.dll [X]
R2 DusmSvc; %SystemRoot%\System32\dusmsvc.dll [X]
S3 EapHost; %SystemRoot%\System32\eapsvc.dll [X]
S3 EFS; %SystemRoot%\system32\efssvc.dll [X]
S3 embeddedmode; %SystemRoot%\System32\embeddedmodesvc.dll [X]
S3 EntAppSvc; %SystemRoot%\system32\EnterpriseAppMgmtSvc.dll [X]
R2 EventLog; %SystemRoot%\System32\wevtsvc.dll [X]
R3 fdPHost; %SystemRoot%\system32\fdPHost.dll [X]
R3 FDResPub; %SystemRoot%\system32\fdrespub.dll [X]
R2 FontCache; %SystemRoot%\system32\FntCache.dll [X]
S3 FrameServer; %SystemRoot%\system32\FrameServer.dll [X]
S2 gpsvc; %SystemRoot%\System32\gpsvc.dll [X]
S3 GraphicsPerfSvc; %SystemRoot%\System32\GraphicsPerfSvc.dll [X]
S3 HomeGroupListener; %SystemRoot%\system32\ListSvc.dll [X]
S3 icssvc; %SystemRoot%\System32\tetheringservice.dll [X]
S3 IKEEXT; %SystemRoot%\System32\ikeext.dll [X]
R2 iphlpsvc; %SystemRoot%\System32\iphlpsvc.dll [X]
S3 IpxlatCfgSvc; %SystemRoot%\System32\IpxlatCfg.dll [X]
S3 KtmRm; %systemroot%\system32\msdtckrm.dll [X]
R2 LanmanServer; %SystemRoot%\system32\srvsvc.dll [X]
R2 LanmanWorkstation; %SystemRoot%\System32\wkssvc.dll [X]
R3 lfsvc; %SystemRoot%\System32\lfsvc.dll [X]
R3 LicenseManager; %SystemRoot%\system32\LicenseManagerSvc.dll [X]
S3 lltdsvc; %SystemRoot%\System32\lltdsvc.dll [X]
R3 lmhosts; %SystemRoot%\System32\lmhsvc.dll [X]
R2 LSM; %SystemRoot%\System32\lsm.dll [X]
S2 MapsBroker; %SystemRoot%\System32\moshost.dll [X]
S3 MessagingService; %SystemRoot%\System32\MessagingService.dll [X]
R2 MpsSvc; %SystemRoot%\system32\mpssvc.dll [X]
S3 MSDTC; %SystemRoot%\System32\msdtc.exe [X]
S3 NaturalAuthentication; %SystemRoot%\System32\NaturalAuth.dll [X]
S3 NcaSvc; %SystemRoot%\System32\ncasvc.dll [X]
R3 NcbService; %SystemRoot%\System32\ncbservice.dll [X]
R3 NcdAutoSetup; %SystemRoot%\System32\NcdAutoSetup.dll [X]
S3 Netman; %SystemRoot%\System32\netman.dll [X]
R3 netprofm; %SystemRoot%\System32\netprofmsvc.dll [X]
S3 NetSetupSvc; %SystemRoot%\System32\NetSetupSvc.dll [X]
S3 NgcCtnrSvc; %SystemRoot%\System32\NgcCtnrSvc.dll [X]
S3 NgcSvc; %SystemRoot%\system32\ngcsvc.dll [X]
R2 NlaSvc; %SystemRoot%\System32\nlasvc.dll [X]
R2 nsi; %systemroot%\system32\nsisvc.dll [X]
S2 OneSyncSvc; %SystemRoot%\System32\APHostService.dll [X]
S3 p2pimsvc; %SystemRoot%\system32\pnrpsvc.dll [X]
S3 p2psvc; %SystemRoot%\system32\p2psvc.dll [X]
R3 PcaSvc; %SystemRoot%\System32\pcasvc.dll [X]
S3 PeerDistSvc; %SystemRoot%\system32\peerdistsvc.dll [X]
S3 PhoneSvc; %SystemRoot%\System32\PhoneService.dll [X]
S3 PimIndexMaintenanceSvc; %SystemRoot%\System32\PimIndexMaintenance.dll [X]
S3 PNRPAutoReg; %SystemRoot%\system32\pnrpauto.dll [X]
S3 PNRPsvc; %SystemRoot%\system32\pnrpsvc.dll [X]
S3 PolicyAgent; %SystemRoot%\System32\ipsecsvc.dll [X]
R2 Power; %SystemRoot%\system32\umpo.dll [X]
R2 ProfSvc; %systemroot%\system32\profsvc.dll [X]
S2 PushToInstall; %SystemRoot%\system32\PushToInstall.dll [X]
S3 RasAuto; %SystemRoot%\System32\rasauto.dll [X]
R2 RasMan; %SystemRoot%\System32\rasmans.dll [X]
S4 RemoteRegistry; %SystemRoot%\system32\regsvc.dll [X]
S3 RetailDemo; %SystemRoot%\system32\RDXService.dll [X]
S3 RmSvc; %SystemRoot%\System32\RMapi.dll [X]
R2 RpcEptMapper; %SystemRoot%\System32\RpcEpMap.dll [X]
S3 RpcLocator; %SystemRoot%\system32\locator.exe [X]
R2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]
R2 SamSs; %SystemRoot%\system32\lsass.exe [X]
S4 SCardSvr; %SystemRoot%\System32\SCardSvr.dll [X]
S3 ScDeviceEnum; %SystemRoot%\System32\ScDeviceEnum.dll [X]
R2 Schedule; %systemroot%\system32\schedsvc.dll [X]
S3 SCPolicySvc; %SystemRoot%\System32\certprop.dll [X]
S3 SDRSVC; %Systemroot%\System32\SDRSVC.dll [X]
S3 seclogon; %windir%\system32\seclogon.dll [X]
R2 SecurityHealthService; %SystemRoot%\system32\SecurityHealthService.exe [X]
S3 SEMgrSvc; %SystemRoot%\system32\SEMgrSvc.dll [X]
R2 SENS; %SystemRoot%\System32\sens.dll [X]
S3 SensorDataService; %SystemRoot%\System32\SensorDataService.exe [X]
S3 SensorService; %SystemRoot%\system32\SensorService.dll [X]
S3 SensrSvc; %SystemRoot%\system32\sensrsvc.dll [X]
S3 SharedAccess; %SystemRoot%\System32\ipnathlp.dll [X]
S3 SharedRealitySvc; %SystemRoot%\System32\SharedRealitySvc.dll [X]
S4 shpamsvc; %systemroot%\system32\Windows.SharedPC.AccountManager.dll [X]
S3 SmsRouter; %SystemRoot%\system32\SmsRouterSvc.dll [X]
S3 SNMPTRAP; %SystemRoot%\System32\snmptrap.exe [X]
S3 spectrum; %systemroot%\system32\spectrum.exe [X]
R2 Spooler; %SystemRoot%\System32\spoolsv.exe [X]
S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [X]
R3 SSDPSRV; %SystemRoot%\System32\ssdpsrv.dll [X]
R3 SstpSvc; %SystemRoot%\system32\sstpsvc.dll [X]
R2 stisvc; %SystemRoot%\System32\wiaservc.dll [X]
R3 StorSvc; %SystemRoot%\system32\storsvc.dll [X]
S3 svsvc; %SystemRoot%\system32\svsvc.dll [X]
S3 swprv; %Systemroot%\System32\swprv.dll [X]
R2 SysMain; %systemroot%\system32\sysmain.dll [X]
R2 SystemEventsBroker; %SystemRoot%\System32\SystemEventsBrokerServer.dll [X]
R3 TabletInputService; %SystemRoot%\System32\TabSvc.dll [X]
S3 TermService; %SystemRoot%\System32\termsrv.dll [X]
R2 Themes; %SystemRoot%\system32\themeservice.dll [X]
S3 TieringEngineService; %SystemRoot%\system32\TieringEngineService.exe [X]
S3 tiledatamodelsvc; %SystemRoot%\system32\tileobjserver.dll [X]
R3 TimeBrokerSvc; %SystemRoot%\System32\TimeBrokerServer.dll [X]
S4 TrkWks; %SystemRoot%\System32\trkwks.dll [X]
S4 tzautoupdate; %SystemRoot%\system32\tzautoupdate.dll [X]
S3 UmRdpService; %SystemRoot%\System32\umrdp.dll [X]
S3 UserDataSvc; %SystemRoot%\System32\userdataservice.dll [X]
R2 UserManager; %SystemRoot%\System32\usermgr.dll [X]
R3 UsoSvc; %systemroot%\system32\usocore.dll [X]
R3 VaultSvc; C:\Windows\System32\vaultsvc.dll [X]
S3 vds; %SystemRoot%\System32\vds.exe [X]
S3 vmicguestinterface; %SystemRoot%\System32\icsvc.dll [X]
S3 vmicheartbeat; %SystemRoot%\System32\icsvc.dll [X]
S3 vmickvpexchange; %SystemRoot%\System32\icsvc.dll [X]
S3 vmicshutdown; %SystemRoot%\System32\icsvc.dll [X]
S3 vmictimesync; %SystemRoot%\System32\icsvc.dll [X]
S3 vmicvmsession; %SystemRoot%\System32\icsvc.dll [X]
S3 VSS; %systemroot%\system32\vssvc.exe [X]
R3 W32Time; %systemroot%\system32\w32time.dll [X]
S3 WalletService; %SystemRoot%\system32\WalletService.dll [X]
S3 WarpJITSvc; %SystemRoot%\System32\Windows.WARP.JITService.dll [X]
S3 WbioSrvc; %SystemRoot%\System32\wbiosrvc.dll [X]
R2 Wcmsvc; %SystemRoot%\System32\wcmsvc.dll [X]
S3 wcncsvc; %SystemRoot%\System32\wcncsvc.dll [X]
R3 WdNisSvc; "%ProgramFiles%\Windows Defender\NisSrv.exe" [X]
S3 Wecsvc; %SystemRoot%\system32\wecsvc.dll [X]
S3 WEPHOSTSVC; %systemroot%\system32\wephostsvc.dll [X]
S3 wercplsupport; %SystemRoot%\System32\wercplsupport.dll [X]
R3 WerSvc; %SystemRoot%\System32\WerSvc.dll [X]
S3 WFDSConMgrSvc; %SystemRoot%\System32\wfdsconmgrsvc.dll [X]
S3 WiaRpc; %SystemRoot%\System32\wiarpc.dll [X]
R2 WinDefend; "%ProgramFiles%\Windows Defender\MsMpEng.exe" [X]
R2 winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [X]
S3 wisvc; %systemroot%\system32\flightsettings.dll [X]
S3 WlanSvc; %SystemRoot%\System32\wlansvc.dll [X]
S3 wlidsvc; %SystemRoot%\system32\wlidsvc.dll [X]
S3 wlpasvc; %SystemRoot%\System32\lpasvc.dll [X]
S3 wmiApSrv; %systemroot%\system32\wbem\WmiApSrv.exe [X]
S3 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]
S3 workfolderssvc; %systemroot%\system32\workfolderssvc.dll [X]
S3 WPDBusEnum; %SystemRoot%\system32\wpdbusenum.dll [X]
R2 WpnService; %SystemRoot%\system32\WpnService.dll [X]
S2 WpnUserService; %SystemRoot%\System32\WpnUserService.dll [X]
R2 wscsvc; %SystemRoot%\System32\wscsvc.dll [X]
R3 wuauserv; %systemroot%\system32\wuaueng.dll [X]
S3 WwanSvc; %SystemRoot%\System32\wwansvc.dll [X]
S3 xbgm; %SystemRoot%\system32\xbgmsvc.exe [X]
S3 XblAuthManager; %SystemRoot%\System32\XblAuthManager.dll [X]
S3 XblGameSave; %SystemRoot%\System32\XblGameSave.dll [X]
S3 XboxGipSvc; %SystemRoot%\System32\XboxGipSvc.dll [X]
S3 XboxNetApiSvc; %SystemRoot%\system32\XboxNetApiSvc.dll [X]
R2 XtaCache; %systemroot%\system32\XtaCache.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 amdrv; C:\Windows\system32\drivers\amdrv.sys [181496 2019-01-16] (Zemana Ltd. -> Zemana Ltd.)
S3 1394ohci; \SystemRoot\System32\drivers\1394ohci.sys [X]
R0 ACPI; System32\drivers\ACPI.sys [X]
S3 AcpiDev; \SystemRoot\System32\drivers\AcpiDev.sys [X]
R0 acpiex; System32\Drivers\acpiex.sys [X]
S3 acpipagr; \SystemRoot\System32\drivers\acpipagr.sys [X]
S3 AcpiPmi; \SystemRoot\System32\drivers\acpipmi.sys [X]
S3 acpitime; \SystemRoot\System32\drivers\acpitime.sys [X]
R1 AFD; \SystemRoot\system32\drivers\afd.sys [X]
R1 ahcache; system32\DRIVERS\ahcache.sys [X]
S3 AppID; system32\drivers\appid.sys [X]
S3 applockerfltr; system32\drivers\applockerfltr.sys [X]
S3 AsyncMac; \SystemRoot\System32\drivers\asyncmac.sys [X]
S0 atapi; System32\drivers\atapi.sys [X]
R1 bam; system32\drivers\bam.sys [X]
R1 BasicDisplay; \SystemRoot\System32\drivers\BasicDisplay.sys [X]
R1 BasicRender; \SystemRoot\System32\drivers\BasicRender.sys [X]
R1 bcm2836pwm; \SystemRoot\system32\drivers\bcm2836pwm.sys [X]
R3 bcm2836sdhc; \SystemRoot\System32\drivers\bcm2836sdhc.sys [X]
S3 bcmauxspi; \SystemRoot\System32\drivers\bcmauxspi.sys [X]
R3 bcmgpio; \SystemRoot\System32\drivers\bcmgpio.sys [X]
R3 bcmi2c; \SystemRoot\System32\drivers\bcmi2c.sys [X]
R3 bcmspi; \SystemRoot\System32\drivers\bcmspi.sys [X]
R1 Beep; no ImagePath
R3 bowser; system32\DRIVERS\bowser.sys [X]
S3 BthAvrcpTg; \SystemRoot\System32\drivers\BthAvrcpTg.sys [X]
S3 BthHFEnum; \SystemRoot\System32\drivers\bthhfenum.sys [X]
S3 bthhfhid; \SystemRoot\System32\drivers\BthHFHid.sys [X]
S3 buttonconverter; \SystemRoot\System32\drivers\buttonconverter.sys [X]
S3 CAD; \SystemRoot\System32\drivers\CAD.sys [X]
S3 CapImg; \SystemRoot\System32\drivers\capimg.sys [X]
S4 cdfs; system32\DRIVERS\cdfs.sys [X]
R1 cdrom; \SystemRoot\System32\drivers\cdrom.sys [X]
R2 CldFlt; system32\drivers\cldflt.sys [X]
R0 CLFS; System32\drivers\CLFS.sys [X]
S3 CmBatt; \SystemRoot\System32\drivers\CmBatt.sys [X]
R0 CNG; System32\Drivers\cng.sys [X]
S4 cnghwassist; System32\DRIVERS\cnghwassist.sys [X]
R3 condrv; System32\drivers\condrv.sys [X]
R1 CSC; system32\drivers\csc.sys [X]
S1 dam; system32\drivers\dam.sys [X]
R1 Dfsc; System32\Drivers\dfsc.sys [X]
R0 disk; System32\drivers\disk.sys [X]
S3 dmvsc; \SystemRoot\System32\drivers\dmvsc.sys [X]
S3 drmkaud; \SystemRoot\System32\drivers\drmkaud.sys [X]
R3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [X]
S0 EhStorClass; System32\drivers\EhStorClass.sys [X]
S0 EhStorTcgDrv; System32\drivers\EhStorTcgDrv.sys [X]
S3 ErrDev; \SystemRoot\System32\drivers\errdev.sys [X]
S3 exfat; no ImagePath
R3 fastfat; no ImagePath
R1 FileCrypt; system32\drivers\filecrypt.sys [X]
R0 FileInfo; System32\drivers\fileinfo.sys [X]
S3 Filetrace; system32\drivers\filetrace.sys [X]
R0 FltMgr; system32\drivers\fltmgr.sys [X]
S3 FsDepends; System32\drivers\FsDepends.sys [X]
U0 Fs_Rec; no ImagePath
R0 fvevol; System32\DRIVERS\fvevol.sys [X]
R3 FxPPM; \SystemRoot\System32\drivers\fxppm.sys [X]
S3 gencounter; \SystemRoot\System32\drivers\vmgencounter.sys [X]
S3 genericusbfn; \SystemRoot\System32\drivers\genericusbfn.sys [X]
R3 GPIOClx0101; System32\Drivers\msgpioclx.sys [X]
R1 GpuEnergyDrv; System32\drivers\gpuenergydrv.sys [X]
S3 HDAudBus; \SystemRoot\System32\drivers\HDAudBus.sys [X]
S3 HidBth; \SystemRoot\System32\drivers\hidbth.sys [X]
S3 hidi2c; \SystemRoot\System32\drivers\hidi2c.sys [X]
S3 hidinterrupt; \SystemRoot\System32\drivers\hidinterrupt.sys [X]
R3 HidUsb; \SystemRoot\System32\drivers\hidusb.sys [X]
R3 HTTP; system32\drivers\HTTP.sys [X]
S3 HwNClx0101; System32\Drivers\mshwnclx.sys [X]
S3 hyperkbd; \SystemRoot\System32\drivers\hyperkbd.sys [X]
S3 HyperVideo; \SystemRoot\System32\drivers\HyperVideo.sys [X]
S3 IndirectKmd; \SystemRoot\System32\drivers\IndirectKmd.sys [X]
S0 intelide; System32\drivers\intelide.sys [X]
R0 iorate; system32\drivers\iorate.sys [X]
S3 IPMIDRV; \SystemRoot\System32\drivers\IPMIDrv.sys [X]
S3 IPNAT; System32\drivers\ipnat.sys [X]
R3 kbdclass; \SystemRoot\System32\drivers\kbdclass.sys [X]
R3 kbdhid; \SystemRoot\System32\drivers\kbdhid.sys [X]
R3 kdnic; \SystemRoot\System32\drivers\kdnic.sys [X]
R0 KSecDD; System32\Drivers\ksecdd.sys [X]
R0 KSecPkg; System32\Drivers\ksecpkg.sys [X]
R3 ksthunk; \SystemRoot\system32\drivers\ksthunk.sys [X]
R3 LAN9500; \SystemRoot\System32\drivers\lan9500-arm64-n650f.sys [X]
R2 lltdio; system32\drivers\lltdio.sys [X]
R2 luafv; \SystemRoot\system32\drivers\luafv.sys [X]
S3 mausbhost; \SystemRoot\System32\drivers\mausbhost.sys [X]
S3 mausbip; \SystemRoot\System32\drivers\mausbip.sys [X]
R3 mcci_dwchsotg_hcd; \SystemRoot\System32\drivers\mcci_dwchsotg_hcd.sys [X]
R3 mcci_dwchsotg_hub; \SystemRoot\System32\drivers\mcci_dwchsotg_hub.sys [X]
R2 MMCSS; \SystemRoot\system32\drivers\mmcss.sys [X]
S3 Modem; system32\drivers\modem.sys [X]
R3 monitor; \SystemRoot\System32\drivers\monitor.sys [X]
R3 mouclass; \SystemRoot\System32\drivers\mouclass.sys [X]
R3 mouhid; \SystemRoot\System32\drivers\mouhid.sys [X]
R0 mountmgr; System32\drivers\mountmgr.sys [X]
R3 mpsdrv; System32\drivers\mpsdrv.sys [X]
S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [X]
R3 mrxsmb; system32\DRIVERS\mrxsmb.sys [X]
R2 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [X]
R3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [X]
S3 MsBridge; System32\drivers\bridge.sys [X]
R1 Msfs; no ImagePath
S3 msgpiowin32; \SystemRoot\System32\drivers\msgpiowin32.sys [X]
S3 mshidkmdf; \SystemRoot\System32\drivers\mshidkmdf.sys [X]
S3 mshidumdf; \SystemRoot\System32\drivers\mshidumdf.sys [X]
S3 MSKSSRV; \SystemRoot\System32\drivers\MSKSSRV.sys [X]
R2 MsLldp; system32\drivers\mslldp.sys [X]
S3 MSPCLOCK; \SystemRoot\System32\drivers\MSPCLOCK.sys [X]
S3 MSPQM; \SystemRoot\System32\drivers\MSPQM.sys [X]
S3 MsRPC; no ImagePath
R1 mssmbios; \SystemRoot\System32\drivers\mssmbios.sys [X]
S3 MSTEE; \SystemRoot\System32\drivers\MSTEE.sys [X]
S3 MTConfig; \SystemRoot\System32\drivers\MTConfig.sys [X]
R0 Mup; System32\Drivers\mup.sys [X]
S3 NativeWifiP; system32\DRIVERS\nwifi.sys [X]
R0 NDIS; system32\drivers\ndis.sys [X]
S3 NdisCap; System32\drivers\ndiscap.sys [X]
S3 NdisImPlatform; System32\drivers\NdisImPlatform.sys [X]
S3 NdisTapi; System32\DRIVERS\ndistapi.sys [X]
S3 Ndisuio; system32\drivers\ndisuio.sys [X]
R3 NdisVirtualBus; \SystemRoot\System32\drivers\NdisVirtualBus.sys [X]
R3 NdisWan; \SystemRoot\System32\drivers\ndiswan.sys [X]
S3 ndiswanlegacy; System32\DRIVERS\ndiswan.sys [X]
R3 ndproxy; System32\DRIVERS\NDProxy.sys [X]
R2 Ndu; system32\drivers\Ndu.sys [X]
S3 NetAdapterCx; system32\drivers\NetAdapterCx.sys [X]
R1 NetBIOS; system32\drivers\netbios.sys [X]
R1 NetBT; System32\DRIVERS\netbt.sys [X]
S3 netvsc; \SystemRoot\System32\drivers\netvsc.sys [X]
R1 Npfs; no ImagePath
R1 npsvctrig; \SystemRoot\System32\drivers\npsvctrig.sys [X]
R1 nsiproxy; system32\drivers\nsiproxy.sys [X]
R3 NTFS; no ImagePath
R1 Null; no ImagePath
R0 partmgr; System32\drivers\partmgr.sys [X]
S0 pci; System32\drivers\pci.sys [X]
S0 pciide; System32\drivers\pciide.sys [X]
R0 pcw; System32\drivers\pcw.sys [X]
R0 pdc; system32\drivers\pdc.sys [X]
R2 PEAUTH; system32\drivers\peauth.sys [X]
S3 pl050prt; \SystemRoot\System32\drivers\pl050prt.sys [X]
S3 pl061gpio; \SystemRoot\System32\drivers\pl061gpio.sys [X]
R3 PptpMiniport; \SystemRoot\System32\drivers\raspptp.sys [X]
R1 Psched; System32\drivers\pacer.sys [X]
S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [X]
S0 Ramdisk; system32\DRIVERS\ramdisk.sys [X]
S3 RasAcd; System32\DRIVERS\rasacd.sys [X]
R3 RasAgileVpn; \SystemRoot\System32\drivers\AgileVpn.sys [X]
R3 Rasl2tp; \SystemRoot\System32\drivers\rasl2tp.sys [X]
R3 RasPppoe; System32\DRIVERS\raspppoe.sys [X]
R3 RasSstp; \SystemRoot\System32\drivers\rassstp.sys [X]
R1 rdbss; system32\DRIVERS\rdbss.sys [X]
R3 rdpbus; \SystemRoot\System32\drivers\rdpbus.sys [X]
S3 RDPDR; System32\drivers\rdpdr.sys [X]
S3 RdpVideoMiniport; System32\drivers\rdpvideominiport.sys [X]
R0 rdyboost; System32\drivers\rdyboost.sys [X]
S3 rhproxy; \SystemRoot\System32\drivers\rhproxy.sys [X]
R0 rpiq; System32\drivers\rpiq.sys [X]
R3 rpisdhc; \SystemRoot\System32\drivers\rpisdhc.sys [X]
R3 rpiwav; \SystemRoot\system32\drivers\rpiwav.sys [X]
R2 rspndr; system32\drivers\rspndr.sys [X]
S3 scfilter; System32\DRIVERS\scfilter.sys [X]
R3 sdbus; \SystemRoot\System32\drivers\sdbus.sys [X]
R3 sdstor; \SystemRoot\System32\drivers\sdstor.sys [X]
S3 SerCx; system32\drivers\SerCx.sys [X]
R3 SerCx2; system32\drivers\SerCx2.sys [X]
R3 Serial; \SystemRoot\System32\drivers\pi_miniuart.sys [X]
R3 SerPL011; \SystemRoot\System32\drivers\SerPL011.sys [X]
S3 smbdirect; System32\DRIVERS\smbdirect.sys [X]
R0 spaceport; System32\drivers\spaceport.sys [X]
R3 SpbCx; system32\drivers\SpbCx.sys [X]
R3 srv2; System32\DRIVERS\srv2.sys [X]
R3 srvnet; System32\DRIVERS\srvnet.sys [X]
S0 storahci; System32\drivers\storahci.sys [X]
S0 stornvme; System32\drivers\stornvme.sys [X]
S0 storufs; System32\drivers\storufs.sys [X]
S0 storvsc; System32\drivers\storvsc.sys [X]
R3 swenum; \SystemRoot\System32\drivers\swenum.sys [X]
R0 Tcpip; System32\drivers\tcpip.sys [X]
S3 Tcpip6; System32\drivers\tcpip.sys [X]
R2 tcpipreg; System32\drivers\tcpipreg.sys [X]
R1 tdx; \SystemRoot\system32\DRIVERS\tdx.sys [X]
S3 terminpt; \SystemRoot\System32\drivers\terminpt.sys [X]
S0 TPM; System32\drivers\tpm.sys [X]
S3 TsUsbFlt; system32\drivers\tsusbflt.sys [X]
S3 TsUsbGD; \SystemRoot\System32\drivers\TsUsbGD.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
R3 tunnel; \SystemRoot\System32\drivers\tunnel.sys [X]
S3 UASPStor; \SystemRoot\System32\drivers\uaspstor.sys [X]
S3 UcmCx0101; System32\Drivers\UcmCx.sys [X]
S3 UcmTcpciCx0101; System32\Drivers\UcmTcpciCx.sys [X]
S3 UcmUcsi; \SystemRoot\System32\drivers\UcmUcsi.sys [X]
S3 Ucx01000; system32\drivers\ucx01000.sys [X]
S3 UdeCx; system32\drivers\udecx.sys [X]
R4 udfs; system32\DRIVERS\udfs.sys [X]
S3 UEFI; \SystemRoot\System32\drivers\UEFI.sys [X]
S3 Ufx01000; system32\drivers\ufx01000.sys [X]
S3 UfxChipidea; \SystemRoot\System32\drivers\UfxChipidea.sys [X]
S3 ufxsynopsys; \SystemRoot\System32\drivers\ufxsynopsys.sys [X]
R3 umbus; \SystemRoot\System32\drivers\umbus.sys [X]
S3 UmPass; \SystemRoot\System32\drivers\umpass.sys [X]
S3 UrsChipidea; \SystemRoot\System32\drivers\urschipidea.sys [X]
S3 UrsCx01000; system32\drivers\urscx01000.sys [X]
S3 UrsSynopsys; \SystemRoot\System32\drivers\urssynopsys.sys [X]
R3 usbccgp; \SystemRoot\System32\drivers\usbccgp.sys [X]
S3 usbehci; \SystemRoot\System32\drivers\usbehci.sys [X]
S3 usbhub; \SystemRoot\System32\drivers\usbhub.sys [X]
S3 USBHUB3; \SystemRoot\System32\drivers\UsbHub3.sys [X]
S3 usbprint; \SystemRoot\System32\drivers\usbprint.sys [X]
S3 usbser; \SystemRoot\System32\drivers\usbser.sys [X]
R3 USBSTOR; \SystemRoot\System32\drivers\USBSTOR.SYS [X]
S3 USBXHCI; \SystemRoot\System32\drivers\USBXHCI.SYS [X]
R3 vchiq; \SystemRoot\System32\drivers\vchiq.sys [X]
R0 vdrvroot; System32\drivers\vdrvroot.sys [X]
S3 VerifierExt; system32\drivers\VerifierExt.sys [X]
S3 vhdmp; \SystemRoot\System32\drivers\vhdmp.sys [X]
S3 vhf; \SystemRoot\System32\drivers\vhf.sys [X]
S0 vmbus; System32\drivers\vmbus.sys [X]
S3 VMBusHID; \SystemRoot\System32\drivers\VMBusHID.sys [X]
S3 vmgid; \SystemRoot\System32\drivers\vmgid.sys [X]
R0 volmgr; System32\drivers\volmgr.sys [X]
R0 volmgrx; System32\drivers\volmgrx.sys [X]
R0 volsnap; System32\drivers\volsnap.sys [X]
R0 volume; System32\drivers\volume.sys [X]
S3 vpci; \SystemRoot\System32\drivers\vpci.sys [X]
S3 vwifibus; \SystemRoot\System32\drivers\vwifibus.sys [X]
R1 vwififlt; System32\drivers\vwififlt.sys [X]
R2 wanarp; System32\DRIVERS\wanarp.sys [X]
S3 wanarpv6; System32\DRIVERS\wanarp.sys [X]
R2 wcifs; \SystemRoot\system32\drivers\wcifs.sys [X]
S3 wcnfs; \SystemRoot\system32\drivers\wcnfs.sys [X]
S0 WdBoot; system32\drivers\WdBoot.sys [X]
R0 Wdf01000; system32\drivers\Wdf01000.sys [X]
R0 WdFilter; system32\drivers\WdFilter.sys [X]
S3 wdiwifi; system32\DRIVERS\wdiwifi.sys [X]
R3 WdNisDrv; system32\Drivers\WdNisDrv.sys [X]
S3 wdnsfltr; system32\drivers\wdnsfltr.sys [X]
R0 WFPLWFS; System32\drivers\wfplwfs.sys [X]
S3 WIMMount; system32\drivers\wimmount.sys [X]
R0 WindowsTrustedRT; system32\drivers\WindowsTrustedRT.sys [X]
R0 WindowsTrustedRTProxy; System32\drivers\WindowsTrustedRTProxy.sys [X]
S3 WinNat; system32\drivers\winnat.sys [X]
S3 WINUSB; \SystemRoot\System32\drivers\WinUSB.SYS [X]
S3 WmiAcpi; \SystemRoot\System32\drivers\wmiacpi.sys [X]
R0 Wof; no ImagePath
R3 WpdUpFltr; System32\drivers\WpdUpFltr.sys [X]
S4 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [X]
S3 WudfPf; system32\drivers\WudfPf.sys [X]
R3 WUDFRd; system32\drivers\WudfRd.sys [X]
R3 WUDFWpdFs; \SystemRoot\system32\DRIVERS\WUDFRd.sys [X]
S3 xboxgip; \SystemRoot\System32\drivers\xboxgip.sys [X]
S3 xinputhid; \SystemRoot\System32\drivers\xinputhid.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\amdrv.sys 06897B431C07886454E0681723DD53E6
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_arm64_6e10f1bfa4e506db\CompositeBus.sys BDEFA13511E9F883768714DAE27F7ECA

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-08 10:14 - 2019-03-08 10:14 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Roaming\GlarySoft
2019-03-08 10:10 - 2019-03-08 10:10 - 000029225 _____ C:\Users\LFS Hyper & EFM\Desktop\Shortcut.txt
2019-03-08 10:01 - 2019-03-08 10:10 - 000021838 _____ C:\Users\LFS Hyper & EFM\Desktop\Addition.txt
2019-03-08 09:55 - 2019-03-08 09:55 - 000000000 ____D C:\Windows\Panther
2019-03-08 09:47 - 2019-03-08 10:22 - 000039452 _____ C:\Users\LFS Hyper & EFM\Desktop\FRST.txt
2019-03-08 09:41 - 2019-03-08 10:16 - 000000000 ____D C:\FRST
2019-03-08 09:39 - 2019-03-08 10:31 - 001793536 _____ (Farbar) C:\Users\LFS Hyper & EFM\Desktop\FRST.exe
2019-03-08 09:25 - 2019-03-08 09:53 - 000000000 ___HD C:\$WINDOWS.~BT
2019-03-08 08:36 - 2019-03-08 08:36 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Local\MicrosoftEdge
2019-01-17 00:38 - 2019-01-17 00:38 - 000000000 ____D C:\ProgramData\USOShared
2019-01-17 00:37 - 2019-01-16 16:37 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-01-17 00:28 - 2019-01-17 00:28 - 000000000 ____D C:\Windows\CSC
2019-01-17 00:28 - 2019-01-16 16:25 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-17 00:28 - 2017-08-26 08:16 - 002240512 _____ (Microsoft Corporation) C:\Windows\system32\PrintConfig.dll
2019-01-17 00:26 - 2019-01-17 00:26 - 000000000 ____D C:\Windows\ServiceProfiles
2019-01-17 00:25 - 2019-01-17 00:25 - 000000000 _SHDL C:\Documents and Settings
2019-01-16 20:41 - 2019-01-16 20:41 - 000365630 __RST C:\QuickDiag_16_01_2019_20_41_57.txt
2019-01-16 20:02 - 2019-01-16 20:02 - 000002517 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PresenterLink+.lnk
2019-01-16 20:02 - 2019-01-16 20:02 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2019-01-16 20:02 - 2019-01-16 20:02 - 000000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2019-01-16 19:58 - 2019-01-16 20:41 - 000365630 _RSOT C:\Users\LFS Hyper & EFM\Desktop\QuickDiag_16_01_2019_20_41_57.txt
2019-01-16 19:53 - 2019-01-16 20:41 - 000000000 ____D C:\QuickDiag
2019-01-16 19:53 - 2019-01-16 20:02 - 000000000 ____D C:\Program Files (x86)\CyberLink
2019-01-16 19:50 - 2019-01-16 19:51 - 000000000 ____D C:\ProgramData\Package Cache
2019-01-16 19:46 - 2019-01-16 19:47 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextSeek
2019-01-16 19:46 - 2019-01-16 19:46 - 000001117 _____ C:\Users\LFS Hyper & EFM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextSeek.lnk
2019-01-16 19:41 - 2019-01-16 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diag
2019-01-16 19:38 - 2019-01-16 19:42 - 000000000 ____D C:\Program Files (x86)\Diag
2019-01-16 19:33 - 2019-01-16 19:50 - 000000000 ____D C:\ProgramData\Temp
2019-01-16 19:32 - 2019-01-16 19:32 - 000000000 ____D C:\Windows\system32\ShellExtBridge
2019-01-16 19:29 - 2019-01-16 19:29 - 000000000 ____D C:\Program Files (x86)\Moo0
2019-01-16 19:28 - 2019-01-16 19:46 - 000000000 ____D C:\Program Files (x86)\TextSeek
2019-01-16 19:27 - 2019-01-16 19:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silent Install Builder 5
2019-01-16 19:27 - 2019-01-16 19:27 - 000000000 ____D C:\Program Files (x86)\Silent Install Builder 5
2019-01-16 19:24 - 2019-01-16 20:04 - 000000000 ____D C:\ProgramData\SUPPORTDIR
2019-01-16 19:24 - 2019-01-16 19:24 - 000000000 ____D C:\ProgramData\install_clap
2019-01-16 19:21 - 2019-01-16 19:21 - 000000000 ____D C:\Program Files (x86)\WinToBootic
2019-01-16 19:17 - 2019-01-16 19:19 - 000000000 ____D C:\Program Files (x86)\Remediate VBS Worm
2019-01-16 19:16 - 2019-03-01 13:06 - 005175192 _____ (SosVirus) C:\Users\LFS Hyper & EFM\Desktop\quickdiag_V5_27.02.19.1.exe
2019-01-16 19:16 - 2019-03-01 12:59 - 002434048 _____ (Farbar) C:\Users\LFS Hyper & EFM\Desktop\FRST64-2.1.exe
2019-01-16 19:03 - 2019-01-16 19:03 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Local\aimp-avg-cyberlink setup
2019-01-16 19:01 - 2019-01-16 19:01 - 000001387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Update Pro.lnk
2019-01-16 19:01 - 2019-01-16 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2019-01-16 19:00 - 2019-01-16 19:00 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2019-01-16 18:47 - 2019-01-16 18:47 - 000181496 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\amdrv.sys
2019-01-16 18:45 - 2019-01-16 18:45 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Local\AMSDK
2019-01-16 18:45 - 2019-01-16 18:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconPack
2019-01-16 18:42 - 2019-01-16 18:42 - 000706048 _____ (Microsoft Corporation) C:\Windows\system32\imagesp1.dll
2019-01-16 18:42 - 2019-01-16 18:42 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Roaming\ProtectStar
2019-01-16 18:42 - 2019-01-16 18:42 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProtectStar
2019-01-16 18:42 - 2019-01-16 18:42 - 000000000 ____D C:\Program Files (x86)\ProtectStar
2019-01-16 18:41 - 2019-01-16 18:42 - 022203904 _____ (Microsoft Corporation) C:\Windows\system32\imageres.dll
2019-01-16 18:39 - 2019-01-16 18:39 - 000000000 ___HD C:\W7P_Backups
2019-01-16 18:33 - 2019-01-16 18:45 - 000000000 ____D C:\IconPack
2019-01-16 18:23 - 2019-01-16 20:07 - 000000000 ___RD C:\Users\LFS Hyper & EFM\Desktop\LFS Hyper-EFM-UEFM-Barrow 16,2-Widen 16-ANAAMFUW Suite 22
2019-01-16 18:20 - 2019-01-16 18:20 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Roaming\Macromedia
2019-01-16 17:10 - 2019-01-16 17:10 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Local\Comms
2019-01-16 16:52 - 2019-03-08 09:46 - 000002404 _____ C:\Users\LFS Hyper & EFM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-01-16 16:52 - 2019-03-08 09:46 - 000000000 ___RD C:\Users\LFS Hyper & EFM\OneDrive
2019-01-16 16:43 - 2019-01-16 16:43 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2019-01-16 16:42 - 2019-01-16 16:42 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Local\DBG
2019-01-16 16:40 - 2019-01-16 16:40 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Local\Publishers
2019-01-16 16:37 - 2019-01-16 16:37 - 000000000 ___RD C:\Users\LFS Hyper & EFM\3D Objects
2019-01-16 16:36 - 2019-01-16 17:10 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Local\Packages
2019-01-16 16:36 - 2019-01-16 16:36 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Roaming\Adobe
2019-01-16 16:36 - 2019-01-16 16:36 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Local\VirtualStore
2019-01-16 16:35 - 2019-01-16 16:35 - 000000000 ____D C:\Users\LFS Hyper & EFM\AppData\Local\ConnectedDevicesPlatform
2019-01-16 16:33 - 2019-03-08 08:25 - 000000000 ____D C:\Users\LFS Hyper & EFM
2019-01-16 16:33 - 2019-01-16 16:33 - 000000020 ___SH C:\Users\LFS Hyper & EFM\ntuser.ini

==================== Three months (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-03-08 10:22 - 2017-08-26 08:30 - 000000000 ____D C:\Windows\DeliveryOptimization
2019-03-08 10:20 - 2017-08-26 08:30 - 000000000 ____D C:\Windows\XtaCache
2019-03-08 10:08 - 2017-08-26 08:30 - 000000000 ____D C:\Windows\AppReadiness
2019-03-08 10:08 - 2017-08-26 08:29 - 000000000 ____D C:\Windows\INF
2019-03-08 08:52 - 2017-08-26 08:09 - 000000000 ____D C:\Windows\CbsTemp
2019-03-08 07:27 - 2017-08-26 08:30 - 000000000 ____D C:\ProgramData\USOPrivate

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe IS MISSING <==== ATTENTION
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe IS MISSING <==== ATTENTION
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll IS MISSING <==== ATTENTION
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\dllhost.exe => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys IS MISSING <==== ATTENTION
C:\Windows\system32\winsrv.dll IS MISSING <==== ATTENTION


ATTENTION: ==> Could not access BCD.

==================== BCD ================================
'bcdedit' is not recognized as an internal or external command,
operable program or batch file.


==================== End of FRST.txt ============================