==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\RogueKiller;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-2895219947-52399620-1358840524-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi 3: COMODO Internet Security Firewall Driver -> inspect (enabled)
Bluetooth Network Connection 3: COMODO Internet Security Firewall Driver -> inspect (enabled)
Ethernet 3: COMODO Internet Security Firewall Driver -> inspect (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run32: => "vdcss"
HKU\S-1-5-21-2895219947-52399620-1358840524-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{40044017-F1A4-44F1-AFBD-7819DDA2D736}] => (Allow) C:\Users\songe\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{FB0386FB-1FA5-49D0-83DF-02C015FEDD5C}] => (Allow) C:\Users\songe\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2C044187-1355-4F02-8FA9-F4A38638A343}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8AE17CB3-6930-442F-8BCB-63DF6808F51B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F3FF742C-045B-4377-A75B-08151B9FBF06}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B9BE6477-0148-468F-A68C-3330A3A5AA60}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9C8DA548-3E40-4F06-A48C-71EDDE35B829}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{C994F70E-1583-462A-96A5-28235CF80409}] => (Allow) LPort=5357
FirewallRules: [{F9CAD939-5640-46B6-93DF-6A70F7C0C90E}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{4DE4DD25-81C9-4B73-95DB-5A195FDFDC56}] => (Allow) C:\Program Files\HP\HP DeskJet 2600 series\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{965C0A3D-EAD7-499E-A225-9D23168846BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{10721DFB-1A7E-4BEC-8657-E2672724B834}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{150DFDFA-6BF3-4715-AD18-F38CA281B9E9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6DE7AF75-5600-4B7C-9675-C7FFC011C868}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{152B9098-C598-4C26-AF39-CD19F91D9911}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (HP Inc. -> HP Inc.)
FirewallRules: [{906BE555-CE91-4052-9BB6-A1A47276C593}] => (Allow) LPort=13148
FirewallRules: [{B6C34832-645D-4240-B606-9D6B026CDB2A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{F82EC6EA-B428-468F-B3E7-713569A70C26}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3E7DFE18-EAC3-4276-87E7-54A53E04F8CB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5391A257-0771-4C44-8677-25757BF975FA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5F9AC6BE-5E87-4C31-8F25-1C4B23B1E81F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BD8AA51F-043B-4DA8-9F32-18675E219EA0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{522CA87C-5BF1-48B0-A675-310C5964B99E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{B3FF664E-4FB6-45F8-A8C9-BBF4AFBB9A30}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3E28D87D-6145-46EA-9C91-CD0D282DD9AF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EC28F698-6507-42F5-A584-B43395658E86}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D726C6C7-3BF2-41C7-B791-407AAEDBAEDD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2DBD0888-3697-4DB7-AC27-9E67B5F0BDB3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6AC46AF4-6589-4566-A8F3-3B0EF9A158C0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B933FEDB-C8A1-42B6-BEED-9A3E2E62C036}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AA40594E-B36F-4CD1-8DCE-36BBC9549CDD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{66F14499-6F3A-49AE-927B-C7C69EC3D8FF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.148.625.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================
05-12-2020 09:09:03 Scheduled Checkpoint
09-12-2020 14:39:54 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (12/14/2020 06:41:21 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (12/14/2020 01:48:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cis.exe, version: 12.0.0.6818, time stamp: 0x5cb5b1e0
Faulting module name: combase.dll, version: 10.0.19041.662, time stamp: 0x974bdb64
Exception code: 0xc0000005
Fault offset: 0x00000000000370e4
Faulting process id: 0x1d74
Faulting application start time: 0x01d6d2589f8b9bb4
Faulting application path: C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: fb820e52-e327-442c-9185-9a6b23c63320
Faulting package full name:
Faulting package-relative application ID:
Error: (12/13/2020 06:41:20 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (12/12/2020 06:41:20 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (12/12/2020 02:57:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on RECOVERY (D
because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (12/12/2020 02:57:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Windows (C
because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)
Error: (12/11/2020 06:41:23 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (12/10/2020 06:41:21 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
System errors:
=============
Error: (12/15/2020 03:05:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 124 time(s).
Error: (12/15/2020 03:05:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 123 time(s).
Error: (12/15/2020 02:05:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 122 time(s).
Error: (12/15/2020 01:17:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 121 time(s).
Error: (12/15/2020 01:05:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 120 time(s).
Error: (12/15/2020 12:12:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (12/15/2020 12:12:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
Error: (12/15/2020 12:05:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 119 time(s).
Windows Defender:
===================================
Date: 2020-12-09 16:28:52.6120000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: PUA:Win32/Vigua.A
ID: 232714
Severity: Severe
Category: Potentially Unwanted Software
Path: file:_C:\ProgramData\RogueKiller\Quarantine\A3451FC1F6FA3A04.vir
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.329.110.0, AS: 1.329.110.0, NIS: 1.329.110.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2020-12-09 16:14:48.2120000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {5DCA3CF3-419D-4036-BA2E-CDB37CCBFAC3}
Scan Type: Antimalware
Scan Parameters: Full Scan
Date: 2020-12-09 16:14:48.1930000Z
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: TrojanClicker:Win32/Doplik.E
ID: 2147764019
Severity: Severe
Category: Trojan Notifier
Path: file:_C:\ProgramData\RogueKiller\Quarantine\10BB8C114842A302.vir
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Security intelligence Version: AV: 1.329.110.0, AS: 1.329.110.0, NIS: 1.329.110.0
Engine Version: AM: 1.1.17700.4, NIS: 1.1.17700.4
Date: 2020-10-16 03:36:27.9270000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {F33A7D38-40E6-4088-8E2E-8B92980D1C34}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-10-11 23:32:48.5740000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.325.478.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17500.4
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2020-10-11 23:32:48.5730000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.325.478.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17500.4
Error code: 0x80070102
Error description: The wait operation timed out.
Date: 2020-10-07 17:09:42.8120000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.325.353.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17500.4
Error code: 0x80240009
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2020-12-15 16:02:59.6590000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-15 16:02:59.6490000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\iseguard64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-15 16:02:59.2470000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-15 16:02:38.2920000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-15 16:02:38.2830000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\iseguard64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-15 16:02:38.2770000Z
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2020-12-15 16:02:17.3980000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\cssguard64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-12-15 16:02:17.3890000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\iseguard64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: Insyde F.24 02/26/2018
Motherboard: HP 8251
Processor: Intel(R) Core(TM) i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 58%
Total physical RAM: 8096.66 MB
Available physical RAM: 3364.54 MB
Total Virtual: 11296.66 MB
Available Virtual: 5152.66 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:917.34 GB) (Free:828.96 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:12.94 GB) (Free:1.56 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{323151f1-a2e0-43aa-beb9-314806ec3b6b}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.4 GB) NTFS
\\?\Volume{44fed7cf-eea9-4f1c-bf5d-1e3f639f90af}\ () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A50E1C7D)
Partition: GPT.
==================== End of Addition.txt =======================