Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

May Have Been Infected in Quest to Recover Dead Drive's Data


  • Please log in to reply
9 replies to this topic

#1 jesters89

jesters89

  •  Avatar image
  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted Yesterday, 12:04 AM

Hi all-

 

Had a very old external hard drive that died last week. In my quest to try and salvage the data I downloaded some unfamiliar programs that offered the hope of recovery. I also Decided to invest in a VPN from a company PureVPN. I saw this recommended on Reddit, but have since learned they have a few suspect reviews here and there. I've since uninstalled the VPN. I've also uninstalled any program I downloaded to try and recover the data (I was not successful). 

 

Since all of that, my PC has been behaving strangely. A game that has worked fine up until today (Helldivers 2) now crashes on launch or when in-game when in a loading screen. Another game also failed to start which I've never had trouble with. I got several errors that appear to be memory related. Scrolling on a webpage in Chrome suddenly changed to the "Aw Snap" error page and it said I didnt have enough memory. CPU usage is sitting at around 40% and climbs to 70% when playing Helldivers. I also added an additional external solid state drive to replace the one that failed. On one of my reboots I got a message suggesting that the drive had an error and it prompted me to run a repair tool which found no errors. It seems to work fine. I tried to scan the drive with AVAST and it stopped prematurely and all my external drives stopped showing in explorer until I rebooted. I've since deleted a bunch of files from the drive, scanned the folders separately and it seemed fine. I also uninstalled AVAST per y'alls recommendation and am now relying on Windows Defender. 

 

That's about all I recall from the last 24hrs of strangeness. I ran a Defender offline scan and found nothing. Ran a full online scan and it says it found nothing, but I'm not sure it fully scanned. Says it did, but it estimated 4 hours and suddenly stopped at 44 minutes. Thanks in advance for helping me rule out something malicious. 

 

EDIT: As you can see, I also posted 3 times without realizing it. On my end the post sat loading after I hit submit. It even timed out the first time Not sure what's up. Apologies for spamming the board by mistake.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by Jeremy (administrator) on JEREMYPC (03-03-2024 22:38:40)
Running from C:\Users\Jeremy\Desktop\PC Maintenance\FRST64.exe
Loaded Profiles: Jeremy
Platform: Microsoft Windows 10 Home Version 22H2 19045.4046 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe ->) (Razer USA Ltd. -> The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe <5>
(C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
(C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe ->) (Razer USA Ltd. -> ) C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe ->) (Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe
(C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe ->) (Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_8c8de08a85de4474\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Oculus VR, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc) C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
(services.exe ->) (Razer USA Ltd. -> Razer Inc.) C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
(services.exe ->) (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18388936 2018-02-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => E:\Program Files\iTunes\iTunesHelper.exe [367456 2023-11-27] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [5160248 2020-01-31] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\Run: [Steam] => E:\Program Files (x86)\Steam\steam.exe [4388712 2024-02-28] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\Run: [Discord] => C:\Users\Jeremy\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\Run: [Spotify] => C:\Users\Jeremy\AppData\Roaming\Spotify\Spotify.exe [24155776 2021-07-16] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3593992 2024-02-26] (Razer USA Ltd. -> Razer Inc.)
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\Run: [MicrosoftEdgeAutoLaunch_EC9CBCB90504BDE1B58010AB1D3B4377] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4060728 2024-03-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe [3593992 2024-02-26] (Razer USA Ltd. -> Razer Inc.)
HKLM\...\Windows x64\Print Processors\Canon MX920 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBL.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX920 series: C:\Windows\system32\CNCALBL.DLL [303104 2012-09-21] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX920 series: C:\Windows\system32\CNMLMBL.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2012-07-31] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\122.0.6261.95\Installer\chrmstp.exe [2024-03-01] (Google LLC -> Google LLC)
Startup: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2020-10-30]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Jeremy\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited -> Mega Limited)
Startup: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2024-02-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2020-08-18]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {441628C6-04D6-46D3-8B6C-B9C36CB695FE} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
Task: {75596DE5-EA69-4217-A638-A8D9A05C5DFE} - System32\Tasks\AdobeGCInvoker-1.0
Task: {D4FA7173-5DE9-4097-8EE5-FC218DE33A2D} - System32\Tasks\Adobe Acrobat Update Task
Task: {4CAFB565-F9B4-4014-97D9-A1931C97799F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {9DF57AD9-2F9A-4CF1-8821-6C440AFEA48D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [5577144 2024-02-15] (Microsoft Windows -> Microsoft Corporation)
Task: {DB728B24-6085-4CC7-95AC-3AC8FB575499} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-12-09] (Google Inc -> Google Inc.)
Task: {93DAC5A6-50B4-416F-B1A6-DAEF5A37256E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2018-12-09] (Google Inc -> Google Inc.)
Task: {D1DC9ACB-6C03-4FB8-AE96-C478DA82785F} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-3545764084-2441850025-860840010-1001 => C:\Users\Jeremy\AppData\Local\MEGAsync\MEGAupdater.exe [2531760 2024-02-29] (Mega Limited -> )
Task: {70C162C7-C0C6-4059-8373-28DED9D84EB8} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {666F1F83-B030-4849-8449-3316C77D073B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {53CB621A-0629-4969-9F3B-5E56D45E6714} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5BEE8BE-62D3-4B0C-8B99-8B88F17586F3} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8B62AE5-3642-4251-82F3-588C2CD3DEE8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [362192 2024-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {57CCB009-1E97-45CF-BE42-5DEA4380E722} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\Jeremy\Report update status => C:\Windows\system32\RUNDLL32.exe [71680 2023-11-16] (Microsoft Windows -> Microsoft Corporation) -> tsworkspace,WorkspaceStatusNotify2
Task: {50978717-33DD-41F8-BACB-2C8B9B1E3E9E} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\Jeremy\Start Workspace Runtime at logon => {4F1DFCA6-3AAD-48E1-8406-4BC21A501D7C} C:\WINDOWS\system32\wksprt.exe [450560 2023-11-16] (Microsoft Windows -> Microsoft Corporation)
Task: {04964162-8782-411D-951B-1888E3A2410F} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\Jeremy\Update connections => C:\Windows\system32\RUNDLL32.exe [71680 2023-11-16] (Microsoft Windows -> Microsoft Corporation) -> tsworkspace,TaskUpdateWorkspaces2
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {742048E3-8ECA-47D4-AC89-669FE04BE6D0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {16FE0601-57C0-45CB-B53E-A681D3E102CE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {72FC1352-1E42-4B03-A262-11A88ECA769D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {35D8DE2A-1BA5-4659-89A0-F5BF109B90C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MpCmdRun.exe [1646000 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe  join (No File)
Task: {4328516C-F2AA-4BFB-A384-D24680047CC4} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {A622465F-1616-488C-9B1C-A03388FE9EFF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D68F1004-FBE6-496F-93FA-C53130F2E849} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D6BE53DE-3593-44E8-9F16-394D9ABB669B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {92C45676-267A-4264-B6B5-4FC326FAA2A1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A94C320E-8DB7-40E6-981B-1DC6A6CF1020} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {053D5272-DB09-4471-B814-616B44E04971} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F691483A-71DB-4C66-B881-54468B5C2942} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AD7E1379-DC06-40CF-B59A-8B6B9CB5B1E4} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\..\Interfaces\{39a90047-0e88-4e65-9dcf-0a983731c58c}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{4eb6e872-f597-45f9-8148-53e10639b4d2}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{4eb6e872-f597-45f9-8148-53e10639b4d2}\05965627365675966696: [DhcpNameServer] 108.166.149.2 108.166.149.3
Tcpip\..\Interfaces\{DD49576D-06CD-41D7-B656-3D435C33D655}: [DhcpNameServer] 108.166.149.2 108.166.149.3
 
Edge: 
=======
Edge Profile: C:\Users\Jeremy\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-03]
Edge Extension: (Google Docs Offline) - C:\Users\Jeremy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-03]
Edge Extension: (Edge relevant text changes) - C:\Users\Jeremy\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-26]
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.12 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2023-08-18] (Adobe Inc. -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default [2024-03-03]
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://na.op.gg; hxxps://www.joytoyworld.com
CHR Extension: (uBlock Origin) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-03-02]
CHR Extension: (Adobe Acrobat: PDF edit, convert, sign tools) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-02-24]
CHR Extension: (Google Docs Offline) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-27]
CHR Extension: (Improved Initiative Importer for D&D Beyond) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnolbacihffeendcancgcpkpdmagajb [2023-08-19]
CHR Extension: (EPUBReader) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhclmfgfllimlhabjkgkeebkbiadflb [2021-10-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-31]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-06-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-10-02] (Apple Inc. -> Apple Inc.)
S3 ArcService; E:\Program Files (x86)\Arc\ArcService.exe [124064 2019-09-27] (Perfect World Entertainment Inc. -> Perfect World Entertainment Inc)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14048768 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [818304 2022-09-01] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-12-11] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-31] (Malwarebytes Inc. -> Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [12917888 2024-01-09] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2572096 2023-03-13] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3491144 2023-03-13] (Electronic Arts, Inc. -> Electronic Arts)
S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [148024 2024-02-06] (Oculus VR, LLC -> Facebook Technologies, LLC)
R2 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [510008 2024-02-06] (Oculus VR, LLC -> Facebook Technologies, LLC)
R2 Razer Chroma SDK Server; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe [447080 2019-07-23] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [943240 2019-07-23] (Razer USA Ltd. -> Razer Inc.)
R2 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [256264 2023-02-10] (Razer USA Ltd. -> Razer Inc)
R2 Razer Synapse Service; C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe [298248 2024-02-26] (Razer USA Ltd. -> Razer Inc.)
R2 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [538424 2023-11-09] (Razer USA Ltd. -> Razer Inc.)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesUpdateService.exe [32648 2020-08-06] (SteelSeries ApS -> )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [368248 2021-03-15] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe [133576 2024-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_8c8de08a85de4474\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_8c8de08a85de4474\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-12-18] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-12-18] (Disc Soft Ltd -> Disc Soft Ltd)
S3 gdrv2; C:\Windows\gdrv2.sys [32720 2018-12-09] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 GLCKIO2; C:\Program Files (x86)\GIGABYTE\RGBFusion\GLCKIO2.sys [19392 2018-03-08] (ASUSTeK Computer Inc. -> )
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
R3 OCULUSUDSVR; C:\WINDOWS\System32\drivers\OCULUSUD.sys [3867552 2020-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Oculus VR, LLC.)
R3 oculusvad_oculusvad; C:\WINDOWS\System32\drivers\oculusvad.sys [75280 2021-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32856 2020-08-04] (Oculus VR, LLC -> Facebook Inc.)
R3 RzCommon; C:\WINDOWS\System32\drivers\RzCommon.sys [64168 2022-08-18] (Razer USA Ltd. -> Razer Inc)
R3 RzDev_0098; C:\WINDOWS\System32\drivers\RzDev_0098.sys [55624 2021-01-28] (Razer USA Ltd. -> Razer Inc)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer USA Ltd. -> Razer Inc)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46776 2019-12-23] (SteelSeries ApS -> )
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2024-02-07] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74048 2020-01-31] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21040 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [608648 2024-02-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-02-28] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-03-02] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-03-04 00:15 - 2024-03-04 00:15 - 105381888 _____ C:\WINDOWS\system32\config\SOFTWARE
2024-03-03 22:22 - 2024-03-03 22:38 - 000000000 ____D C:\Users\Jeremy\Desktop\PC Maintenance
2024-03-03 22:09 - 2024-03-03 22:09 - 000000000 ____D C:\WINDOWS\Panther
2024-03-03 20:57 - 2024-03-03 20:57 - 000000000 ____D C:\Program Files\Common Files\INCA Shared
2024-03-03 16:51 - 2024-03-03 16:51 - 001589510 _____ (Igor Pavlov) C:\Users\Jeremy\Downloads\7z2301-x64.exe
2024-03-03 16:51 - 2024-03-03 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2024-03-03 16:14 - 2024-03-03 16:14 - 000000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-03-03 16:14 - 2024-03-03 16:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2024-03-03 16:13 - 2024-03-03 16:13 - 003950296 _____ (Alexander Roshal) C:\Users\Jeremy\Downloads\winrar-x64-700.exe
2024-03-03 14:03 - 2024-03-03 14:03 - 000000000 ___RD C:\Users\Jeremy\Downloads\15647NeonBand.RarZipExtractorPro_g3b9h1p9bdemw!App
2024-03-02 18:43 - 2024-03-02 18:43 - 000002249 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PureVPN.lnk
2024-03-02 18:43 - 2024-02-07 17:16 - 000104424 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\avpndriver.sys
2024-03-02 18:41 - 2024-03-03 22:37 - 000000000 ____D C:\Program Files (x86)\GZ Systems
2024-03-02 18:39 - 2024-03-02 18:39 - 057059440 _____ () C:\Users\Jeremy\Downloads\purevpn_setup.exe
2024-03-02 10:29 - 2024-03-02 11:19 - 000000000 ____D C:\Users\Jeremy\Downloads\Telegram Desktop
2024-03-02 09:29 - 2024-03-02 09:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2024-03-02 09:28 - 2024-03-02 09:28 - 005915672 _____ (Crystal Dew World ) C:\Users\Jeremy\Downloads\CrystalDiskInfo9_2_3.exe
2024-03-01 19:02 - 2024-03-01 19:02 - 000000000 ____D C:\Users\Jeremy\AppData\Local\ToastNotificationManagerCompat
2024-03-01 18:37 - 2024-03-01 18:37 - 000000000 ____D C:\Users\Jeremy\Desktop\DMDE
2024-02-29 13:50 - 2024-02-29 13:50 - 000126076 _____ C:\Users\Jeremy\Desktop\Personal_Reference_Check_Form.pdf
2024-02-21 19:05 - 2024-03-03 21:25 - 000016384 _____ C:\dp.jfm
2024-02-21 19:05 - 2024-02-21 19:05 - 000000000 ____D C:\Users\Jeremy\AppData\Roaming\Arrowhead
2024-02-21 19:05 - 2024-01-09 17:55 - 012917888 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\GameMon.des
2024-02-16 19:58 - 2024-03-01 18:41 - 000000000 ____D C:\Users\Jeremy\AppData\Local\DiskDrill
2024-02-16 19:58 - 2024-02-16 19:58 - 000000000 ___HD C:\.cleverfiles
2024-02-16 19:58 - 2024-02-16 19:58 - 000000000 ____D C:\Users\Jeremy\AppData\Local\CrashRpt
2024-02-16 19:58 - 2024-02-16 19:58 - 000000000 ____D C:\ProgramData\CleverFiles
2024-02-16 19:57 - 2024-03-01 18:41 - 000000018 _____ C:\Users\Jeremy\AppData\Roaming\.cache9050425797200915815.dat
2024-02-16 19:53 - 2024-02-16 19:53 - 000000016 _____ C:\ProgramData\mntemp
2024-02-16 19:52 - 2024-02-16 19:53 - 000000000 ____D C:\Users\Jeremy\AppData\Roaming\Wondershare
2024-02-16 18:44 - 2024-02-16 18:44 - 000000000 ____D C:\ProgramData\Piriform
2024-02-15 16:28 - 2024-02-15 16:28 - 000019697 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-15 16:28 - 2024-02-15 16:28 - 000019697 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-15 16:20 - 2024-02-15 16:20 - 000000000 ___HD C:\$WinREAgent
2024-02-06 18:29 - 2024-02-06 18:29 - 000000000 ____D C:\Users\Jeremy\AppData\LocalLow\10 Chambers Collective
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-03-04 00:15 - 2020-08-08 13:49 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-03-03 22:39 - 2020-08-08 11:45 - 000000000 ____D C:\FRST
2024-03-03 22:37 - 2018-12-09 12:12 - 000000000 ____D C:\ProgramData\Package Cache
2024-03-03 22:34 - 2020-08-05 12:52 - 000004154 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{39BDE871-C347-40F3-9C3D-B6ED4A3CE192}
2024-03-03 22:22 - 2020-08-05 12:51 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-03-03 22:22 - 2019-12-07 03:13 - 000000000 ____D C:\WINDOWS\INF
2024-03-03 22:22 - 2018-12-28 13:17 - 000000000 ____D C:\Users\Jeremy\AppData\Local\D3DSCache
2024-03-03 22:19 - 2019-06-24 10:44 - 000000000 ____D C:\SteamLibrary
2024-03-03 22:18 - 2023-05-03 21:56 - 000000000 ____D C:\Users\Jeremy\AppData\Local\Malwarebytes
2024-03-03 22:18 - 2021-12-15 23:38 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-03-03 22:18 - 2020-08-04 14:10 - 000000000 ____D C:\Users\Jeremy\AppData\Local\Oculus
2024-03-03 22:18 - 2018-12-09 11:54 - 000000000 ____D C:\Program Files (x86)\Google
2024-03-03 22:18 - 2018-12-09 11:51 - 000000000 ____D C:\ProgramData\NVIDIA
2024-03-03 22:16 - 2022-07-06 15:23 - 000000000 ____D C:\ProgramData\Origin
2024-03-03 22:16 - 2020-08-05 12:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-03 22:16 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-03 22:16 - 2018-12-09 13:10 - 000000000 ____D C:\ProgramData\AVAST Software
2024-03-03 22:10 - 2019-12-07 03:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-03-03 22:01 - 2018-12-09 21:43 - 000000000 ____D C:\Users\Jeremy\AppData\Local\CrashDumps
2024-03-03 22:01 - 2018-12-09 13:12 - 000000000 ____D C:\Users\Jeremy\AppData\Local\AVAST Software
2024-03-03 21:30 - 2022-07-02 17:17 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-03-03 21:30 - 2022-07-02 17:17 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-03-03 21:30 - 2022-07-02 17:17 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-03-03 21:30 - 2022-07-02 17:17 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-03-03 21:30 - 2022-07-02 17:17 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-03-03 21:30 - 2022-07-02 17:17 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-03-03 21:30 - 2022-07-02 17:17 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-03-03 21:30 - 2022-07-02 17:17 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-03-03 21:30 - 2022-07-02 17:17 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-03-03 21:30 - 2021-12-15 23:45 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3545764084-2441850025-860840010-1001
2024-03-03 21:30 - 2020-10-30 11:00 - 000002588 _____ C:\WINDOWS\system32\Tasks\CreateExplorerShellUnelevatedTask
2024-03-03 21:30 - 2020-08-05 12:52 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-03-03 21:30 - 2020-08-05 12:52 - 000003356 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2024-03-03 21:30 - 2020-08-05 12:52 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-03-03 21:30 - 2020-08-05 12:52 - 000003132 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2024-03-03 21:30 - 2020-08-05 12:52 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3545764084-2441850025-860840010-1001
2024-03-03 21:15 - 2022-07-23 22:18 - 000000000 ____D C:\Users\Jeremy\Documents\Outlook Files
2024-03-03 21:12 - 2019-05-23 17:28 - 000000000 ____D C:\Users\Jeremy\AppData\Roaming\Discord
2024-03-03 20:25 - 2019-05-23 17:28 - 000000000 ____D C:\Users\Jeremy\AppData\Local\Discord
2024-03-03 15:56 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-03 15:56 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-03 14:54 - 2018-12-09 17:20 - 000000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Word
2024-03-03 14:04 - 2023-11-03 15:55 - 000000000 ____D C:\Users\Jeremy\Desktop\Recordings for Transcription
2024-03-03 01:32 - 2022-10-21 07:10 - 000108136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-03-03 01:32 - 2022-10-21 07:10 - 000075368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-03-03 01:32 - 2021-11-25 21:41 - 002713080 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-03-03 01:32 - 2021-11-25 21:41 - 000689768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-03-03 01:32 - 2021-11-25 21:41 - 000218616 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-03-03 01:32 - 2021-11-25 21:41 - 000202344 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-03-03 01:32 - 2021-11-25 21:41 - 000144888 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-03-02 18:43 - 2020-04-04 19:53 - 000000477 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2024-03-02 05:05 - 2020-08-01 09:13 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-02 01:30 - 2019-07-26 19:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2024-03-02 01:25 - 2020-08-05 12:46 - 000008192 ___SH C:\DumpStack.log.tmp
2024-03-02 01:25 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-03-02 01:24 - 2020-08-05 12:47 - 000000000 ____D C:\Users\Jeremy
2024-03-02 01:24 - 2019-12-07 03:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-01 01:59 - 2018-12-09 11:54 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-29 17:18 - 2019-12-03 13:48 - 000000000 ____D C:\Users\Jeremy\AppData\Roaming\RenPy
2024-02-29 13:31 - 2018-12-09 11:45 - 000000000 ____D C:\Users\Jeremy\AppData\Local\Packages
2024-02-29 09:50 - 2020-10-30 11:00 - 000000000 ____D C:\Users\Jeremy\AppData\Local\MEGAsync
2024-02-29 09:33 - 2020-12-15 15:38 - 000000000 ____D C:\Users\Jeremy\AppData\Local\User Data
2024-02-28 06:15 - 2018-12-09 13:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-02-27 21:44 - 2022-02-23 02:00 - 000000000 ____D C:\WINDOWS\system32\SteelSeries
2024-02-20 11:22 - 2019-12-07 03:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-18 07:52 - 2018-12-09 17:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-02-16 19:57 - 2021-02-15 16:03 - 000000000 ____D C:\Program Files\dotnet
2024-02-16 19:55 - 2020-03-07 16:59 - 000000000 ____D C:\ProgramData\Wondershare
2024-02-16 19:52 - 2020-03-07 16:59 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2024-02-16 18:35 - 2019-02-26 18:39 - 000000000 ____D C:\Users\Jeremy\AppData\Local\ElevatedDiagnostics
2024-02-16 16:29 - 2020-08-05 12:47 - 000002420 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-15 21:53 - 2020-08-05 12:46 - 000437216 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-15 21:52 - 2019-12-07 03:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-15 21:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-15 21:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-15 21:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-15 21:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-15 21:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-15 21:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-15 21:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-15 21:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-15 21:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-15 21:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-15 21:52 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-15 16:28 - 2020-08-05 12:48 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-15 16:19 - 2018-12-09 13:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-15 16:16 - 2018-12-09 13:09 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-15 08:37 - 2019-12-07 03:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-12 08:38 - 2020-08-05 12:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-10 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-02-09 14:50 - 2021-05-15 17:48 - 000000000 ____D C:\Users\Jeremy\AppData\Local\ChiTuBox
2024-02-09 12:17 - 2023-01-03 12:39 - 000000000 ____D C:\Users\Jeremy\AppData\Local\T2GP Launcher
2024-02-06 15:58 - 2020-08-04 14:18 - 000000000 ____D C:\Program Files\Oculus
2024-02-03 12:16 - 2022-11-07 08:40 - 000239576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
 
==================== Files in the root of some directories ========
 
2024-02-16 19:57 - 2024-03-01 18:41 - 000000018 _____ () C:\Users\Jeremy\AppData\Roaming\.cache9050425797200915815.dat
2019-12-31 20:45 - 2020-01-16 20:45 - 000003531 _____ () C:\Users\Jeremy\AppData\Roaming\SpeedRunnersLog.txt
2020-05-28 12:18 - 2020-05-28 12:18 - 000000410 _____ () C:\Users\Jeremy\AppData\Local\oobelibMkey.log
 
==================== FCheck ================================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
FCheck: C:\WINDOWS\system32\eac_usermode_1800355010863654.dll [2019-06-27] <==== ATTENTION (zero byte File/Folder)
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Jeremy (03-03-2024 22:40:39)
Running from C:\Users\Jeremy\Desktop\PC Maintenance
Microsoft Windows 10 Home Version 22H2 19045.4046 (X64) (2020-08-05 18:53:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-3545764084-2441850025-860840010-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3545764084-2441850025-860840010-503 - Limited - Disabled)
Guest (S-1-5-21-3545764084-2441850025-860840010-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3545764084-2441850025-860840010-1003 - Limited - Enabled)
Jeremy (S-1-5-21-3545764084-2441850025-860840010-1001 - Administrator - Enabled) => C:\Users\Jeremy
WDAGUtilityAccount (S-1-5-21-3545764084-2441850025-860840010-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 23.01 (x64) (HKLM\...\7-Zip) (Version: 23.01 - Igor Pavlov)
Adobe Acrobat Reader (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 23.003.20284 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.49 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AORUS ENGINE (HKLM-x32\...\AORUS ENGINE_is1) (Version: 1.4.9.1 - GIGABYTE Technology Co.,Inc.)
Apple Mobile Device Support (HKLM\...\{95040521-FCB6-4D6B-A44D-089DBACD5494}) (Version: 17.0.0.24 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.1.0.17816 - Perfect World Entertainment)
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
balenaEtcher 1.7.8 (HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.7.8 - Balena Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite HL-2280DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
CHITUBOX (HKLM-x32\...\CHITUBOX) (Version:  - )
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.8.02045 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{91213CC3-6174-4580-85D9-167470A24315}) (Version: 4.8.02045 - Cisco Systems, Inc.) Hidden
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
CrystalDiskInfo 9.2.3 (HKLM\...\CrystalDiskInfo_is1) (Version: 9.2.3 - Crystal Dew World)
Discord (HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 122.0.6261.95 - Google LLC)
iCloud Outlook (HKLM\...\{542806EA-AFEA-49B5-BC9D-DCAE98BA393B}) (Version: 13.4.0.99 - Apple Inc.)
iTunes (HKLM\...\{7AE35063-BF3A-45AD-9F80-29777979DD15}) (Version: 12.13.1.3 - Apple Inc.)
Kega Fusion 3.64 (HKLM-x32\...\Kega Fusion) (Version: 3.64 - Kega Fusion)
K-Lite Codec Pack 16.1.2 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.1.2 - KLCP)
Malwarebytes version 4.6.9.314 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.9.314 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Host - 5.0.3 (x64) (HKLM\...\{46BE0468-18E5-4BF3-9373-92BB9082C8B6}) (Version: 40.12.29722 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.11 (x64) (HKLM\...\{B92B890A-04F2-4880-BA20-20D4364FB263}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.14 (x64) (HKLM\...\{9C80B2AB-2F2D-45B3-A287-DDA827E3A561}) (Version: 56.56.4026 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.3 (x64) (HKLM\...\{44B62A02-2BA8-4882-BC0F-B0050A052283}) (Version: 40.12.29722 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.11 (x64) (HKLM\...\{5E63E49B-C88C-46C5-855C-A7B07C11CDC8}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.14 (x64) (HKLM\...\{D8110067-D041-4061-84F4-DAB281E54EAC}) (Version: 56.56.4026 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.3 (x64) (HKLM\...\{ACA0A1BB-E1DC-4CE9-8A36-D985EBC75CCF}) (Version: 40.12.29722 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.11 (x64) (HKLM\...\{C3DD1448-513A-4DB8-978D-6991562EA63D}) (Version: 48.47.50420 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.14 (x64) (HKLM\...\{9C583D0D-D10B-4E33-A3A8-CD07B6DB9E2D}) (Version: 56.56.4026 - Microsoft Corporation) Hidden
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.17231.20236 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 122.0.2365.66 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 122.0.2365.66 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\Teams) (Version: 1.2.00.34161 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.3 (x64) (HKLM\...\{3580906C-DC50-44E4-9C2B-6FE015370DD1}) (Version: 40.12.29723 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.3 (x64) (HKLM-x32\...\{b8de4514-1272-485a-8d6b-bcc63b828099}) (Version: 5.0.3.29723 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM\...\{A39D4115-3A27-4245-AE92-3214B8B21932}) (Version: 48.47.50419 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.11 (x64) (HKLM-x32\...\{c4846f79-a633-4ae4-92a3-92fdbeb33da2}) (Version: 6.0.11.31823 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.14 (x64) (HKLM\...\{33ED69D3-7E88-4885-9875-6C0711368017}) (Version: 56.56.4039 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.14 (x64) (HKLM-x32\...\{7f2c8be3-7757-4594-aead-09a5112e7725}) (Version: 7.0.14.33020 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Graphics Driver 537.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 537.34 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.40.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.40.14 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 417.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 417.22 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Oculus (HKLM\...\Oculus) (Version: <3 - Facebook Technologies, LLC)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20236 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13801.20638 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 10.5.122.52971 - Electronic Arts, Inc.)
paint.net (HKLM\...\{B56F4594-AA51-450A-BBD0-2CE48675D33A}) (Version: 4.2.14 - dotPDN LLC)
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
PureVPN (HKLM-x32\...\{f244e648-f9c2-4216-b3ee-6af063c06277}) (Version: 13.2.0.2 - ) Hidden
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 2.10.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.21.24.34 - Razer Inc.)
Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.9.0229.022700 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8378 - Realtek Semiconductor Corp.)
REDlauncher (HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
Resonic Player Beta (HKLM-x32\...\{E92483C7-34E3-49B5-BE12-4CC923A018E6}) (Version: 0.9.3.1806 - Liqube Audio)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.18.1102.1 - GIGABYTE)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
SanDisk Security (HKLM-x32\...\{5d4b1e22-ee0a-42be-85e3-fdedcb0a16da}) (Version: 1.0.0.22 - Western Digital Technologies, Inc.)
SanDisk Security (HKLM-x32\...\{FBCE2D4B-506A-4CD7-B577-FC80E87785BA}) (Version: 1.0.0.22 - Western Digital Technologies, Inc.) Hidden
Spotify (HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\Spotify) (Version: 1.1.63.568.gda8cb5ac - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.18.3 (HKLM\...\SteelSeries Engine 3) (Version: 3.18.3 - SteelSeries ApS)
Syrinscape version 1.4.13-p0 (HKLM-x32\...\Syrinscape Fantasy Player 1.0_is1) (Version: 1.4.13-p0 - Syrinscape Pty Ltd)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.2.0.34161 - Microsoft Corporation)
Telegram Desktop (HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.15 - Telegram FZ-LLC)
TokenTool (HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\{net.rptools.tokentool}}_is1) (Version: 2.1 - rptools)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VirtualMate_launcher  (HKLM-x32\...\VirtualMate_launcher) (Version:  - VirtualMate)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.12 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-4) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Win32DiskImager version 1.0.0 (HKLM-x32\...\{3DFFA293-DF2C-4B23-92E5-3433BDC310E1}}_is1) (Version: 1.0.0 - ImageWriter Developers)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows PC Health Check (HKLM\...\{804A0628-543B-4984-896C-F58BF6A54832}) (Version: 3.7.2204.15001 - Microsoft Corporation)
WinRAR 7.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 7.00.0 - win.rar GmbH)
Worldographer (HKLM-x32\...\Worldographer_0) (Version:  - Inkwell Ideas)
Zoom (HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\ZoomUMX) (Version: 5.16.10 (26186) - Zoom Video Communications, Inc.)
 
Packages:
=========
 
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
HEVC Video Extensions -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_2.0.61933.0_x64__8wekyb3d8bbwe [2023-08-10] (Microsoft Corporation)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_15.0.215.0_x64__nzyj5cx40ttqa [2024-02-15] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe [2023-12-08] (Microsoft) [Startup Task]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2018-12-09] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-09-20] (NVIDIA Corp.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-07-15] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.25.0_x64__nfy108tqq3p12 [2023-01-08] (Thumbmunkeys Ltd)
Rar Zip Extractor Pro -> C:\Program Files\WindowsApps\15647NeonBand.RarZipExtractorPro_1.288.205.0_x86__g3b9h1p9bdemw [2024-02-29] (Andrii Leshchinskiy)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-07] (Microsoft Studios) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3545764084-2441850025-860840010-1001_Classes\CLSID\{02B05120-8EE7-4D96-9539-97B629685A11} -> [Mega] => F:\Stuff from PC\He\Mega [2020-10-30 11:02]
CustomCLSID: HKU\S-1-5-21-3545764084-2441850025-860840010-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\Jeremy\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3545764084-2441850025-860840010-1001_Classes\CLSID\{4244c9a9-ec54-be7e-370e-6665661f6e46}\localserver32 -> "E:\Program Files\CleverFiles\Disk Drill\DD.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3545764084-2441850025-860840010-1001_Classes\CLSID\{FF39CD7D-FE4F-4CE8-9101-920502D3F178} -> [iCloud Drive] => C:\Users\Jeremy\iCloudDrive [2022-07-23 22:18]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jeremy\AppData\Local\MEGAsync\ShellExtX64.dll [2024-02-29] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jeremy\AppData\Local\MEGAsync\ShellExtX64.dll [2024-02-29] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jeremy\AppData\Local\MEGAsync\ShellExtX64.dll [2024-02-29] (Mega Limited -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Jeremy\AppData\Local\MEGAsync\ShellExtX64.dll [2024-02-29] (Mega Limited -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Program Files\WinRAR\rarext.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Program Files\WinRAR\rarext32.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Jeremy\AppData\Local\MEGAsync\ShellExtX64.dll [2024-02-29] (Mega Limited -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Jeremy\AppData\Local\MEGAsync\ShellExtX64.dll [2024-02-29] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Jeremy\AppData\Local\MEGAsync\ShellExtX64.dll [2024-02-29] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_8c8de08a85de4474\nvshext.dll [2023-09-03] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => E:\Program Files\7-Zip\7-zip.dll [2023-06-20] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Program Files\WinRAR\rarext.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Program Files\WinRAR\rarext32.dll [2024-02-26] (win.rar GmbH -> Alexander Roshal)
 
==================== Codecs (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\system32\lvcod64.dll [175392 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
HKLM\...\Drivers32: [vidc.i420] => C:\Windows\SysWOW64\lvcodec2.dll [305000 2012-10-26] (Logitech, Inc. -> Logitech Inc.)
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BattleScribe\BattleScribe Help.lnk -> hxxp://www.battlescribe.net/?tab=hel
 
==================== Loaded Modules (Whitelisted) =============
 
2023-11-09 03:59 - 2023-02-27 14:39 - 001393152 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.Core.Runtime.dll
2018-12-09 18:44 - 2005-04-21 22:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll
2018-12-09 18:44 - 2012-07-05 05:32 - 000084480 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll
2018-12-09 18:05 - 2012-07-31 08:48 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2024-03-03 16:51 - 2023-06-20 02:00 - 000101376 _____ (Igor Pavlov) [File not signed] E:\Program Files\7-Zip\7-zip.dll
2022-07-06 15:24 - 2022-07-06 15:24 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2022-07-06 15:24 - 2022-07-06 15:24 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2022-07-06 15:24 - 2022-07-06 15:24 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2023-03-14 14:45 - 2022-07-06 15:24 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2023-03-14 14:45 - 2022-07-06 15:24 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2023-03-14 14:45 - 2022-07-06 15:24 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2023-03-14 14:45 - 2022-07-06 15:24 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2023-03-14 14:45 - 2022-07-06 15:24 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2023-03-14 14:45 - 2022-07-06 15:24 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\sharepoint.com -> hxxps://iowa-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2019-01-04 17:35 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
2022-05-08 11:10 - 2022-05-08 11:10 - 000000437 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Oculus\Support\oculus-runtime;C:\Program Files (x86)\Razer Chroma SDK\bin;C:\Program Files\Razer Chroma SDK\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Users\Jeremy\AppData\Local\Microsoft\WindowsApps;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 108.166.149.2 - 108.166.149.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: )
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3545764084-2441850025-860840010-1001\...\StartupApproved\Run: => "Spotify"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F2A72E0F-CD6E-429F-AA0F-C03C8D940BAB}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe (Oculus VR, LLC) [File not signed]
FirewallRules: [{BFB8BCC3-89D7-4B1B-97AA-0DA373F8C345}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe (Oculus VR, LLC) [File not signed]
FirewallRules: [{5C80FBD7-93C5-4A26-AF43-E9B819A6C750}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2\Binaries\Win64\Home2-Win64-Shipping.exe => No File
FirewallRules: [{5CA3AE08-3503-40AA-AB2A-0F153C1FEA97}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2\Binaries\Win64\Home2-Win64-Shipping.exe => No File
FirewallRules: [{712033E0-D692-4D37-90C3-D747036C7CA3}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2.exe => No File
FirewallRules: [{253A0D20-FA8A-423E-AEF9-CBA43ABAE697}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Home2.exe => No File
FirewallRules: [{DB46B2A8-E8DE-48AD-9A09-9BCAC74BA28E}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Engine\Binaries\Win64\UnrealCEFSubProcess.exe => No File
FirewallRules: [{286319A5-2E2E-48CF-AAE0-00F0F56A82DC}] => (Allow) C:\Program Files\Oculus\Support\oculus-worlds\Engine\Binaries\Win64\UnrealCEFSubProcess.exe => No File
FirewallRules: [{EC0BDA5D-A605-4C29-B4A8-1ED8BBFD288B}] => (Allow) C:\Program Files\Oculus\Support\oculus-dash\dash\bin\OculusDash.exe (Oculus VR, LLC -> )
FirewallRules: [{3A0BA909-B1BC-4B10-A313-6023A741EA0D}] => (Allow) C:\Program Files\Oculus\Support\oculus-dash\dash\bin\OculusDash.exe (Oculus VR, LLC -> )
FirewallRules: [{121972EF-2991-443C-8D6A-38D709DAD38B}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{8F2E199C-BFC7-45DA-9A7B-EDB9C13E0DBA}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{F5CEC7B3-3C37-4785-A056-95D2CFDF2BA4}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{31C4ACAE-97AB-4ED0-BF21-AB06DF288E6E}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{0107531E-C887-43F3-819B-9F52DFF4D69C}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [{AFB38310-982D-4352-B81A-EDA20C8AC55A}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe (Oculus VR, LLC -> Facebook Technologies, LLC)
FirewallRules: [UDP Query User{C5A12461-84E5-4D94-A300-A660FCFE5A5A}E:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
FirewallRules: [TCP Query User{687F4607-23AC-45C9-91C8-725CDCEFC7E7}E:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
FirewallRules: [UDP Query User{2BC5460F-59FA-410C-A3AE-BADD3385D0AF}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{2C529AE3-3D86-494B-9EA2-29898D426119}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5D89EF22-0043-41D5-B365-02C7CB6EB30B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Blade & Sorcery\BladeAndSorcery.exe () [File not signed]
FirewallRules: [{0685C35D-6AD7-4622-980E-18E7A74C360F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Blade & Sorcery\BladeAndSorcery.exe () [File not signed]
FirewallRules: [UDP Query User{7BE44970-29D3-4FB8-A99C-B15C20302DA4}E:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
FirewallRules: [TCP Query User{92BDD610-C7AC-4BB2-B88B-CCC984BE33ED}E:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\7 days to die\7daystodie.exe () [File not signed]
FirewallRules: [{4339C844-7E42-4C35-8571-126B9094D170}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Half-Life Alyx\game\bin\win64\hlvr.exe (Valve -> )
FirewallRules: [{12E28EB1-9C79-48E1-92AD-ABDCE291E62A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Half-Life Alyx\game\bin\win64\hlvr.exe (Valve -> )
FirewallRules: [UDP Query User{AAF74490-1611-4E76-B0C4-EB3D8E82C5D1}E:\program files (x86)\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve Corp. -> )
FirewallRules: [TCP Query User{85FC21BD-8612-4609-B4B8-404A82C59415}E:\program files (x86)\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\steamvr\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve Corp. -> )
FirewallRules: [{1B2F3F08-040E-4262-9FDD-A2C0CA2795F4}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2D9CDB4B-7269-43FF-9554-0D6893B1C697}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{242BC0AC-D5D4-4F02-9E83-6DE7A6B83077}E:\program files (x86)\steam\steam.exe] => (Allow) E:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{21405627-E98E-4835-8B8C-31E557951BE7}E:\program files (x86)\steam\steam.exe] => (Allow) E:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{8A19D04B-3052-413F-B685-51591C2524CC}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{79BEE7FA-A95E-4BF6-85C3-09F894A42F07}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E00694DF-97E6-44EA-875A-7D900E72A11B}] => (Allow) E:\Oculus Games\Software\epic-games-odin\RoboRecall\Binaries\Win64\RoboRecallModInstaller.exe () [File not signed]
FirewallRules: [{38B4E32D-0C5E-4195-B195-05EFAA109EE3}] => (Allow) E:\Oculus Games\Software\epic-games-odin\RoboRecall\Binaries\Win64\RoboRecallModInstaller.exe () [File not signed]
FirewallRules: [{BC22DBFB-B7C2-423D-80DC-FB69CBFCC9DE}] => (Allow) E:\Oculus Games\Software\epic-games-odin\RoboRecall\Binaries\Win64\RoboRecall-Win64-Shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{D9B2F410-8DCE-44F9-8A85-3FB79FC2A9AC}] => (Allow) E:\Oculus Games\Software\epic-games-odin\RoboRecall\Binaries\Win64\RoboRecall-Win64-Shipping.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{492B3896-865C-478E-9E8E-A67A3F416679}] => (Allow) E:\Oculus Games\Software\epic-games-odin\Engine\Binaries\Win64\CrashReportClient.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{AE0210E9-C0F2-457E-80B7-437DA0F34AE4}] => (Allow) E:\Oculus Games\Software\epic-games-odin\Engine\Binaries\Win64\CrashReportClient.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{E3881764-2B1C-4206-9A78-AD14732C2BE2}] => (Allow) E:\Oculus Games\Software\vertigo-games-arizona-sunshine\UnityCrashHandler64.exe (Unity Technologies SF -> )
FirewallRules: [{F60145A2-75BD-42EB-97D1-849EA00A650E}] => (Allow) E:\Oculus Games\Software\vertigo-games-arizona-sunshine\UnityCrashHandler64.exe (Unity Technologies SF -> )
FirewallRules: [{3368251C-AFA8-4511-B82C-93A25B1CAC7D}] => (Allow) E:\Oculus Games\Software\vertigo-games-arizona-sunshine\ArizonaSunshine.exe () [File not signed]
FirewallRules: [{6A3901FB-AAFB-498F-A069-B7EDE922240E}] => (Allow) E:\Oculus Games\Software\vertigo-games-arizona-sunshine\ArizonaSunshine.exe () [File not signed]
FirewallRules: [{249404AE-964C-424A-AEA2-3E52125A5D77}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CFF58DE5-B5B2-410C-A719-3125F36F9872}] => (Allow) C:\SteamLibrary\steamapps\common\SlayTheSpire\SlayTheSpire.exe => No File
FirewallRules: [{175DC6D1-B4F5-4A8D-A5CB-CC81669620F8}] => (Allow) C:\SteamLibrary\steamapps\common\SlayTheSpire\SlayTheSpire.exe => No File
FirewallRules: [{D6B8C43E-AA52-4D6C-8F23-905840041037}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{7CE61C55-F5ED-4909-855B-A511C482E07E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7dLauncher.exe () [File not signed]
FirewallRules: [{64EE6879-EE0F-40F1-AAB8-761B4EA8AA8A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [{FB01F724-5EF7-483D-88DD-245B4673909C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DyingLightGame.exe (Techland S.A. -> Techland)
FirewallRules: [{CFD7C239-50CD-454A-B384-E27139C41B7B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{4DF98380-F8FA-4CEA-AC3B-0737E4D09C21}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Vermintide 2\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{374535B6-D6F7-4C6A-9628-F8CD79B187E0}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\tbs3\win32\The Banner Saga 3.exe () [File not signed]
FirewallRules: [{634669C7-D528-40A6-859C-C1B2DA33D2C7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\tbs3\win32\The Banner Saga 3.exe () [File not signed]
FirewallRules: [{50F0E829-DC1F-4A25-B022-3A94C32482DC}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Legend of Grimrock\grimrock.exe () [File not signed]
FirewallRules: [{32001794-283D-4501-B790-B76191895793}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Legend of Grimrock\grimrock.exe () [File not signed]
FirewallRules: [{0092E4D9-64CB-45A1-950F-022D4E8FF9C5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Conglomerate 451\Conglomerate 451.exe () [File not signed]
FirewallRules: [{CB4BA1E8-2297-4B49-97D1-C6C6F9C3CF85}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Conglomerate 451\Conglomerate 451.exe () [File not signed]
FirewallRules: [{FF157869-E52E-421E-BEA4-6FC6E319E1C7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{BC9E504E-93D5-473F-95BF-FE59EAA03996}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{2D3583AA-60C8-4F8F-91D4-37165FC5C357}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{3A83CDEB-3072-4814-93B1-F25ECEEF3012}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [File not signed]
FirewallRules: [{5EF67086-6943-4427-9389-D185C7AF8463}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A57B3FA8-84AF-4031-84E7-95581676D641}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{6957ACB2-CE6A-4A07-A4FC-5334DDE9D677}C:\users\jeremy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jeremy\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{A921694D-7FCF-4D1B-A9CB-D9BA35E26D4C}C:\users\jeremy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jeremy\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{360B13AD-CB87-4032-A558-39D5AB814C28}] => (Allow) E:\Users\Jeremy\AppData\Local\VirtualMate_launcher\launcher.exe (Xsolla (USA), Inc -> XSOLLA)
FirewallRules: [{628CB665-1055-45F3-AD1A-177237F5116C}] => (Allow) E:\Users\Jeremy\AppData\Local\VirtualMate_launcher\launcher.exe (Xsolla (USA), Inc -> XSOLLA)
FirewallRules: [{4240EF32-3158-414C-A146-DAEE2826CB85}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe (CORPTRON) [File not signed]
FirewallRules: [{30071BC2-94A0-40EE-861E-AA42E72BD3B3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Duck Game\DuckGame.exe (CORPTRON) [File not signed]
FirewallRules: [{59AAC2DD-FF54-4EF1-BE9A-AFA499642995}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Raft\Raft.exe () [File not signed]
FirewallRules: [{6F34C4E7-BC92-4B09-B6A7-93ED0C904068}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Raft\Raft.exe () [File not signed]
FirewallRules: [{81FC60FD-4660-462B-BF36-5C5BD0D92942}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pathfinder Kingmaker\Kingmaker.exe () [File not signed]
FirewallRules: [{2F38754F-9A75-4ABA-9976-693C05B6C53B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pathfinder Kingmaker\Kingmaker.exe () [File not signed]
FirewallRules: [TCP Query User{987B7EF4-8F53-4D65-934A-085C513D865F}E:\oculus games\software\hyperbolic-magnetism-beat-saber\beat saber.exe] => (Allow) E:\oculus games\software\hyperbolic-magnetism-beat-saber\beat saber.exe () [File not signed]
FirewallRules: [UDP Query User{9B45EEDF-865C-4376-9D88-66AF7D7993E1}E:\oculus games\software\hyperbolic-magnetism-beat-saber\beat saber.exe] => (Allow) E:\oculus games\software\hyperbolic-magnetism-beat-saber\beat saber.exe () [File not signed]
FirewallRules: [{CC39EFF1-1DDC-4F0F-A4CD-DD143A9B9014}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Killer Queen Black\Killer Queen Black.exe () [File not signed]
FirewallRules: [{216A70C6-1B62-481C-8A9E-F3D9EF4031AE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Killer Queen Black\Killer Queen Black.exe () [File not signed]
FirewallRules: [{650FBCDB-6106-4A6A-863E-D858F6A5DE29}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mysterium\Mysterium.exe () [File not signed]
FirewallRules: [{1B2BEDD7-84D5-4104-A3B5-A0713E7BD28B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Mysterium\Mysterium.exe () [File not signed]
FirewallRules: [{EFBD72E7-FAD2-4EAE-B9FD-ED585BAABF7B}] => (Allow) E:\Oculus Games\Software\hyperbolic-magnetism-beat-saber\Beat Saber.exe () [File not signed]
FirewallRules: [{FBB0C8EB-CA83-4793-873B-3041873F8859}] => (Allow) E:\Oculus Games\Software\hyperbolic-magnetism-beat-saber\Beat Saber.exe () [File not signed]
FirewallRules: [{CDB18AFF-0895-4FE3-B7DF-B3682C4BD5CA}] => (Allow) E:\Oculus Games\Software\hyperbolic-magnetism-beat-saber\UnityCrashHandler64.exe (Unity Technologies ApS -> )
FirewallRules: [{7A413315-9F76-45EE-937F-3669CB77DFD1}] => (Allow) E:\Oculus Games\Software\hyperbolic-magnetism-beat-saber\UnityCrashHandler64.exe (Unity Technologies ApS -> )
FirewallRules: [{B84A319A-D29A-432F-A69D-22A19CD3D9E8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe () [File not signed]
FirewallRules: [{2328A45A-1FA1-49CD-80DA-425F3818E8FA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Broforce\Broforce_beta.exe () [File not signed]
FirewallRules: [{0F7CC48A-1F3F-44D1-B205-1F0CFC1ABF08}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{693A677A-B1BE-414B-A5BD-BB680AA2F1CD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe (Re-Logic) [File not signed]
FirewallRules: [{9A84E460-D374-4773-BC80-FFA42AB3E0C9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Black Future '88\BlackFuture'88.exe () [File not signed]
FirewallRules: [{0672DBF6-8ADC-4C1F-A0C4-6A5989F00C6C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Black Future '88\BlackFuture'88.exe () [File not signed]
FirewallRules: [{CC3A3475-1181-4076-98C3-6FBC83327535}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{4A54CF6F-CE9A-4453-AE5F-281A740552ED}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Noita\noita.exe () [File not signed]
FirewallRules: [{8F304E92-BC55-4CE2-85C4-F9D2C556516F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GORN\GORN.exe () [File not signed]
FirewallRules: [{3603C292-EABA-4228-9AF0-C0A60CB90F60}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GORN\GORN.exe () [File not signed]
FirewallRules: [{0D37E662-6AD8-4471-86F7-396E97161911}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\For The King\FTK.exe () [File not signed]
FirewallRules: [{3266F0E1-8F83-436C-8324-35BD2C08E6FB}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\For The King\FTK.exe () [File not signed]
FirewallRules: [{450CDECA-05A1-43E9-8512-214BB9BA41DE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{BC47D813-8F53-4072-B5A8-97B9F15C54C2}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Deep Rock Galactic\FSD.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{2D98A5E2-D532-4BC3-A8A9-6514A3BE3C40}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Out of Space\Out of Space.exe () [File not signed]
FirewallRules: [{45799A49-0F2E-4AB0-AC8D-5184FEE2352D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Out of Space\Out of Space.exe () [File not signed]
FirewallRules: [TCP Query User{37B9BA0C-BFE8-4311-8981-B40C765FC51E}F:\stuff from pc\he\sindusky\welcome to sindusky devbuild v0.01g\welcome to sindusky.exe] => (Block) F:\stuff from pc\he\sindusky\welcome to sindusky devbuild v0.01g\welcome to sindusky.exe => No File
FirewallRules: [UDP Query User{672BCCCA-1245-4756-AF81-E40C583119B5}F:\stuff from pc\he\sindusky\welcome to sindusky devbuild v0.01g\welcome to sindusky.exe] => (Block) F:\stuff from pc\he\sindusky\welcome to sindusky devbuild v0.01g\welcome to sindusky.exe => No File
FirewallRules: [{A9FBA8C2-B1CA-4023-817A-C54B4FD3C268}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe (Klei Entertainment Inc.) [File not signed]
FirewallRules: [{FB0DAEBB-29C7-4657-8A68-75CD3304187E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe (Klei Entertainment Inc.) [File not signed]
FirewallRules: [TCP Query User{1B38C65B-8083-4396-B2A6-5792C3EEA818}F:\stuff from pc\he\games\dine and dash\game.exe] => (Block) F:\stuff from pc\he\games\futa fix dick dine and dash\game.exe => No File
FirewallRules: [UDP Query User{26AF74B2-7E2F-4FB2-8F83-337B326E538B}F:\stuff from pc\he\games\dine and dash\game.exe] => (Block) F:\stuff from pc\he\games\futa fix dick dine and dash\game.exe => No File
FirewallRules: [{07F73C75-4188-4F2A-870D-816E4C4E06F7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unrailed\UnrailedGame.exe (Indoor Astronaut GmbH -> )
FirewallRules: [{8FD56C27-5439-4FB4-B8D4-5F1C1643BEBD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unrailed\UnrailedGame.exe (Indoor Astronaut GmbH -> )
FirewallRules: [{4F104E10-35D4-4B37-967E-947B081248CE}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe => No File
FirewallRules: [{BFB2EBA1-4D1B-4D51-BA72-98B7F5BE7F8A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe => No File
FirewallRules: [{82DAA0A4-6F4A-43C0-992C-F02E191858E6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe => No File
FirewallRules: [{11BED594-A525-4CF4-88AC-A4822547CD23}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe => No File
FirewallRules: [{DF089753-BFDA-4B10-96C9-607DF4C8CBFB}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Conan Exiles - Testlive Client\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe => No File
FirewallRules: [{BDAB7EFF-09C3-4289-ADBA-5859A1C95E67}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Conan Exiles - Testlive Client\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe => No File
FirewallRules: [{13CBCC13-5370-4544-ACD3-F873CBE0E94C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Conan Exiles - Testlive Client\ConanSandbox\Binaries\Win64\ConanSandbox.exe => No File
FirewallRules: [{C3B16B51-F9A8-48EE-95C3-ED6E292DB2B2}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Conan Exiles - Testlive Client\ConanSandbox\Binaries\Win64\ConanSandbox.exe => No File
FirewallRules: [{BC4B67E3-9483-44B2-93BE-982FF88D889E}] => (Allow) C:\Users\Jeremy\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{0F41D2C8-F1A8-41A9-A1F2-F37DCC643942}] => (Allow) C:\Users\Jeremy\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9DCA208E-5E42-44BB-B866-5DB114CFF1EC}] => (Allow) C:\Users\Jeremy\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C7F7AA0D-43DF-475A-80BF-4B212FDF3735}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Convoy\Convoy.exe () [File not signed]
FirewallRules: [{9147C786-B376-4AB9-B50D-EF2707DA828F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Convoy\Convoy.exe () [File not signed]
FirewallRules: [{B84B83FD-AEC4-42AC-AFD7-3B8B079ADA73}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe (WB Games, Inc.) [File not signed]
FirewallRules: [{E98FE21E-CD9A-4782-B4C9-678563231839}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe (WB Games, Inc.) [File not signed]
FirewallRules: [{B1B6BC66-2B9A-40AF-8F4C-F0635C6E2889}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ToeJam & Earl Back In The Groove\backinthegroove.exe () [File not signed]
FirewallRules: [{11CD3D87-2146-495D-B773-758170B0A256}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ToeJam & Earl Back In The Groove\backinthegroove.exe () [File not signed]
FirewallRules: [{EB19510A-1AD8-4319-9490-FCC640B831EF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Kenshi\kenshi_x64.exe () [File not signed]
FirewallRules: [{B40EED39-1E9B-4054-8A05-7E017F3E43F9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Kenshi\kenshi_x64.exe () [File not signed]
FirewallRules: [{DB9212EB-3891-4F38-A0B1-942BD33444C4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Kenshi\forgotten construction set.exe (LoFi Games) [File not signed]
FirewallRules: [{A81DA945-235E-4F5D-B5EB-7A0D11A05FBC}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Kenshi\forgotten construction set.exe (LoFi Games) [File not signed]
FirewallRules: [{0D7003D9-37F3-4F0B-9E18-8FC11BA4439F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Heat Signature\Heat_Signature.exe (Suspicious Developments) [File not signed]
FirewallRules: [{1C821427-59D5-4A75-9004-66257B06720F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Heat Signature\Heat_Signature.exe (Suspicious Developments) [File not signed]
FirewallRules: [{6D145025-9784-478E-AE65-F720EF10AD50}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{65A20F18-9C51-406A-892E-D32FB03A54E4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [File not signed]
FirewallRules: [{87E6EFB4-4059-4BB3-BD73-3AE940941D4F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG  sp. z o.o -> GOG.com)
FirewallRules: [{F8FDA17B-E2B5-40A9-8422-A1305C00B611}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG  sp. z o.o -> GOG.com)
FirewallRules: [TCP Query User{6F0F2326-58EE-440E-83B7-B022BDC80E65}E:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{5BCCB48F-6E74-4BBB-BBE0-0F020194CB84}E:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{639D5626-48D5-41CB-9AB9-76E54C932D33}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Overcooked! 2\Overcooked2.exe () [File not signed]
FirewallRules: [{137D82D7-0901-4453-AAB4-5BF71C04E2E7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Overcooked! 2\Overcooked2.exe () [File not signed]
FirewallRules: [{B8347F3E-8BDA-4E3A-B696-913791CC1C6E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Chaosbane\Exe\Chaosbane.exe => No File
FirewallRules: [{EEBB47B5-8900-4A60-B6A3-49C9EF5275D7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Chaosbane\Exe\Chaosbane.exe => No File
FirewallRules: [{97B15792-6B47-479A-82EE-603C8EDA3432}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Chaosbane\Exe\ResolutionsOptions.exe => No File
FirewallRules: [{1EAFE195-254C-407D-8CFC-C0CD0FC7D44A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer Chaosbane\Exe\ResolutionsOptions.exe => No File
FirewallRules: [{942DBADD-43E8-495F-8D8A-CE9E95D0232E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [{717DF66D-A532-4E63-BD4D-330B3AEB9B31}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [{B0F9DCD1-9D93-4832-B555-9F1D4C514FD9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Streets of Rogue\StreetsOfRogue.exe () [File not signed]
FirewallRules: [{8AC957CC-EA1A-4414-A53C-54591EA854E9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Streets of Rogue\StreetsOfRogue.exe () [File not signed]
FirewallRules: [{CA39651C-06BF-41E6-86C4-EDAAEAF42728}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe (Overhaul Games™) [File not signed]
FirewallRules: [{7B791C5D-6B4B-4466-917F-357042C69493}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Icewind Dale Enhanced Edition\icewind.exe (Overhaul Games™) [File not signed]
FirewallRules: [{AD4CB363-461E-4CFC-B302-04F98CBF6A6E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Shatter Keep\Shatter Keep.exe () [File not signed]
FirewallRules: [{E46A2D8F-7798-4E8E-8814-603F8AD919F1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Shatter Keep\Shatter Keep.exe () [File not signed]
FirewallRules: [{5A12AEB6-9828-43EE-87BC-FE8334B8215C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [{705CF822-21D6-44D2-ABEC-27657F898D76}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Baldur's Gate Enhanced Edition\Baldur.exe (Overhaul Games™) [File not signed]
FirewallRules: [{65EF99BE-BF87-4125-B206-5FCD5FCBC894}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\TheBlackoutClub\TheBlackoutClub.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{5580FC6F-AEE8-4D4A-873A-A896EAC46BDA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\TheBlackoutClub\TheBlackoutClub.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [TCP Query User{9F707700-74AA-489C-8FC1-734A7FD77CE2}E:\program files (x86)\steam\steamapps\common\theblackoutclub\theblackoutclub\binaries\win64\theblackoutclub-win64-shipping.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\theblackoutclub\theblackoutclub\binaries\win64\theblackoutclub-win64-shipping.exe (Question) [File not signed]
FirewallRules: [UDP Query User{C6B444BD-A661-4CA9-8FE1-2DE621D0A4F5}E:\program files (x86)\steam\steamapps\common\theblackoutclub\theblackoutclub\binaries\win64\theblackoutclub-win64-shipping.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\theblackoutclub\theblackoutclub\binaries\win64\theblackoutclub-win64-shipping.exe (Question) [File not signed]
FirewallRules: [{09BC6C41-EB40-451A-A908-468A3A160744}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GreedFall\GreedFall.exe (Focus Home Interactive S.A -> Spiders)
FirewallRules: [{BD7DA09D-3FAB-49DB-8E54-438249DACE1E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\GreedFall\GreedFall.exe (Focus Home Interactive S.A -> Spiders)
FirewallRules: [{E3B27429-A36E-4BD6-A442-38382584C5C9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Gunpoint\Gunpoint.exe () [File not signed]
FirewallRules: [{43D1D8F4-A694-4D32-B82E-F6E9752EF2EF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Gunpoint\Gunpoint.exe () [File not signed]
FirewallRules: [{588C2963-6B92-4CEA-9392-597F19153006}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unepic\unepic.exe () [File not signed]
FirewallRules: [{ED72DCC1-27B6-4F32-8AFE-2E1AEF49820A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Unepic\unepic.exe () [File not signed]
FirewallRules: [{E7D48C38-6B1E-492D-B77A-D62E221E0A2E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pit People\pitpeople.exe () [File not signed]
FirewallRules: [{ED633F9E-BF7D-4E1B-AD8F-F0C336BCD631}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pit People\pitpeople.exe () [File not signed]
FirewallRules: [{395F9B01-5FE5-4C23-9F6B-A25E1CACA5A9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pathfinder Second Adventure\Wrath.exe () [File not signed]
FirewallRules: [{E907D9F5-ECC5-43F6-AB50-82AFAE4247B8}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Pathfinder Second Adventure\Wrath.exe () [File not signed]
FirewallRules: [{94BAA37E-35CA-43F0-B5E4-54A9FE776AA6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [{E2887178-6CC2-4783-A541-DA06FD3DC216}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dungeon of the Endless\DungeonoftheEndless.exe (Unity Technologies SF -> ) [File not signed]
FirewallRules: [TCP Query User{7D756908-4B39-4622-8584-61D3D8346942}F:\stuff from pc\he\games\island saga v5\nw.exe] => (Block) F:\stuff from pc\he\games\island saga v5\nw.exe => No File
FirewallRules: [UDP Query User{B2B3A1B4-7D52-476A-96E5-97B2E2EA0A10}F:\stuff from pc\he\games\island saga v5\nw.exe] => (Block) F:\stuff from pc\he\games\island saga v5\nw.exe => No File
FirewallRules: [TCP Query User{9064442F-82AC-414B-8C1F-DF95A39AAF5F}E:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [UDP Query User{B3F4D7FF-5B79-40DA-A132-529A17896A99}E:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe (Re-Logic) [File not signed]
FirewallRules: [{B30CC7EC-F3AA-4651-ACCC-0ECA24824C77}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{613A74BD-0608-4815-9F15-167709C5EE94}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Shadow Tactics\Shadow Tactics.exe () [File not signed]
FirewallRules: [{1CB8908E-E4A3-48F6-A2F9-658A519D9B8E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Shadow Tactics\Shadow Tactics.exe () [File not signed]
FirewallRules: [{A32ACDC9-C662-4032-9F11-A35799B3F39F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Aliens Fireteam Elite\Endeavor.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{5B0C21AA-8482-470B-9D09-C46871124A9F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Aliens Fireteam Elite\Endeavor.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{6220EF60-C762-4150-BC6F-01279BF8EED9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{51F93FE0-7F98-46B3-AA89-E9D5BDD131F5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{8F969B9F-3DA0-4037-9094-B4B3F41E2BF3}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe (BioWare Corp.) [File not signed]
FirewallRules: [{A3800AAF-9538-49F9-8FED-CC017DE85251}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe (BioWare Corp.) [File not signed]
FirewallRules: [{ECECFDA3-B4B4-4C58-ADA0-2C5835901848}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\STAR WARS Squadrons\starwarssquadrons_launcher.exe (Electronic Arts, Inc. -> Epic Games, Inc)
FirewallRules: [{C1D3602A-709F-47C4-BE2F-6F2289D15D24}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\STAR WARS Squadrons\starwarssquadrons_launcher.exe (Electronic Arts, Inc. -> Epic Games, Inc)
FirewallRules: [TCP Query User{BC0F2F22-6D3E-46B5-A08F-5A613E0AC8C0}E:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [UDP Query User{D0A5C0A5-9A7B-422D-98ED-D4EC15932C3F}E:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\star wars squadrons\starwarssquadrons.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [TCP Query User{2C87091C-86D7-4386-90F2-3FE12F7A65BF}E:\program files (x86)\steam\steamapps\common\star wars battlefront ii\starwarsbattlefrontii.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\star wars battlefront ii\starwarsbattlefrontii.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{3B09611D-2F55-4E84-84FA-ED9E4A0346BB}E:\program files (x86)\steam\steamapps\common\star wars battlefront ii\starwarsbattlefrontii.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\star wars battlefront ii\starwarsbattlefrontii.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{11F90A0C-1EE6-4869-8AD2-005373A02570}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Half-Life Alyx\game\bin\win64\hlvr.exe (Valve -> )
FirewallRules: [{0760C85B-381B-41B2-A119-0C4C7695F7D5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Half-Life Alyx\game\bin\win64\hlvr.exe (Valve -> )
FirewallRules: [{AD8D27E6-3F20-445B-B3E0-F60A4459CE0B}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => No File
FirewallRules: [{24BB7498-9511-4595-9678-D714FF5310E1}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [{7BE7BDF1-3A70-41E4-A8AA-3FB42D2FBFA1}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => No File
FirewallRules: [{BE84F459-3946-4092-8909-34E88F75875A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ToeJam & Earl Back In The Groove\LaunchGame.exe => No File
FirewallRules: [{6AB3972E-29BF-4E29-8924-2161AF2742F9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ToeJam & Earl Back In The Groove\LaunchGame.exe => No File
FirewallRules: [{5CEECC19-5604-4288-BFDD-F0B5FB1E181E}] => (Allow) LPort=54925
FirewallRules: [{D59218C6-3CD9-4336-B145-BCF22E3B0AB4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 DARKTIDE\launcher\Launcher.exe => No File
FirewallRules: [{E0585738-BB6A-4319-8FAB-EFAF5F9151B9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 DARKTIDE\launcher\Launcher.exe => No File
FirewallRules: [TCP Query User{C08403AC-3A2E-4CBE-A6FF-5B32320926BC}E:\program files (x86)\steam\steamapps\common\warhammer 40,000 darktide\binaries\darktide.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\warhammer 40,000 darktide\binaries\darktide.exe => No File
FirewallRules: [UDP Query User{6B9DD8A0-2AF3-4C7A-9AF1-24A346500AF9}E:\program files (x86)\steam\steamapps\common\warhammer 40,000 darktide\binaries\darktide.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\warhammer 40,000 darktide\binaries\darktide.exe => No File
FirewallRules: [{6B9CF85C-DF43-4263-8758-4AFBD187D610}] => (Allow) C:\SteamLibrary\steamapps\common\Warhammer 40,000 DARKTIDE\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [{871096DC-61CA-4B11-9FE0-AF6B0991BC3F}] => (Allow) C:\SteamLibrary\steamapps\common\Warhammer 40,000 DARKTIDE\launcher\Launcher.exe (Fatshark AB -> Fatshark AB)
FirewallRules: [TCP Query User{E5C11F72-CCB5-4FC5-B0B2-BFB733C83B02}C:\steamlibrary\steamapps\common\warhammer 40,000 darktide\binaries\darktide.exe] => (Allow) C:\steamlibrary\steamapps\common\warhammer 40,000 darktide\binaries\darktide.exe (Fatshark Studios AB) [File not signed]
FirewallRules: [UDP Query User{5B76AC93-9C44-44ED-A936-9805A94B5C68}C:\steamlibrary\steamapps\common\warhammer 40,000 darktide\binaries\darktide.exe] => (Allow) C:\steamlibrary\steamapps\common\warhammer 40,000 darktide\binaries\darktide.exe (Fatshark Studios AB) [File not signed]
FirewallRules: [{F121B976-B1DB-4380-AFAA-5F964A83C70D}] => (Allow) C:\SteamLibrary\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [{32167D5E-9758-42B6-AFBC-A61524469072}] => (Allow) C:\SteamLibrary\steamapps\common\SlayTheSpire\jre\bin\javaw.exe => No File
FirewallRules: [{017521B0-D1D6-49EE-ACF7-B4EA5C3E409D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Sentinels of the Multiverse\Sentinels.exe () [File not signed]
FirewallRules: [{4762B3C9-F0F3-4377-914C-FB51FA597F3D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Sentinels of the Multiverse\Sentinels.exe () [File not signed]
FirewallRules: [TCP Query User{53E6AA51-EEBB-4AF5-BA54-4FA6BA8F08B1}C:\steamlibrary\steamapps\common\marvel's midnight suns\midnightsuns\binaries\win64\midnightsuns-win64-shipping.exe] => (Allow) C:\steamlibrary\steamapps\common\marvel's midnight suns\midnightsuns\binaries\win64\midnightsuns-win64-shipping.exe => No File
FirewallRules: [UDP Query User{49A20DBB-CF86-4AD4-838A-96915502FA67}C:\steamlibrary\steamapps\common\marvel's midnight suns\midnightsuns\binaries\win64\midnightsuns-win64-shipping.exe] => (Allow) C:\steamlibrary\steamapps\common\marvel's midnight suns\midnightsuns\binaries\win64\midnightsuns-win64-shipping.exe => No File
FirewallRules: [{65A2206C-765E-4331-BC5B-D92C9BD57E4F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [File not signed]
FirewallRules: [{1EFA98FF-379A-4149-93CA-068ED0B3893B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ProjectZomboid\ProjectZomboid64.exe () [File not signed]
FirewallRules: [TCP Query User{613122D0-5F30-4F5F-A1FC-F52627625E1C}E:\program files (x86)\steam\steamapps\common\projectzomboid\jre64\bin\java.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\projectzomboid\jre64\bin\java.exe
FirewallRules: [UDP Query User{4B247345-7814-4B71-AAC8-96EC6786DE38}E:\program files (x86)\steam\steamapps\common\projectzomboid\jre64\bin\java.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\projectzomboid\jre64\bin\java.exe
FirewallRules: [{469F185D-160F-4533-A864-E4063825329E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{6639FBF8-D76E-4A14-9C21-21CFF869201C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin64\dontstarve_steam_x64.exe () [File not signed]
FirewallRules: [{EFAE16AB-1C20-47FD-BE2C-00296303D50F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{FD4E7E45-C6D6-41F5-ADD8-42A2C5F6A055}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe () [File not signed]
FirewallRules: [{03B8E09A-9E29-4988-A9EE-05B60200CFF1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{E7AF3640-7177-4ECA-9C71-C2D0FD9522A9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe (Techland S.A. -> Techland)
FirewallRules: [{AC4BFC7E-A7B8-458E-9962-BCF99F3539B1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Deep Rock Galactic\Legacy\FSD.exe => No File
FirewallRules: [{D6887255-4C41-4F06-92E7-7107089767FF}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Deep Rock Galactic\Legacy\FSD.exe => No File
FirewallRules: [{0A32AB0E-FFC1-4544-AA30-749D765A275D}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{0F43E8DE-5CA9-4FC8-B873-82B3EBEF488F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe () [File not signed]
FirewallRules: [{49E3DB71-D1F8-48F4-A374-4B86645D287E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Totally Accurate Battle Simulator\TotallyAccurateBattleSimulator.exe () [File not signed]
FirewallRules: [{7B4A8715-4225-47E5-87AA-CBD5879925C5}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Totally Accurate Battle Simulator\TotallyAccurateBattleSimulator.exe () [File not signed]
FirewallRules: [{03EADD05-F6D7-4151-A434-DDD6104FA1B4}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe (Valve Corp. -> Sega Corporation)
FirewallRules: [{05EBD367-321A-4859-AC18-A6E6C2D58035}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warhammer 40,000 Space Marine\SpaceMarine.exe (Valve Corp. -> Sega Corporation)
FirewallRules: [{AD3AEFE1-97B2-4613-BB2E-8FAC3F7B9549}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ChaosGate\ChaosGate.exe () [File not signed]
FirewallRules: [{4E87C541-6BF5-47C4-8C81-AB49EED89CBC}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ChaosGate\ChaosGate.exe () [File not signed]
FirewallRules: [{67D5BD69-1D21-418D-BBFA-3B90058592B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{22462AA9-0340-49E1-A412-0C44850BF07D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{03376127-F1FD-4425-85A3-EABDE3635036}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{D6DBA079-620F-496F-98CB-E4412452FB45}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{B14BA1D9-3B44-4A78-97A3-61DED9C904AA}C:\users\jeremy\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\jeremy\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [UDP Query User{55794A48-3FE8-4513-8B6D-B930D0474F1B}C:\users\jeremy\appdata\local\discord\app-1.0.9013\discord.exe] => (Allow) C:\users\jeremy\appdata\local\discord\app-1.0.9013\discord.exe => No File
FirewallRules: [{E9A5FFF5-D319-4159-A314-317F35834717}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Sifu\Sifu.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{406EEA83-4D8A-4774-B4FD-5BC8D6A59EAA}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Sifu\Sifu.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{2F70FA61-8CD9-4BDD-8A00-13C0466FB11A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Terminator Resistance\Terminator.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{767439A2-C0C2-4FAE-B766-589DBCC94591}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Terminator Resistance\Terminator.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{EB9CCE26-3BF0-4964-AD93-FDB647DF3F4E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Slasta_COTM\Solasta.exe () [File not signed]
FirewallRules: [{DB004714-3E77-4520-AAD3-2494A751872F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Slasta_COTM\Solasta.exe () [File not signed]
FirewallRules: [TCP Query User{A48783FA-5C46-4DD6-B1B2-48B722B5C316}E:\program files (x86)\mirc\mirc.exe] => (Allow) E:\program files (x86)\mirc\mirc.exe => No File
FirewallRules: [UDP Query User{A74E8529-1128-42A2-9729-BBA82F70E01A}E:\program files (x86)\mirc\mirc.exe] => (Allow) E:\program files (x86)\mirc\mirc.exe => No File
FirewallRules: [{241F716B-2049-42D3-8626-C84B95E1806B}] => (Allow) I:\SteamLibrary\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [{ACCF04C0-6722-401E-844D-B30C0A68F5E3}] => (Allow) I:\SteamLibrary\steamapps\common\Baldurs Gate 3\Launcher\LariLauncher.exe (Larian Studios Games Ltd. -> LariLauncher)
FirewallRules: [TCP Query User{0158DAFF-DE42-4D57-B89E-DECFFCC79165}I:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) I:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [UDP Query User{F9F2D1C1-51D1-4DF8-99B1-2C7EE37E3CA1}I:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe] => (Allow) I:\steamlibrary\steamapps\common\baldurs gate 3\bin\bg3_dx11.exe (Larian Studios Games Ltd. -> )
FirewallRules: [{631EDD18-45BF-4077-9A8A-92A9E60C3A6E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AC58BDB3-7606-4F16-9C9C-8B36641608DA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B1F06427-22BE-4540-8A61-181C88DA2729}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D8E97A5B-27C5-477C-8A45-991D7E748822}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{21501DD5-04CD-45FA-9BFA-48B88E4539FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7EB586C9-B6C1-4E5B-BDB1-D00E103FA465}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{867F883C-F7D0-498B-8251-5121424F9250}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{51F41173-8559-490D-A204-91A1B00B2774}] => (Allow) I:\SteamLibrary\steamapps\common\Operation Tango - Demo\Operation Tango.exe () [File not signed]
FirewallRules: [{0A8A1C69-E26D-4193-A0BB-A2BDECEE2C41}] => (Allow) I:\SteamLibrary\steamapps\common\Operation Tango - Demo\Operation Tango.exe () [File not signed]
FirewallRules: [{19BA0BC2-846B-43AD-862A-1176C1536895}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{42805AFA-DAEE-4EEB-9E93-11F63E4B6701}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B1BA29E4-DA1A-4AB9-B58C-9599B4CDCF8E}] => (Allow) E:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{64044D0B-DDDC-4607-B602-B7166D3AD267}] => (Allow) I:\SteamLibrary\steamapps\common\Marvel's Midnight Suns\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [{45DF8C50-0C16-4D9F-B299-44C5868D6B01}] => (Allow) I:\SteamLibrary\steamapps\common\Marvel's Midnight Suns\2KLauncher\LauncherPatcher.exe (Take-Two Interactive Software, Inc. -> Take-Two Interactive Software, Inc.)
FirewallRules: [TCP Query User{B2BF3205-410D-4FC0-ACFC-469A297223CB}I:\steamlibrary\steamapps\common\marvel's midnight suns\midnightsuns\binaries\win64\midnightsuns-win64-shipping.exe] => (Allow) I:\steamlibrary\steamapps\common\marvel's midnight suns\midnightsuns\binaries\win64\midnightsuns-win64-shipping.exe (2K Games, Inc. -> 2K)
FirewallRules: [UDP Query User{987021A5-C837-45A0-8B25-0627703FF685}I:\steamlibrary\steamapps\common\marvel's midnight suns\midnightsuns\binaries\win64\midnightsuns-win64-shipping.exe] => (Allow) I:\steamlibrary\steamapps\common\marvel's midnight suns\midnightsuns\binaries\win64\midnightsuns-win64-shipping.exe (2K Games, Inc. -> 2K)
FirewallRules: [{D314B76B-890E-41EF-A8B5-B49F8247A3A8}] => (Allow) I:\SteamLibrary\steamapps\common\GTFO\GTFO.exe () [File not signed]
FirewallRules: [{1E4C2BE4-0AF9-4EA1-A822-FA283A7C1DB6}] => (Allow) I:\SteamLibrary\steamapps\common\GTFO\GTFO.exe () [File not signed]
FirewallRules: [{44E07983-B697-417B-8E64-C7747D138035}] => (Allow) LPort=57209
FirewallRules: [{DC1B86A1-2C21-463D-BB77-D2EDF6200C33}] => (Allow) LPort=57210
FirewallRules: [{F6C385A9-6A1F-483F-9A30-E5A61587C64B}] => (Allow) LPort=57211
FirewallRules: [{B4D74EF5-6162-4970-83B6-099F52A250AD}] => (Allow) LPort=57212
FirewallRules: [{9FDBA54F-A291-45F8-A9F0-EB3601C6AA08}] => (Allow) LPort=57213
FirewallRules: [{DF3444B0-C711-4631-AD55-E638D16AC47B}] => (Allow) LPort=57214
FirewallRules: [{46EF1EB4-BC2F-4CC1-BD6C-A8700E92F74F}] => (Allow) LPort=57215
FirewallRules: [{C64DE295-7EF2-460D-B73E-C455BADC5DFF}] => (Allow) LPort=57216
FirewallRules: [{6A6BAE49-6A71-4DCF-BD99-354B2B4A626F}] => (Allow) LPort=57217
FirewallRules: [{88435A23-1534-44F9-ADA4-8FB9E046B53C}] => (Allow) LPort=57218
FirewallRules: [{6F043341-E211-413D-AD2E-062B8292DA95}] => (Allow) LPort=57209
FirewallRules: [{F8180996-7F92-4E7D-A7C0-59C812DEE3D8}] => (Allow) LPort=57210
FirewallRules: [{20FC5996-AFC0-432E-9FF7-D2AD6586B5C7}] => (Allow) LPort=57211
FirewallRules: [{E40F4796-076D-48C4-B22A-9CA70591DF5D}] => (Allow) LPort=57212
FirewallRules: [{CCCA1FBE-E44F-4A71-9A84-F493D82FE475}] => (Allow) LPort=57213
FirewallRules: [{517044FC-F97E-482A-988F-DCD3B7E0C656}] => (Allow) LPort=57214
FirewallRules: [{7E6D3B7D-3E8F-41B8-9C93-708517152C9E}] => (Allow) LPort=57215
FirewallRules: [{1D0EDE52-A072-4B20-9B09-DC93E2FC4732}] => (Allow) LPort=57216
FirewallRules: [{E3763BB2-5B1B-4695-87BC-6E49EBC33A9E}] => (Allow) LPort=57217
FirewallRules: [{67457D40-D011-4840-A919-750201144001}] => (Allow) LPort=57218
FirewallRules: [TCP Query User{D24CD059-F8C7-4B49-8F6E-C0DCBEA375C9}C:\users\jeremy\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe] => (Block) C:\users\jeremy\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe => No File
FirewallRules: [UDP Query User{8710FFC1-EE93-4613-AF65-6DC3F7BDDAFC}C:\users\jeremy\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe] => (Block) C:\users\jeremy\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe => No File
FirewallRules: [{460DB9A3-6D06-402F-BD94-46B5B5EE9323}] => (Allow) LPort=23007
FirewallRules: [{CB6FCFF2-8415-47F3-831F-4CB378801E0A}] => (Allow) LPort=23008
FirewallRules: [{09A63EFD-CF26-49AE-B2F5-A48A53118F63}] => (Allow) LPort=33009
FirewallRules: [{528B217F-EF18-4CDC-8B00-8290FDEBD68D}] => (Allow) LPort=33010
FirewallRules: [{99E5A0E2-B903-45AC-A71B-D42A004746A9}] => (Allow) LPort=33011
FirewallRules: [{EC6014DD-662A-45AA-9FD4-1BC346AE059E}] => (Allow) LPort=43012
FirewallRules: [{D1492A0E-AE43-4D3C-A6C1-033EA3622483}] => (Allow) LPort=43013
FirewallRules: [{B93F23AC-69F0-4B7A-95A0-62823298C5B4}] => (Allow) LPort=53014
FirewallRules: [{AFE5DB74-EAE9-4288-A74F-12601530AB46}] => (Allow) LPort=53015
FirewallRules: [{ADD40C87-F53E-4B9D-8BBA-E93371B7DB2D}] => (Allow) LPort=53016
FirewallRules: [{65A5A21E-5E36-476C-9E4C-C47DE2D7383D}] => (Allow) LPort=23007
FirewallRules: [{2690B8BF-EC51-49FE-A086-ECC53B022206}] => (Allow) LPort=23008
FirewallRules: [{BC646831-472A-4AA4-91F2-0956988999CB}] => (Allow) LPort=33009
FirewallRules: [{15A93802-C498-45FE-85E6-1D825B84EBB5}] => (Allow) LPort=33010
FirewallRules: [{B737E164-8C5E-4546-8A28-F8889B070654}] => (Allow) LPort=33011
FirewallRules: [{1C325C44-3731-4081-8C0A-9CA2FB761473}] => (Allow) LPort=43012
FirewallRules: [{EB70197F-2A12-4D46-AB0C-5B9415CAD3A9}] => (Allow) LPort=43013
FirewallRules: [{550E988B-EC82-4C0A-AB60-F360EC1C6D3B}] => (Allow) LPort=53014
FirewallRules: [{A11D5571-8F4E-4A7A-B159-BF581D258F3C}] => (Allow) LPort=53015
FirewallRules: [{0C14D230-51A8-4CAD-A8F3-22B4D9D1B7CB}] => (Allow) LPort=53016
FirewallRules: [{897402B8-4E0A-4F2C-9B8C-5D3DB79FEC4D}] => (Allow) LPort=50053
FirewallRules: [{8E35588A-FF89-4C53-9192-8B8F94E2A4D7}] => (Allow) LPort=50053
FirewallRules: [{161682E5-1678-4F90-AD95-B3A9D84C01C6}] => (Allow) C:\Users\Jeremy\Downloads\tenorshare-4ddig-for-windows.exe => No File
FirewallRules: [{97BAE0E4-598C-452A-A3BC-1FF98F3DB008}] => (Allow) C:\Users\Jeremy\Downloads\tenorshare-4ddig-for-windows.exe => No File
FirewallRules: [{989DFCA1-419F-4487-BDB9-5C464D7186FA}] => (Allow) I:\SteamLibrary\steamapps\common\Helldivers 2\bin\helldivers2.exe (Arrowhead Game Studios AB -> Arrowhead Game Studios AB)
FirewallRules: [{17DB4A9C-16FE-4576-8050-895905FEBADD}] => (Allow) I:\SteamLibrary\steamapps\common\Helldivers 2\bin\helldivers2.exe (Arrowhead Game Studios AB -> Arrowhead Game Studios AB)
FirewallRules: [{70E8C127-34D5-42A8-A907-DC7B9BEDE7BD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3A975F58-3DEF-41AD-B02C-F87060660ADE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E732AA32-0A53-4B1F-B5C3-7C35AA1DF716}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4D48FC35-C388-4232-8585-34C057A205E5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9D597564-B2CD-49BF-87CD-10AA9A238C0F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.59\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{88F1BFAD-19B9-4F9A-A3BA-F55BD854FE90}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{1C191709-4881-4FDD-8957-876B8EC41176}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe => No File
FirewallRules: [{15A11451-D5D5-405F-8C29-FEDD7D75C433}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe => No File
FirewallRules: [{DB47019F-B97A-4A2F-B90E-368154CB4E6F}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe => No File
FirewallRules: [{374A482B-A5DD-476D-9CDC-BE66AEEBCA78}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe => No File
FirewallRules: [{7F594F42-95F3-4074-984B-0206FC72BDCF}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe => No File
FirewallRules: [{9765B1E0-8021-4D4A-8070-98EA1DE3C94E}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe => No File
FirewallRules: [{3BAA681F-F716-46B1-A29F-6AA5092942C6}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ParseRecord.exe => No File
FirewallRules: [{9DE25213-C407-4F6E-A44D-4BAC97DCA17C}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ParseRecord.exe => No File
FirewallRules: [{61FFA8D8-0E56-4086-9C59-64A61BBBBDE3}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe => No File
FirewallRules: [{8EE6D6D0-BC64-44B4-B9CB-E4EF709DF62E}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe => No File
FirewallRules: [{43F8FBDE-01D9-4419-A9A7-D09A5C4A3B40}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\preuninstall.exe => No File
FirewallRules: [{6AB50850-BA3D-4F14-86BB-0528D573F2E7}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\preuninstall.exe => No File
FirewallRules: [{9A8ECCD2-DC35-4872-AC98-7B8CC7C5844C}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe => No File
FirewallRules: [{22E0634D-A03A-44AB-903E-7766C06B3455}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe => No File
FirewallRules: [{0E2D0745-6E61-4FD0-95EE-AE057D922D64}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe => No File
FirewallRules: [{BD3EF4A3-CBAA-472C-A11B-EF0FF9ADA64F}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe => No File
FirewallRules: [{CD06E3AE-01D7-4B11-BF49-319261D12C97}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataScanService.exe => No File
FirewallRules: [{AA32B6E8-4FE8-41D4-AD0D-7ECB4E22C16B}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataScanService.exe => No File
FirewallRules: [{EB13338F-5A83-4339-822C-AC512427B8F4}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataRecoveryService.exe => No File
FirewallRules: [{76C37D0B-B4F0-4DA8-825D-BC7107CEF024}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataRecoveryService.exe => No File
FirewallRules: [{19B1CC25-B8B2-494C-97DA-754191C3D4DF}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe => No File
FirewallRules: [{EBCAB196-9D52-47C7-B7D2-6D1044246C25}] => (Allow) E:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe => No File
FirewallRules: [TCP Query User{F34BF80C-4097-4B20-896B-3386C33DCE47}C:\program files (x86)\gz systems\purevpn\purevpn.exe] => (Allow) C:\program files (x86)\gz systems\purevpn\purevpn.exe => No File
FirewallRules: [UDP Query User{85D65C45-01BB-430D-A907-537CE9065D70}C:\program files (x86)\gz systems\purevpn\purevpn.exe] => (Allow) C:\program files (x86)\gz systems\purevpn\purevpn.exe => No File
FirewallRules: [{8ABFBE0B-DC88-4280-96F2-32397B0D0746}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.66\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices ============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/03/2024 10:16:45 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/03/2024 10:01:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SecHealthUI.exe, version: 10.0.19041.3758, time stamp: 0x2ec74c00
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3996, time stamp: 0xb756c9ff
Exception code: 0xc000027b
Fault offset: 0x000000000012d952
Faulting process id: 0x3ba0
Faulting application start time: 0x01da6de8851c4ed7
Faulting application path: C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 21ba800e-34dc-4d5a-8da7-7a03172ddba1
Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.3636_neutral__cw5n1h2txyewy
Faulting package-relative application ID: SecHealthUI
 
Error: (03/03/2024 10:00:41 PM) (Source: AbtPaaS) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/03/2024 10:00:41 PM) (Source: AbtPaaS) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/03/2024 10:00:41 PM) (Source: AbtPaaS) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/03/2024 10:00:41 PM) (Source: AbtPaaS) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (03/03/2024 09:30:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.19041.3636, time stamp: 0x6e55ef4a
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3996, time stamp: 0xb756c9ff
Exception code: 0xc00001ad
Fault offset: 0x000000000012d952
Faulting process id: 0x49c4
Faulting application start time: 0x01da6de44a1f06de
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 0304e3ec-4fd0-4fbb-99ff-760548411d5e
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/03/2024 09:30:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.19041.3636, time stamp: 0x6e55ef4a
Faulting module name: KERNELBASE.dll, version: 10.0.19041.3996, time stamp: 0xb756c9ff
Exception code: 0xc00001ad
Fault offset: 0x000000000012d952
Faulting process id: 0xc20
Faulting application start time: 0x01da6de44820dd4b
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 073d855d-a1e3-4abe-9fa0-2510787d2919
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (03/03/2024 10:16:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameInput Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (03/03/2024 10:16:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The GameInput Service service terminated with the following error: 
The compound file GameInput Service was produced with a newer version of storage.
 
Error: (03/03/2024 09:36:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameInput Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (03/03/2024 09:36:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The GameInput Service service terminated with the following error: 
The compound file GameInput Service was produced with a newer version of storage.
 
Error: (03/03/2024 09:26:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WpnUserService_69a28 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (03/03/2024 09:23:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Game Manager service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/03/2024 09:13:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GameInput Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (03/03/2024 09:13:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The GameInput Service service terminated with the following error: 
The compound file GameInput Service was produced with a newer version of storage.
 
 
Windows Defender:
================
Date: 2024-02-09 21:53:00
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-02 04:34:44
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-01-24 22:17:09
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-01-23 21:40:13
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-01-22 21:43:35
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2023-10-29 15:58:17
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.399.1511.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23090.2007
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===============
Date: 2024-03-03 22:41:57
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2024-03-03 22:34:46
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. P1.40 07/04/2018
Motherboard: ASRock X470 Master SLI/ac
Processor: AMD Ryzen 7 2700X Eight-Core Processor 
Percentage of memory in use: 51%
Total physical RAM: 16316.7 MB
Available physical RAM: 7849.05 MB
Total Virtual: 16828.7 MB
Available Virtual: 6716.25 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:231.73 GB) (Free:69.85 GB) (Model: CT250MX500SSD1) NTFS
Drive e: (Big Drive) (Fixed) (Total:1863.01 GB) (Free:171.7 GB) (Model: ST2000DM006-2DM164) NTFS
Drive f: (My Passport Working) (Fixed) (Total:465.73 GB) (Free:29.69 GB) (Model: WD My Passport 071A USB Device) NTFS
Drive g: (Seagate Portable Drive) (Fixed) (Total:1863.01 GB) (Free:1308.68 GB) (Model: Seagate Portable SCSI Disk Device) NTFS
Drive h: (2TB Backups) (Fixed) (Total:1862.97 GB) (Free:1704.61 GB) (Model: SanDisk Extreme 55AE SCSI Disk Device) exFAT
Drive i: (2TB Games) (Fixed) (Total:1862.97 GB) (Free:1559.35 GB) (Model: SanDisk Extreme 55AE SCSI Disk Device) exFAT
 
\\?\Volume{e6d16fe6-fc5b-11e8-824b-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS
\\?\Volume{5c4cd2d3-0000-0000-0000-c0043a000000}\ () (Fixed) (Total:0.81 GB) (Free:0.21 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 5C4CD2D3)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=829 MB) - (Type=27)
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: E1F0CA75)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
==========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: FD3FD175)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==========================================================
Disk: 4 (Size: 1863 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
==========================================================
Disk: 5 (Size: 465.7 GB) (Disk ID: B3A4CEC1)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

Edited by Chris Cosgrove, Yesterday, 03:36 AM.
Duplicated post deleted.


BC AdBot (Login to Remove)

 


#2 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Yesterday, 03:27 AM

Hi jesters89,
My name is Dennis and I will assist you with your computer problems.
Please read through these guidelines before we start.

  • Back up any important data, as a precaution, before starting this process.
  • If you are unsure about anything then please ask. This makes the task much easier in the long run.
  • Do not run any other tools or make changes to your system during the removal process.
  • Please do not start a new topic and keep all replies in this thread.
  • Follow the instructions in the sequence advised.
  • Copy and paste the logs into the reply. I will advise if anything needs to be added as an attachment.
  • Here at Bleeping Computer we are mostly volunteers, so please be patient with us. I’ll try to respond within 24 hours. You will be advised if it is expected to be longer than 48 hours.
  • Please let me know if you are going to be delayed in responding. If you do not reply after 5 days, I’ll assume you do not want to continue and will close the topic.
  • Sometimes things might seem to be resolved, but there may still need to be more checks necessary, so please wait until I give the all clear.

Please give me some time to examine your logs and I will get back to you as soon as possible.

Dennis


Edited by Chris Cosgrove, Yesterday, 03:36 AM.
Sorry - wrong post !


#3 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Yesterday, 07:51 AM

I have checked your logs and there are no obvious signs of malware being present.

Please check your Downloads folder and remove anything you do not recognise or are unsure about.
There is some clean-up we can do to try and improve performance, including removing some PureVPN and AVAST remnants.
With that in mind please uninstall the following, after we have run FRST, which should make the entry visable in Progarms and Features.

Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) 

We can then check for anything else Avast related remaining, as there is often a lot left over after uninstalls.
---------------------------------------------------------------------------------
Could you please run this FRST script next.
I have included a firewall reset, as there are numerous orphan entries as well as open ports and unsigned files.
You will probably need to re -authorise some genuine connections after this has been done.
Also included is the The Emptytemp: command.
Note: This will remove cookies and may result in some websites (like banking) indicating they do not recognize your computer. It may be necessary to receive and apply a verification code.
Important: This script was written specifically for you, for use only on this machine. Running this on another machine may cause damage to your operating system

  • Right click on the FRST icon and select Run as administrator.
  • Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
  • It is not necessary to paste the information anywhere as FRST will do this for you.
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
File: C:\dp.jfm
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
2024-03-02 18:43 - 2024-03-02 18:43 - 000002249 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PureVPN.lnk
2024-03-02 18:39 - 2024-03-02 18:39 - 057059440 _____ () C:\Users\Jeremy\Downloads\purevpn_setup.exe
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
2024-03-03 22:16 - 2018-12-09 13:10 - 000000000 ____D C:\ProgramData\AVAST Software
2024-03-03 22:01 - 2018-12-09 13:12 - 000000000 ____D C:\Users\Jeremy\AppData\Local\AVAST Software
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
Powershell: Get-MpComputerStatus
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe  join (No File)
CustomCLSID: HKU\S-1-5-21-3545764084-2441850025-860840010-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\Jeremy\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3545764084-2441850025-860840010-1001_Classes\CLSID\{4244c9a9-ec54-be7e-370e-6665661f6e46}\localserver32 -> "E:\Program Files\CleverFiles\Disk Drill\DD.exe" -ToastActivated => No File
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /RestoreHealth
Emptytemp:
End::
  • Click on the Fix button just once and wait.
  • If the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
Also advise how your computer is running now
-----------------------------------------------------
Then please do this.

  • Right click on FRST and select Run as administrator.
  • Copy and then paste the following in the Search: box.
SearchAll: Avast
  • Click the Search Files button.
  • When completed click OK and a Search.txt document will open on your desktop.
  • Attach the report to your reply. If the file is too large Zip and upload the file here.


#4 jesters89

jesters89
  • Topic Starter

  •  Avatar image
  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted Yesterday, 09:28 AM

Hi Dennis,

 

Thanks for offering your help. I ran the procedures you requested. I'm still getting some of the bugginess. I tried running one game which has never had an issue and got a memory error that read:

"Out of video memory trying to allocate a rendering resource. Make sure your video card has the minimum required memory, try lowering the resolution and/or closing other applications that are running. Exiting..."

 

 I ran HellDivers 2 and it was quite choppy, but did not crash this time. These games ran fine 2 days ago. This is sounding like it may be a hardware or software issue and if that is beyond the scope of what y'all help with, I understand. I've read about a program called memtest86 designed to test whether one's RAM is failing. I may look into that after work today. When running the fix you provided, it took about 45 minutes (not sure if that's typical). Several times during the process the program registered as "not responding" and appeared to freeze. This was especially when interfacing with Chrome temporary files it seemed. In the end it made it through. Here are the files you requested:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Jeremy (04-03-2024 07:00:04) Run:2
Running from C:\Users\Jeremy\Desktop\PC Maintenance
Loaded Profiles: Jeremy
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
File: C:\dp.jfm
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
2024-03-02 18:43 - 2024-03-02 18:43 - 000002249 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PureVPN.lnk
2024-03-02 18:39 - 2024-03-02 18:39 - 057059440 _____ () C:\Users\Jeremy\Downloads\purevpn_setup.exe
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1189.1 - AVAST Software) Hidden
2024-03-03 22:16 - 2018-12-09 13:10 - 000000000 ____D C:\ProgramData\AVAST Software
2024-03-03 22:01 - 2018-12-09 13:12 - 000000000 ____D C:\Users\Jeremy\AppData\Local\AVAST Software
AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}
Powershell: Get-MpComputerStatus
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe  join (No File)
CustomCLSID: HKU\S-1-5-21-3545764084-2441850025-860840010-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\Jeremy\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3545764084-2441850025-860840010-1001_Classes\CLSID\{4244c9a9-ec54-be7e-370e-6665661f6e46}\localserver32 -> "E:\Program Files\CleverFiles\Disk Drill\DD.exe" -ToastActivated => No File
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /RestoreHealth
Emptytemp:
End::
*****************
 
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
 
========================= File: C:\dp.jfm ========================
 
C:\dp.jfm
File not signed
MD5: 40AE11DEBEC78359FDCC6CEE5A41AFF2
Creation and modification date: 2024-02-21 19:05 - 2024-03-03 21:25
Size: 000016384
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DFCB649-0769-4F83-BB10-F60F235F6D3D}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{872D0E53-FD2E-41E3-B431-698AF82882CE}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SkyDrive\Routine Maintenance Task" => removed successfully
C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PureVPN.lnk => moved successfully
C:\Users\Jeremy\Downloads\purevpn_setup.exe => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}\\SystemComponent" => removed successfully
 
"C:\ProgramData\AVAST Software" folder move:
 
C:\ProgramData\AVAST Software => moved successfully
 
"C:\Users\Jeremy\AppData\Local\AVAST Software" folder move:
 
C:\Users\Jeremy\AppData\Local\AVAST Software => moved successfully
"AS: Avast Antivirus (Enabled - Up to date) {5078598A-1FA2-C888-AA5F-A9C66537DB12}" => removed successfully
 
========= Get-MpComputerStatus =========
 
 
 
AMEngineVersion                  : 1.1.24010.10
AMProductVersion                 : 4.18.24010.12
AMRunningMode                    : Normal
AMServiceEnabled                 : True
AMServiceVersion                 : 4.18.24010.12
AntispywareEnabled               : True
AntispywareSignatureAge          : 0
AntispywareSignatureLastUpdated  : 3/3/2024 4:03:08 PM
AntispywareSignatureVersion      : 1.405.1015.0
AntivirusEnabled                 : True
AntivirusSignatureAge            : 0
AntivirusSignatureLastUpdated    : 3/3/2024 4:03:07 PM
AntivirusSignatureVersion        : 1.405.1015.0
BehaviorMonitorEnabled           : True
ComputerID                       : 87FEE38B-9BDC-4B93-AD08-A459D06C0C77
ComputerState                    : 0
DefenderSignaturesOutOfDate      : False
DeviceControlDefaultEnforcement  : 
DeviceControlPoliciesLastUpdated : 3/26/2023 6:46:55 PM
DeviceControlState               : Disabled
FullScanAge                      : 0
FullScanEndTime                  : 3/3/2024 11:04:37 PM
FullScanOverdue                  : False
FullScanRequired                 : False
FullScanSignatureVersion         : 1.405.1008.0
FullScanStartTime                : 3/3/2024 10:20:03 PM
InitializationProgress           : ServiceStartedSuccessfully
IoavProtectionEnabled            : True
IsTamperProtected                : True
IsVirtualMachine                 : False
LastFullScanSource               : 1
LastQuickScanSource              : 2
NISEnabled                       : True
NISEngineVersion                 : 1.1.24010.10
NISSignatureAge                  : 0
NISSignatureLastUpdated          : 3/3/2024 4:03:07 PM
NISSignatureVersion              : 1.405.1015.0
OnAccessProtectionEnabled        : True
ProductStatus                    : 524288
QuickScanAge                     : 18
QuickScanEndTime                 : 2/14/2024 4:39:46 PM
QuickScanOverdue                 : False
QuickScanSignatureVersion        : 1.403.3761.0
QuickScanStartTime               : 2/14/2024 4:36:21 PM
RealTimeProtectionEnabled        : True
RealTimeScanDirection            : 0
RebootRequired                   : False
SmartAppControlExpiration        : 
SmartAppControlState             : Off
TamperProtectionSource           : Signatures
TDTCapable                       : N/A
TDTMode                          : N/A
TDTSiloType                      : N/A
TDTStatus                        : N/A
TDTTelemetry                     : N/A
TroubleShootingDailyMaxQuota     : 
TroubleShootingDailyQuotaLeft    : 
TroubleShootingEndTime           : 
TroubleShootingExpirationLeft    : 
TroubleShootingMode              : 
TroubleShootingModeSource        : 
TroubleShootingQuotaResetTime    : 
TroubleShootingStartTime         : 
PSComputerName                   : 
 
 
 
 
========= End of Powershell: =========
 
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{352E6CA0-7314-4DF4-89C4-682368D80D57}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join" => removed successfully
HKU\S-1-5-21-3545764084-2441850025-860840010-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000} => removed successfully
HKU\S-1-5-21-3545764084-2441850025-860840010-1001_Classes\CLSID\{4244c9a9-ec54-be7e-370e-6665661f6e46} => removed successfully
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
0 out of 0 jobs canceled.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
 
========= End of CMD: =========
 
 
========= sfc /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection did not find any integrity violations.
 
 
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.3636
 
Image Version: 10.0.19045.4046
 
 
[==                         3.8%                           ] 
 
[==                         4.8%                           ] 
 
[===                        5.7%                           ] 
 
[===                        6.7%                           ] 
 
[====                       7.7%                           ] 
 
[=====                      8.7%                           ] 
 
[=====                      9.7%                           ] 
 
[======                     10.6%                          ] 
 
[======                     11.3%                          ] 
 
[=======                    12.3%                          ] 
 
[=======                    13.3%                          ] 
 
[========                   14.3%                          ] 
 
[========                   15.2%                          ] 
 
[=========                  16.2%                          ] 
 
[=========                  17.2%                          ] 
 
[==========                 18.2%                          ] 
 
[===========                19.2%                          ] 
 
[===========                20.2%                          ] 
 
[============               21.1%                          ] 
 
[============               22.1%                          ] 
 
[=============              23.1%                          ] 
 
[=============              24.1%                          ] 
 
[==============             25.1%                          ] 
 
[==============             25.4%                          ] 
 
[==============             25.4%                          ] 
 
[==============             25.5%                          ] 
 
[==============             25.6%                          ] 
 
[===============            26.1%                          ] 
 
[===============            27.1%                          ] 
 
[================           28.1%                          ] 
 
[================           29.1%                          ] 
 
[=================          30.0%                          ] 
 
[=================          31.0%                          ] 
 
[==================         32.0%                          ] 
 
[===================        33.0%                          ] 
 
[===================        33.5%                          ] 
 
[===================        34.2%                          ] 
 
[====================       34.6%                          ] 
 
[====================       35.5%                          ] 
 
[=====================      36.5%                          ] 
 
[=====================      37.4%                          ] 
 
[======================     38.4%                          ] 
 
[======================     39.4%                          ] 
 
[=======================    40.4%                          ] 
 
[=======================    41.4%                          ] 
 
[========================   42.1%                          ] 
 
[========================   43.1%                          ] 
 
[=========================  44.1%                          ] 
 
[=========================  44.5%                          ] 
 
[========================== 45.3%                          ] 
 
[========================== 46.0%                          ] 
 
[===========================46.6%                          ] 
 
[===========================47.2%                          ] 
 
[===========================47.7%                          ] 
 
[===========================48.4%                          ] 
 
[===========================48.8%                          ] 
 
[===========================49.1%                          ] 
 
[===========================49.3%                          ] 
 
[===========================49.4%                          ] 
 
[===========================49.7%                          ] 
 
[===========================50.0%                          ] 
 
[===========================50.9%                          ] 
 
[===========================51.9%                          ] 
 
[===========================52.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.8%                          ] 
 
[===========================55.9%                          ] 
 
[===========================56.1%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.4%                          ] 
 
[===========================56.4%                          ] 
 
[===========================57.4%=                         ] 
 
[===========================58.3%=                         ] 
 
[===========================59.3%==                        ] 
 
[===========================60.3%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
FlushDNS => completed
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 705189314 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 863524570 B
Windows/system/drivers => 216822178 B
Edge => 0 B
Chrome => 2439965286 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 209804 B
LocalService => 971794 B
NetworkService => 3943004 B
Jeremy => 689002230 B
OVRLibraryService => 689002230 B
 
RecycleBin => 0 B
EmptyTemp: => 5.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 07:37:15 ====
 
 
I don't see a way to attach the .txt file in the forum options, so I've pasted the results below:
 
Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by Jeremy (04-03-2024 07:43:41)
Running from C:\Users\Jeremy\Desktop\PC Maintenance
Boot Mode: Normal
 
================== Search Files: "SearchAll: Avast" =============
 
File:
========
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.cat
[2020-08-05 12:47][2020-08-05 12:47] 000007456 _____ () DE67AC8142C10EB12E8AE6C6CDBAF799 [File is digitally signed]
 
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.manifest
[2020-08-05 12:47][2020-08-05 12:47] 000024123 ____N () 47437B704B6D56328C347347462CD02D [File not signed]
 
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.cat
[2020-08-05 12:47][2020-08-05 12:47] 000007457 _____ () 2A9DFB92BD6DECA69672261DFB9E044D [File is digitally signed]
 
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.manifest
[2020-08-05 12:47][2020-08-05 12:47] 000001231 ____N () A77C3C57546E0E66394A1DD29129052B [File not signed]
 
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.cat
[2020-08-05 12:47][2020-08-05 12:47] 000007456 _____ () EAC8D7698558B21A1A533C6A567C06BD [File is digitally signed]
 
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.manifest
[2020-08-05 12:47][2020-08-05 12:47] 000000754 ____N () F6ED6E08D09EBE10597CB2966F6C394E [File not signed]
 
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.cat
[2020-08-05 12:47][2020-08-05 12:47] 000007457 _____ () 777DD2D0BC92B002B9236B6F4F61CB05 [File is digitally signed]
 
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.manifest
[2020-08-05 12:47][2020-08-05 12:47] 000000754 ____N () 44D5DDB1B2C027176887E75382F29D55 [File not signed]
 
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.cat
[2020-08-05 12:47][2020-08-05 12:47] 000007457 _____ () F7BAEFE116151719499F97B4D7A29BC5 [File is digitally signed]
 
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.manifest
[2020-08-05 12:47][2020-08-05 12:47] 000023610 ____N () FF9B36754303E435AFFABAB5168718B4 [File not signed]
 
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.cat
[2020-08-05 12:47][2020-08-05 12:47] 000007457 _____ () B021FBE34930277301DEEC14CDD9E3FE [File is digitally signed]
 
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.manifest
[2020-08-05 12:47][2020-08-05 12:47] 000001227 ____N () 955669576F50AF3D88281103865D3A1D [File not signed]
 
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.cat
[2020-08-05 12:47][2020-08-05 12:47] 000007457 _____ () F8999365A25BB341C55C70CB32DF2D46 [File is digitally signed]
 
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.manifest
[2020-08-05 12:47][2020-08-05 12:47] 000000750 ____N () 709C8063694781F6371E817243F0EB0F [File not signed]
 
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.cat
[2020-08-05 12:47][2020-08-05 12:47] 000007456 _____ () DFB0071CF316CD33F04392304A02A289 [File is digitally signed]
 
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.manifest
[2020-08-05 12:47][2020-08-05 12:47] 000000750 ____N () 8D1CB478D2A7A6AFAE2C38C6524EDA4B [File not signed]
 
C:\Windows\System32\Tasks_Migrated\Avast Driver Updater Startup
[2020-06-21 20:04][2020-06-21 20:06] 000003002 _____ () C2B9BCFCECB88CB023952C48579F8124 [File not signed]
 
C:\Windows\System32\Tasks_Migrated\Avast Emergency Update
[2020-06-21 20:04][2020-07-30 12:00] 000003990 _____ () 34978884B300DC28CF0687EF7E226F47 [File not signed]
 
C:\Windows\Prefetch\AVASTNM.EXE-DDE86B71.pf
[2024-03-03 22:00][2024-03-03 22:00] 000004345 _____ () BC6D8BB80A619431BFDDA1F5F29681AE [File not signed]
 
C:\Windows\Prefetch\AVASTUI.EXE-56B29A08.pf
[2024-03-03 20:59][2024-03-03 20:59] 000013895 _____ () F813D0384A44A4E03EDAFF98D8884C64 [File not signed]
 
C:\Windows\Prefetch\AVASTUI.EXE-56B29A09.pf
[2024-03-03 20:18][2024-03-03 22:00] 000033832 _____ () C2FF45694854930AA6130ACDA84B4A3E [File not signed]
 
C:\Windows\Prefetch\AVASTUI.EXE-56B29A0A.pf
[2024-03-03 20:33][2024-03-03 20:33] 000019509 _____ () 735B3E3C5114764E2E0C638921AE8F32 [File not signed]
 
C:\Windows\Prefetch\AVASTUI.EXE-56B29A10.pf
[2024-03-03 20:21][2024-03-03 21:41] 000024278 _____ () A1AF8E820CD4C31959975ADD131425D4 [File not signed]
 
C:\Users\Jeremy\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\avast! Antivirus
[2024-03-01 16:04][2024-03-01 16:04] 000037014 _____ () D32F3B256BDE0C66F303006880A9122D [File not signed]
 
C:\Program Files\Oculus\CoreData\Manifests\C_ProgramFiles_AVASTSoftware_Avast_AvastUI.json
[2020-09-07 20:34][2020-09-07 20:34] 000000403 _____ () DA0CD37963832F51AF290365612A3AA2 [File not signed]
 
C:\Program Files\Oculus\CoreData\Manifests\C_ProgramFiles_AVASTSoftware_Avast_AvastUI_assets.json
[2020-09-07 20:34][2020-09-07 20:34] 000001175 _____ () 367480DA406C3DD873D933A0F0564A7E [File not signed]
 
C:\FRST\Quarantine\C\ProgramData\AVAST Software\Avastbackend.txt
[2018-12-09 15:41][2019-01-04 18:05] 000009209 _____ () FFFC2CFBBA57DCB0FE1DC0DA1B2B760B [File not signed]
 
C:\FRST\Quarantine\C\ProgramData\AVAST Software\Subscriptions\license.avastlic
[2018-12-09 13:11][2024-03-03 09:41] 000001011 _____ () 61EB8554B5F99F750100F99CD087E65D [File not signed]
 
 
folder:
========
2020-08-05 12:47 - 2020-08-05 12:47 _____ C:\Windows\WinSxS\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5
2020-08-05 12:47 - 2020-08-05 12:47 _____ C:\Windows\WinSxS\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128
2020-08-05 12:47 - 2020-08-05 12:47 _____ C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb
2020-08-05 12:47 - 2020-08-05 12:47 _____ C:\Windows\WinSxS\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e
2020-06-21 20:04 - 2020-08-05 08:50 _____ C:\Windows\System32\Tasks_Migrated\Avast Software
2020-01-25 13:25 - 2020-08-13 12:18 _____ C:\Program Files (x86)\Avast Driver Updater
2020-09-07 20:34 - 2020-09-07 20:34 _____ C:\Program Files\Oculus\CoreData\Software\StoreAssets\C_ProgramFiles_AVASTSoftware_Avast_AvastUI_assets
2018-12-09 13:12 - 2024-03-03 22:01 _____ C:\FRST\Quarantine\C\Users\Jeremy\AppData\Local\AVAST Software
2020-01-25 13:25 - 2020-08-05 12:54 _____ C:\FRST\Quarantine\C\Users\Jeremy\AppData\Local\AVAST Software\Avast Driver Updater
2018-12-09 13:10 - 2024-03-03 22:16 _____ C:\FRST\Quarantine\C\ProgramData\AVAST Software
2018-12-09 13:10 - 2024-03-03 22:16 _____ C:\FRST\Quarantine\C\ProgramData\AVAST Software\Persistent Data\Avast
 
Registry:
========
[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{904a195d-23ae-11ed-832a-7085c2a410c6}\Elements\12000004]
"Element"="Avast Ramdisk options"
[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{904a195d-23ae-11ed-832a-7085c2a410c6}\Elements\32000004]
"Element"="\ProgramData\AVAST Software\Avast\bootimescan\boot.sdi"
[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{904a195e-23ae-11ed-832a-7085c2a410c6}\Elements\12000004]
"Element"="Avast Boot-Time Scan"
[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Browser\aswSP]
"LimitedRegistry"="\REGISTRY\USER\S-1-5-21-3545764084-2441850025-860840010-1001\Software\AVAST Software\Browser
\REGISTRY\MACHINE\Software\WOW6432Node\AVAST Software\Browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software\Browser\aswSP]
"LimitedFolders"="\??\C:\Program Files (x86)\AVAST Software\Browser\
\??\C:\Users\Jeremy\AppData\Local\AVAST Software\Browser\
\??\C:\ProgramData\AVAST Software\Browser\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5]
"ProductName"="Avast Update Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\SourceList]
"PackageName"="AvastBrowserUpdateHelper.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\SourceList]
"LastUsedSource"="n;1;C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\22BA3C918173D4E42B3042F2051065B5\SourceList\Net]
"1"="C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\Avast Driver Updater.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AvastSvc_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AvastSvc_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"AvastUI.exe"="0x020000000000000000000000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"AvastUI.exe"="0x020000000000000000000000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Avast Driver Updater\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9507B717889AF294FAB1CD7FB08E90BA]
"22BA3C918173D4E42B3042F2051065B5"="02:\SOFTWARE\AVAST Software\Browser\Update\MsiStubRun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BA3C918173D4E42B3042F2051065B5\InstallProperties]
"InstallSource"="C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BA3C918173D4E42B3042F2051065B5\InstallProperties]
"Publisher"="AVAST Software"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BA3C918173D4E42B3042F2051065B5\InstallProperties]
"DisplayName"="Avast Update Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5"="0x41766173742E56433134302E4352542C2043756C747572653D6E65757472616C2C20547970653D77696E33322C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D616D643634"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128"="0x41766173742E56433134302E4D46432C2043756C747572653D6E65757472616C2C20547970653D77696E33322C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D616D643634"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f"="0x506F6C6963792E31342E302E41766173742E56433134302E4352542C2043756C747572653D6E65757472616C2C20547970653D77696E33322D706F6C6963792C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D616D643634"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862"="0x506F6C6963792E31342E302E41766173742E56433134302E4D46432C2043756C747572653D6E65757472616C2C20547970653D77696E33322D706F6C6963792C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D616D643634"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb"="0x41766173742E56433134302E4352542C2043756C747572653D6E65757472616C2C20547970653D77696E33322C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D783836"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e"="0x41766173742E56433134302E4D46432C2043756C747572653D6E65757472616C2C20547970653D77696E33322C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D783836"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235"="0x506F6C6963792E31342E302E41766173742E56433134302E4352542C2043756C747572653D6E65757472616C2C20547970653D77696E33322D706F6C6963792C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D783836"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168"="0x506F6C6963792E31342E302E41766173742E56433134302E4D46432C2043756C747572653D6E65757472616C2C20547970653D77696E33322D706F6C6963792C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D783836"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.mfc_fcc99ee6193ebbca_none_018be6966dc83925]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_eea141d5921f913b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
"C:\Program Files\AVAST Software"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
"C:\Program Files (x86)\Avast Driver Updater"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfhost\OneSettings]
"TargetingAttributes"="{"Version":360,"SchemaVersion":1,"PartA":["App","AppVer","AttrDataVer"],"Default":["DeviceFamily","f:FlightRing","t:OSVersionFull"],"PartB":{"ACSOVERRIDE":["OSArchitecture","c:IsAlwaysOnAlwaysConnectedCapable"],"APPTARGETEDFEATUREDB":["c:FlightingBranchName","f:FlightRing","t:OSVersionFull","DeviceFamily"],"CASSCLIENT":["OSVersion","c:OSEdition","f:FlightRing","c:OSUILocale","f:FlightingBranchName","r:OEMMode"],"CDM":["ChassisTypeId","r:CurrentBranch","DeviceFamily","f:FlightingBranchName","f:FlightRing","c:InstallLanguage","c:IsDomainJoined","t:IsTestLab","OEMModel","OSArchitecture","OSVersion","t:OSSkuId","c:ProcessorIdentifier","c:TelemetryLevel","t:IsMsftOwned","t:WCOSProductId","c:OSUILocale","c:CommercialId","s:MinShellVersion","s:MaxShellVersion","c:ActivationChannel","c:SCCMClientId","c:IsCloudDomainJoined","r:WebExperience","c:FlightIds","AccountFirstChar","r:WSX_Windows_Settings_Account","r:InstallDate","r:WSX_Runtime","r:DefaultUserRegion","a:GatedFeature_NI22H2","r:WSX_Windows_Shell_Start","a:GatedFeature_CU23H2","r:ExpStates","n:MXVersion","r:CIOptin","c:ProcessorCores","c:TotalPhysicalRAM","r:TestRN","u:UpdateServiceUrl","u:WUfBClientManaged","r:UUSVersion","DL_OSVersion","r:ExpPkgs","u:AllowOptionalContent","n:IsMicrosoftAAD","q:WidgetsAppVer","c:IsDeviceRetailDemo","r:IsFSOverlay","a:SdbVer_NI22H2","r:EdgeStableVersion","r:Migrated_GatedFeature_NI22H2Setup","a:SdbVer_21H2","a:GatedFeature_21H2"],"CDM_OS":["+CDM","c:FlightIds"],"COMPATLOGGER":["osVer","ring","deviceId"],"CONTENT_DELIVERY_MANAGER":["c:OSEdition","t:OSSkuId","c:OSUILocale","a:UpgEx_CO21H2","a:GStatus_CO21H2","a:DataExpDateEpoch_CO21H2","a:TimestampEpochString_CO21H2","r:AndroidUserOptinValue","f:FlightingBranchName","f:FlightRing","r:CurrentBranch","c:ProcessorModel","r:NPUEnabledDevice","MX_FlightIds","r:KnownFoldersBackupStatus","c:IsDomainJoined","iepe","iste","drgng","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed"],"CORTANA_GATEKEEPER":["r:CurrentBranch","f:FlightRing","f:IsRetailOS"],"CORTANAUWP":["c:OSUILocale","t:OSVersionFull","v:CortanaAppVer"],"CORTANAUWPTEST":["+CORTANAUWP","v:CortanaAppVerTest"],"CTAC":["+FSS"],"DDC":["+WU_STORE","+_WU_PTI"],"DXDB":["DeviceFamily","f:FlightRing","r:IsHybridOrXGpu","t:OSVersionFull","OSVersion"],"EDGE_SERVICEUI":["t:LocalDeviceID","t:LocalUserID"],"FCON":["+CDM"],"FSS":["r:PreviewBuildsManagerEnabled","f:BranchReadinessLevelRaw","u:BranchReadinessLevelSource","r:BuildFID","t:DeviceFamily","DeviceId","c:EnablePreviewBuilds","f:FlightingPolicyValue","f:IsRetailOS","f:ManagePreviewBuilds","OSVersionFull","t:WCOSProductId","r:SmartActiveHoursState","r:ActiveHoursStart","r:ActiveHoursEnd","r:IsCHCapableBuild","r:FSRing","s:MaxShellVersion","s:MinShellVersion","c:TPMVersion","c:SecureBootCapable","c:ProcessorClockSpeed","c:ProcessorCores","c:TotalPhysicalRAM","t:SMode","c:SystemVolumeTotalCapacity","c:OEMManufacturerName","c:OEMModelNumber","a:ISVM","r:AllowUpgradesWithUnsupportedTPMOrCPU","r:IntelPlatformId","r:IsConfigMgrEnabled","f:IsFlightingEnabled","r:DeviceInfoGatherSuccessful"],"FXIRISCLIENT":["+IRISCLIENT"],"GS":["t:OSSkuId","t:OSVersionFull","r:CurrentBranch","r:DefaultUserRegion","DeviceFamily","c:FlightIds","f:FlightingBranchName","f:FlightRing","c:IsCloudDomainJoined","t:IsMsftOwned","f:IsRetailOS","c:OSUILocale","c:IsDomainJoined"],"IRISCLIENT":["+IRISCLIENTBASE","c:FlightIds"],"IRISCLIENTBASE":["DeviceFamily","OSVersion","t:OSSkuId","OSArchitecture","c:TelemetryLevel","f:FlightRing","f:FlightingBranchName","c:InternalPrimaryDisplayResolutionHorizontal","c:InternalPrimaryDisplayResolutionVetical","t:IsMsftOwned","c:ChassisType","OEMModel","c:OSUILocale","c:OSEdition","r:CurrentBranch","t:WCOSProductId","c:InstallationType","r:InstallDate","c:IsCloudDomainJoined","c:IsDeviceRetailDemo","f:IsRetailOS","c:ProcessorClockSpeed","c:ProcessorCores","c:ProcessorManufacturer","c:TotalPhysicalRAM","c:D3DMaxFeatureLevel","c:IsAlwaysOnAlwaysConnectedCapable","t:SMode","t:LocalUserID","r:AndroidUserOptinValue","c:ProcessorModel","MX_FlightIds","a:UpgEx_CO21H2","r:KnownFoldersBackupStatus","c:OEMModelSystemFamily","OEMName_Uncleaned","r:IsSpotlightEnabledInOEMTheme","r:IsSpotlightThemeEnabledByOEM","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed","iepe","iste","drgng"],"IRISCLIENTV2":["+IRISCLIENTBASE","IX_FlightIds"],"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE":["t:OSVersionFull","t:IsTestLab","f:FlightRing"],"MITIGATION":["t:DeviceFamily","f:FlightRing","c:FlightIds","c:IsDomainJoined","t:IsMsftOwned","f:IsRetailOS","t:IsTestLab","IsVM","OEMModel","c:OSEdition","t:OSSkuId","t:OSVersionFull","c:OSUILocale","t:SMode","f:IsFlightingEnabled","c:FirmwareVersion","c:TelemetryLevel","f:FlightingBranchName","r:CurrentBranch","OSVersion","w:FirstStorageSpaceDeviceId","r:IsCldFltSyncRoots","c:OSInstallType","v:IsNotepadExePresent","r:StrictHiveSecurityReg","a:GatedBlockId_21H1","r:UpdateOfferedDays","r:UsoScanMitigation","r:GamingServicesInstalledKey","v:FileExistsMscoreeDll","w:NetFx3State","r:WCFHTTPActivationNotificationState","w:WCFHTTPActivationState","r:WCFNonHTTPActivationNotificationState","w:WCFNonHTTPActivationState","r:DotNetMissingComponentsTroubleshooterSuccess","r:IIS_ASPNET","w:IIS_ASPNET_WMI","r:IIS_NetFxExtensibility","w:IIS_NetFxExtensibility_WMI","r:WAS_NetFxEnvironment","w:WAS_NetFxEnvironment_WMI","v:XamlCbsActivationStore","v:XamlCbsActivationStoreArm64","v:OnnxruntimeVer","w:ElanFingerprintDriverVersion","r:AADBrokerPluginNotRegistered","r:TenantId","r:IppPrinterBadDefaultPdc","r:FlightingOptOutState","r:CloudFilesFilter","r:PSAKyoceraMissingDEH","r:PSATATriumphMissingDEH","r:PSAXeroxMissingDEH","w:PSAKyoceraInstalledName","w:PSATATriumphInstalledName","w:XeroxPsaInstalledName","v:DmdHpControlPackageEnUs","v:DmdHpControlPackageMultiloc","v:DmdHpControlPackageTr"],"MLMOD":["ChassisTypeId","t:DeviceFamily","f:FlightingBranchName","f:FlightRing","f:IsRetailOS","t:OSSkuId","t:OSVersionFull","c:OSUILocale","OSVersion","c:TelemetryLevel","r:CurrentBranch","t:IsTestLab","c:PrimaryDiskType","FX_FlightIds"],"MTP":["+_WU_OS_CORE"],"MUSE":["+_WU_FB","ChassisTypeId","deviceClass","deviceId","c:FlightIds","locale","ms","os","osVer","ring","sampleId","sku","r:DaysSince19H1FUOffer","u:DisableDualScan","u:UpdateServiceUrl","c:CommercialId","f:FlightingBranchName","c:SystemVolumeTotalCapacity","c:IsAlwaysOnAlwaysConnectedCapable","c:ProcessorCores","c:PrimaryDiskType","c:TotalPhysicalRAM","c:ProcessorClockSpeed","c:ProcessorIdentifier","c:ProcessorModel","c:ActivationChannel","c:IsCloudDomainJoined","c:isCommercial","c:IsDomainJoined","c:IsMDMEnrolled","c:SCCMClientID","r:OEMSubModel","c:OEMModelNumber","c:OEMManufacturerName","r:OobeSeeker","r:DefaultUserRegion"],"NARRATORNNV":["+WU_STORE"],"NOISYHAMMER":["+WU_OS"],"PHS":["r:GridZoneName","OEMModel","c:OEMManufacturerName","c:OSUILocale","r:OEMSubModel","DeviceFamily"],"RULESENGINE":["c:OSEdition","t:OSSkuId","c:OSUILocale","a:UpgEx_CO21H2","a:GStatus_CO21H2","a:DataExpDateEpoch_CO21H2","a:TimestampEpochString_CO21H2","r:AndroidUserOptinValue","f:FlightingBranchName","f:FlightRing","r:CurrentBranch","c:ProcessorModel","r:NPUEnabledDevice","MX_FlightIds","r:KnownFoldersBackupStatus","c:IsDomainJoined","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed"],"RUXIM":["c:ActivationChannel","f:FlightRing","r:InstallDate","f:IsFlightingEnabled","a:ISVM","OEMModel","OSArchitecture","t:OSSkuId","c:SCCMClientID","r:SetupDisplayedEulaVersion","r:KioskMode","r:OobeSeeker","r:UninstallActive","c:OEMManufacturerName","r:OEMSubModel"],"SEDIMENTPACK":["+WU_OS"],"SERVICEEXPERIENCES":["f:FlightingBranchName","f:FlightRing","s:MaxShellVersion","s:MinShellVersion","t:IsTestLab","c:TelemetryLevel","t:OSSkuId","r:CurrentBranch","OSVersion","DeviceFamily","r:WSX_Windows_Settings_Account","c:FlightIds","r:WSX_Runtime","r:WSX_Windows_Shell_Start","r:WSX_Windows_AppSample"],"SERVICING_CBS":["+WU","osVer"],"SETUP360":["t:OSSkuId","f:FlightRing"],"SMARTOPTOUT":["+CDM"],"STORAGEGROVELER":["a:Free","c:TelemetryLevel","f:FlightRing","f:IsFlightingEnabled","IsVM","t:OSVersionFull"],"UTC":["+UTC_STATIC","osVer","locale","ring","f:PilotRing","f:IsRetailOS","ms","expId","t:SMode","f:FlightingBranchName","c:CommercialId","r:IsFeedbackHubSelfhost","c:AzureVMType","t:IsTestLab","c:TelemetryLevel","c:IsVirtualDevice","r:IsProcessorMode","r:UtcDataHandlingPolicies"],"UTC_STATIC":["os","deviceId","sampleId","deviceClass","sku","OEMModel","OEMName_Uncleaned","c:PrimaryDiskType","c:ProcessorModel","c:TotalPhysicalRAM"],"UUS":["OSVersion","f:FlightRing","t:IsTestLab","t:OSVersionFull","f:FlightingBranchName","r:CurrentBranch","f:IsFlightingEnabled"],"WAASASSESSMENT":["+WU_OS"],"WAASMEDIC":["os","osVer","ring","deviceClass","deviceId","locale","sku","c:ActivationChannel","c:CommercialId","r:CurrentBranch","f:FlightingBranchName","c:IsCloudDomainJoined","c:IsDomainJoined","t:IsTestLab","OSVersion","c:SCCMClientID","c:TelemetryLevel","r:FlightingOptOutState"],"WOSC":["t:DeviceFamily","f:FlightRing","f:IsFlightingEnabled","t:IsMsftOwned","t:LocalDeviceID","t:OSSkuId","c:OSUILocale","t:OSVersionFull","c:TelemetryLevel","r:IsHybridOrXGpu","r:PlayFabPartyRelay","OSVersion","n:IsMicrosoftAAD","r:WOSCEndpointsSupported"],"WPSHIFT":["+MTP"],"WU":["+WU_OS","r:DUInternal"],"_WU_AV":["r:AvastReg","r:AvastBlackScreen","v:AvastVer","r:AvgReg","v:AvgVer","r:EsetReg","v:EsetVer","r:KasperskyReg","v:KasperskyVer","v:SymantecVer","r:TencentReg","r:TencentType","r:AhnlabInstalledKey","r:AvastInstalledKey","r:AVGInstalledKey","r:AviraInstalledKey","r:BullguardInstalledKey","r:ESETInstalledKey","r:ESTSecurityInstalledKey","r:FSecureInstalledKey","v:GDataInstalledVer","r:K7InstalledKey","r:KasperskyInstalledKey","r:KingsoftInstalledKey","r:LenovoInstalledKey","r:MalwarebytesInstalledKey","r:McAfeeInstalledKey","r:PandaInstalledKey","r:QuickhealInstalledKey1","r:SophosInstalledKey1","r:SymantecInstalledKey","r:TencentInstalledKey","r:ThreatTrackInstalledKey","r:TrendInstalledKey","r:WebrootInstalledKey","v:K7InstalledVer"],"_WU_COMMON":["r:CurrentBranch","r:DefaultUserRegion","DeviceFamily","r:DriverPartnerRing","r:FlightContent","f:FlightingBranchName","f:FlightRing","HoloLens","c:InstallationType","c:InstallLanguage","f:IsFlightingEnabled","r:IsFlightingEnabled","c:MobileOperatorCommercialized","OEMModel","OEMName_Uncleaned","r:OemPartnerRing","OSArchitecture","OSVersion","t:OSSkuId","c:OSUILocale","c:ProcessorManufacturer","r:ReleaseType","v:SkypeRoomSystem","t:SMode","c:TelemetryLevel","r:WindowsMixedReality","v:WuClientVer","p:DucPublisherId","p:DucDeviceModelId","p:DucOemPartnerRing","p:DucCustomPackageId","p:DesiredOsVersion","p:DesiredSystemManifestVersion","r:TenantId"],"_WU_FB":["u:BranchReadinessLevel","u:DeferQualityUpdatePeriodInDays","u:DeferFeatureUpdatePeriodInDays","r:PausedFeatureStatus","r:PausedQualityStatus","u:TargetReleaseVersion","r:QUDeadline","r:UpdatePreference","r:UpdateOfferedDays","u:TargetProductVersion","DSS_Enrolled","r:NonSecurityUpdate"],"WU_OS":["+_WU_OS_CORE","+_WU_FB"],"_WU_OS_CORE":["+_WU_COMMON","+_WU_AV","r:AhnLabKeyboard","a:Bios","r:BlockFeatureUpdates","c:CommercialId","a:DataVer_RS5","r:DisconnectedStandby","r:DchuNvidiaGrfxExists","r:DchuNvidiaGrfxVen","r:DchuIntelGrfxExists","r:DchuIntelGrfxVen","r:DchuAmdGrfxExists","r:DchuAmdGrfxVen","c:FirmwareVersion","a:Free","a:GStatus_RS3","a:GStatus_RS4","a:GStatus_RS5","r:HidOverGattReg","r:InstallDate","c:IsDeviceRetailDemo","c:IsPortableOperatingSystem","IsVM","c:OEMModelBaseBoard","r:OobeSeeker","r:OSRollbackBuild","r:OSRollbackCount","r:OSRollbackDate","PhoneTargetingName","r:PonchAllow","r:PonchBlock","c:ProcessorIdentifier","r:RecoveredFromBuild","r:RecoveredOnDate","r:Steam","v:TobiiVer","v:TrendMicroVer","r:UninstallActive","l:UpdateManagementGroup","a:UpgEx_RS3","a:UpgEx_RS4","a:UpgEx_RS5","a:Version_RS5","r:DisableWUfBOfferBlock","a:UpgEx_19H1","a:SdbVer_19H1","a:GStatus_19H1","a:GStatus_19H1Setup","a:TimestampEpochString_19H1Setup","a:GenTelRunTimestamp_19H1","a:DataExpDateEpoch_19H1","u:EnableWUfBUpgradeGates","r:GStatusBlockIDs_All","TimestampDelta_19H1Subtract19H1Setup","DataExpDateDelta_19H1Subtract19H1Setup","a:DataExpDateEpoch_19H1Setup","a:TimestampEpochString_19H1","r:IsContainerMgrInstalled","r:IsWDAGEnabled","r:MTPTargetingInfo","r:EKB19H2InstallCount","r:EKB19H2UnInstallCount","r:EKB19H2InstallTimeEpoch","r:EKB19H2UnInstallTimeEpoch","r:BlockEdgeWithChromiumUpdate","r:IsWDATPEnabled","r:IsAutopilotRegistered","r:EdgeWithChromiumInstallVersion","r:EdgeWithChromiumInstallFailureCount","r:IsEdgeWithChromiumInstalled","r:KioskMode","c:IsCloudDomainJoined","c:IsDomainJoined","a:DataExpDateEpoch_20H1","a:DataExpDateEpoch_20H1Setup","a:GStatus_20H1","a:GStatus_20H1Setup","a:SdbVer_20H1","a:TimestampEpochString_20H1","a:TimestampEpochString_20H1Setup","DataExpDateDelta_20H1Subtract20H1Setup","TimestampDelta_20H1Subtract20H1Setup","a:UpgEx_20H1","r:AutopilotUpdateInProgress","r:UHSEnrolled","r:HotPatchEKBInstalled","r:LCUVer","c:isCommercial","c:ActivationChannel","c:IsMDMEnrolled","c:SCCMClientID","r:ChinaTypeApproval_CTA","p:DesiredOcpVersion","r:UpgradeEligible","r:AllowInPlaceUpgrade","r:SH_SIPolicyCleanup","r:FeatureUpdateDeadline","a:DataExpDateEpoch_21H1","a:UpgEx_CO21H2","a:GStatus_21H1","DataExpDateDelta_21H1Subtract20H1Setup","TimestampDelta_21H1Subtract20H1Setup","a:TimestampEpochString_21H1","r:OEMSubModel","c:ProcessorModel","c:TPMVersion","r:StayOnWindows10Timestamp","a:GStatus_CO21H2Setup","TimestampDelta_CO21H2SubtractCO21H2Setup","DataExpDateDelta_CO21H2SubtractCO21H2Setup","a:TimestampEpochString_CO21H2Setup","a:DataExpDateEpoch_CO21H2Setup","a:TimestampEpochString_CO21H2","a:DataExpDateEpoch_CO21H2","a:GStatus_CO21H2","p:SetPolicyDrivenUpdateSourceForFeatureUpdates","r:DchuNvidiaGrfxVenTest","a:DataExpDateDelta_21H2Subtract20H1Setup","a:TimestampEpochString_21H2","a:TimestampDelta_21H2Subtract20H1Setup","a:GStatus_21H2","a:DataExpDateEpoch_21H2","r:DSS_Enrolled_DF","r:UpgradeAccepted","r:SetupDisplayedEulaVersion","c:ProcessorCores","c:ProcessorClockSpeed","c:TotalPhysicalRAM","c:SecureBootCapable","c:PrimaryDiskTotalCapacity","r:BitDefenderInstalledKey","r:BroadcomInstalledKey","v:CrowdStrikeInstalledVer","r:QihooInstalledKey","r:Win11UpgradeAcceptedTimestamp","a:UpgEx_NI22H2","r:OobeNdupAcceptedTarget","r:OobeNdupFU22621CommitChoice","a:DataExpDateEpoch_NI22H2","a:GStatus_NI22H2","a:GStatus_NI22H2Setup","a:TimestampEpochString_NI22H2Setup","TimestampDelta_NI22H2SubtractNI22H2Setup","DataExpDateDelta_NI22H2SubtractNI22H2Setup","a:DataExpDateEpoch_NI22H2Setup","a:TimestampEpochString_NI22H2","r:IsVbsEnabled","r:FODRetryPending","r:UserInPlaceUpgrade","v:HidparseDriversVer","v:HidparseSystem32Ver","v:HidparseSystem32Ver1","r:CIOptin","r:FlightingOptOutState","p:WSUSconfigured_csp","a:UpgEx_NI22H2Setup","a:UpgEx_CO21H2Setup","u:WUfBClientManaged","u:UpdateServiceUrl","u:AllowOptionalContent","FX_FlightIds","DL_OSVersion","r:ExpPkgs","r:UUSVersion","c:FlightIds","r:OobeNdupFUTarget","a:GStatus_NI23H2","a:DataExpDateEpoch_NI23H2","a:TimestampEpochString_NI23H2","DataExpDateDelta_NI23H2SubtractNI22H2Setup","TimestampDelta_NI23H2SubtractNI22H2Setup","r:LaunchUserOOBE","r:RobloxPlayer","r:RobloxStudio","c:VBSState"],"_WU_PTI":["c:FrontFacingCameraResolution","c:RearFacingCameraResolution","c:TotalPhysicalRAM","c:NFCProximity","c:Magnetometer","c:Gyroscope","c:D3DMaxFeatureLevel","c:InternalPrimaryDisplayResolutionHorizontal","c:InternalPrimaryDisplayResolutionVetical"],"WU_STORE":["+_WU_COMMON","r:AppChannels","r:AppRMIDs","u:BranchReadinessLevel"]},"Required":["App","AppVer","AttrDataVer"],"Aliases":{"AccountFirstChar":"c:MSA_Accounts","ChassisTypeId":"c:ChassisType","CX_FlightIds":"c:CX_FlightIds","DataExpDateDelta_19H1Subtract19H1Setup":"a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup","DataExpDateDelta_20H1Subtract20H1Setup":"a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup","DataExpDateDelta_21H1Subtract20H1Setup":"a:DataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup","DataExpDateDelta_CO21H2SubtractCO21H2Setup":"a:DataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup","DataExpDateDelta_NI22H2SubtractNI22H2Setup":"a:DataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup","DataExpDateDelta_NI23H2SubtractNI22H2Setup":"a:DataExpDateEpoch_NI23H2_Subtract_DataExpDateEpoch_NI22H2Setup","deviceClass":"DeviceFamily","deviceId":"t:LocalDeviceID","DeviceId":"t:LocalDeviceID","DL_OSVersion2":"DL_OSVersion","drgng":"r:DurableDeviceRegionGeo","DSS_Enrolled":"r:DSS_Enrolled_State","EdgeStableVersion":"r:EdgeStableVersion","expId":"c:FlightIds","FlightRing":"f:FlightRing","FX_FlightIds":"c:FlightIds","iepe":"g:IsCampaignEdgePromotionEnabled","iste":"g:IsCampaignSegmentTargetingEnabled","IsVM":"a:ISVM","IX_FlightIds":"c:FlightIds","locale":"c:OSUILocale","ms":"t:IsMsftOwned","MX_FlightIds":"c:FlightIds","OEMModel":"c:OEMModelNumber","OEMName_Uncleaned":"c:OEMManufacturerName","osVer":"t:OSVersionFull","OSVersionFull":"t:OSVersionFull","PhoneTargetingName":"c:OEMModelName","ring":"f:FlightRing","sampleId":"t:PopVal","sku":"t:OSSkuId","TimestampDelta_19H1Subtract19H1Setup":"a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup","TimestampDelta_20H1Subtract20H1Setup":"a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup","TimestampDelta_21H1Subtract20H1Setup":"a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup","TimestampDelta_CO21H2SubtractCO21H2Setup":"a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup","TimestampDelta_NI22H2SubtractNI22H2Setup":"a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup","TimestampDelta_NI23H2SubtractNI22H2Setup":"a:TimestampEpochString_NI23H2_Subtract_TimestampEpochString_NI22H2Setup"},"Fallback":{"r:AhnlabInstalledKey":"r:AhnlabInstalledWowKey","r:AvastBlackScreen":"r:AvgBlackScreen","r:AvastInstalledKey":"r:AvastInstalledWowKey","r:AVGInstalledKey":"r:AVGInstalledWowKey","r:AviraInstalledKey":"r:AviraInstalledWowKey","a:Bios":"a:Bios_RS3","a:Bios_RS3":"a:Bios_RS4","a:Bios_RS4":"a:Bios_RS5","r:BlockFeatureUpdates":"r:BlockWUUpgrades","r:BlockWUUpgrades":"r:BlockWUUpgradesWow","r:BuildFID":"r:BuildFID_WCOS","r:BuildFID_WCOS":"r:BuildFID_WCOS2","r:BullguardInstalledKey":"v:BullguardInstalledVer","a:DataExpDateEpoch_CO21H2":"r:DataExpDateEpoch_CO21H2RegFb","r:DchuAmdGrfxVen":"r:DchuAmdGrfxVen2","r:DchuAmdGrfxVen2":"r:DchuAmdGrfxDeletePending","r:DchuIntelGrfxDeletePending":"r:DchuIntelGrfxNExists","r:DchuIntelGrfxVen":"r:DchuIntelGrfxVen2","r:DchuIntelGrfxVen2":"r:DchuIntelGrfxDeletePending","r:DchuNvidiaGrfxVen":"r:DchuNvidiaGrfxVen2","r:DchuNvidiaGrfxVen2":"r:DchuNvidiaGrfxDeletePending","DL_OSVersion":"OSVersion","r:DriverPartnerRing":"r:OSDataDriverPartnerRing","r:EdgeStableOPV_Native":"r:EdgeStablePV_Native","r:EdgeStablePV_WOW6432":"r:EdgeStableOPV_Native","r:EdgeStableVersion":"r:EdgeStablePV_WOW6432","r:EdgeWithChromiumInstallFailureCount":"r:EdgeWithChromiumInstallFailureCountWow","r:EdgeWithChromiumInstallVersion":"r:EdgeWithChromiumInstallVersionWow","u:EnableWUfBUpgradeGates":"r:EnableWUfBUpgradeGatesRS5","r:ESETInstalledKey":"r:ESETInstalledWowKey","r:ESTSecurityInstalledKey":"r:ESTSecurityInstalledWowKey","f:FlightingBranchName":"c:FlightingBranchName","a:Free":"a:Free_RS3","a:Free_RS3":"a:Free_RS4","a:Free_RS4":"a:Free_RS5","r:FSecureInstalledKey":"r:FSecureInstalledWowKey","a:GatedFeature_NI22H2":"r:Migrated_GatedFeature_NI22H2Setup","a:GStatus_CO21H2":"r:GStatus_CO21H2RegFb","HoloLens":"r:WindowsMixedReality","r:IsEdgeWithChromiumInstalled":"r:IsEdgeWithChromiumInstalledWow","a:ISVM":"a:ISVM_RS3","a:ISVM_RS3":"a:ISVM_RS4","a:ISVM_RS4":"a:ISVM_RS5","r:K7InstalledKey":"r:K7InstalledWowKey","r:KasperskyInstalledKey":"r:KasperskyInstalledWowKey","r:KingsoftInstalledKey":"r:KingsoftInstalledWowKey","r:LenovoInstalledKey":"r:LenovoInstalledWowKey","r:MalwarebytesInstalledKey":"r:MalwarebytesInstalledWowKey","r:McAfeeInstalledKey":"r:McAfeeInstalledWowKey","r:Migrated_GatedFeature_NI22H2Setup":"r:Migrated_GatedFeature_NI22H2","c:OEMModelBaseBoard":"r:OEMModelBaseBoard","r:PandaInstalledKey":"r:PandaInstalledWowKey","r:PandaInstalledWowKey":"v:PandaInstalledVer","r:PonchAllow":"r:PonchAllowKey","r:PonchAllowKey":"r:PonchAllowWow","r:PonchAllowWow":"r:PonchAllowWowKey","r:QUDeadline":"r:QUDeadlineMDM","r:QuickhealInstalledKey1":"r:QuickhealInstalledKey2","r:SophosInstalledKey1":"r:SophosInstalledKey2","r:SymantecInstalledKey":"r:SymantecInstalledWowKey","v:SymantecVer":"v:SymantecVer64","u:TargetReleaseVersion":"r:TargetReleaseVersionGP","r:TargetReleaseVersionGP":"r:TargetReleaseVersionMDM","r:TencentInstalledKey":"r:TencentInstalledWowKey","r:ThreatTrackInstalledKey":"r:ThreatTrackInstalledWowKey","a:TimestampEpochString_CO21H2":"r:TimestampEpochString_CO21H2RegFb","v:TobiiVer":"v:TobiiVerx86","v:TobiiVerx86":"v:TobiiVer1x86","r:TrendInstalledKey":"r:TrendInstalledWowKey","r:TrendInstalledWowKey":"v:TrendInstalledVer","a:UpgEx_CO21H2":"r:UpgEx_CO21H2RegFb","r:UpgradeAccepted":"r:Win11UpgradeAcceptedWUSeeker","r:WebExperience":"r:WebExperienceWow","r:WebrootInstalledKey":"r:WebrootInstalledWowKey"},"Transform":{"AccountFirstChar":{"SubLength":1},"CX_FlightIds":{"Regex":"CX:[^,]*","RegexDelimiter":","},"FlightingOptOutState":{"Ignore":["0"]},"FX_FlightIds":{"Regex":"FX:[^,]*","RegexDelimiter":","},"IppPrinterBadDefaultPdc":{"Contains":"V4_No_ChangeID_Present"},"IsDomainJoined":{"Ignore":["0"]},"IsHybridOrXGpu":{"Ignore":["0"]},"IsMsftOwned":{"Ignore":["0"]},"IsPortableOperatingSystem":{"Ignore":["0"]},"IsTestLab":{"Ignore":["0"]},"IsVM":{"Ignore":["0"]},"IX_FlightIds":{"Regex":"IX:[^,]*","RegexDelimiter":","},"MX_FlightIds":{"Regex":"ME:[^,]*|MD:[^,]*","RegexDelimiter":","},"OEMModel":{"SubLength":100},"OEMName_Uncleaned":{"SubLength":100},"PausedFeatureStatus":{"Ignore":["0"]},"PausedQualityStatus":{"Ignore":["0"]},"PSAKyoceraInstalledName":{"Contains":"A97ECD55.KYOCERAPrintCenter"},"PSATATriumphInstalledName":{"Contains":"TATriumph-AdlerGmbH.TAUTAXPrintCenter"},"SMode":{"Ignore":["0"]},"StayOnWindows10Timestamp":{"SubLength":-3,"Ignore":[""]},"XeroxPsaInstalledName":{"Contains":"XeroxCorp.PrintExperience"}},"Registry":{"AADBrokerPluginNotRegistered":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered","IfExists":true},"ActiveHoursEnd":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"ActiveHoursEnd","RegValueType":"REG_DWORD"},"ActiveHoursStart":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"ActiveHoursStart","RegValueType":"REG_DWORD"},"AhnlabInstalledKey":{"FullPath":"SOFTWARE\\Ahnlab","IfExists":true},"AhnlabInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Ahnlab","IfExists":true},"AhnLabKeyboard":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt","ValueName":"NbTpMsExist"},"AllowInPlaceUpgrade":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"AllowInPlaceUpgrade","RegValueType":"REG_DWORD"},"AllowUpgradesWithUnsupportedTPMOrCPU":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\MoSetup","ValueName":"AllowUpgradesWithUnsupportedTPMOrCPU","RegValueType":"REG_DWORD"},"AndroidUserOptinValue":{"HKey":"HKEY_CURRENT_USER","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\","ValueName":"OptedIn","RegValueType":"REG_DWORD"},"AppChannels":{"FullPath":"SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*","ValueName":"ChannelId","EncodingType":"Json"},"AppRMIDs":{"FullPath":"SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*","ValueName":"ReleaseManagementId","EncodingType":"Json"},"AutopilotUpdateInProgress":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate","ValueName":"AutopilotUpdateInProgress","RegValueType":"REG_DWORD"},"AvastBlackScreen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters","ValueName":"Win10-1803"},"AvastInstalledKey":{"FullPath":"SOFTWARE\\Avast Software\\Avast","IfExists":true},"AvastInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Avast Software\\Avast","IfExists":true},"AvastReg":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters","ValueName":"QualityCompat"},"AvgBlackScreen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters","ValueName":"Win10-1803"},"AVGInstalledKey":{"FullPath":"SOFTWARE\\AVG\\Antivirus","IfExists":true},"AVGInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\AVG\\Antivirus","IfExists":true},"AvgReg":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters","ValueName":"QualityCompat"},"AviraInstalledKey":{"FullPath":"SOFTWARE\\X-AVCSD\\Workstation\\Antivirus","IfExists":true},"AviraInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus","IfExists":true},"BitDefenderInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}","IfExists":true},"BlockEdgeWithChromiumUpdate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"DoNotUpdateToEdgeWithChromium","RegValueType":"REG_DWORD"},"BlockFeatureUpdates":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade","ValueName":"BlockFeatureUpdates","RegValueType":"REG_DWORD"},"BlockWUUpgrades":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile","ValueName":"BlockWUUpgrades","RegValueType":"REG_DWORD"},"BlockWUUpgradesWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile","ValueName":"BlockWUUpgrades","RegValueType":"REG_DWORD"},"BroadcomInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Symantec\\Symantec Endpoint Protection","IfExists":true},"BuildFID":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BuildFID_WCOS":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BuildFID_WCOS2":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BullguardInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard","IfExists":true},"ChinaTypeApproval_CTA":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess","ValueName":"ActivePolicyCode","RegValueType":"REG_SZ"},"CIOptin":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"IsContinuousInnovationOptedIn","RegValueType":"REG_DWORD"},"CloudFilesFilter":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\","ValueName":"DefaultInstance","RegValueType":"REG_SZ"},"CurrentBranch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"BuildBranch","RegValueType":"REG_SZ"},"DataExpDateEpoch_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"DataExpDateEpoch","RegValueType":"REG_SZ"},"DaysSince19H1FUOffer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin","ValueName":"DaysSinceLastOffer","RegValueType":"REG_QWORD"},"DchuAmdGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","ValueName":"DriverDelete"},"DchuAmdGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","IfExists":true},"DchuAmdGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","ValueName":"DCHUVen"},"DchuAmdGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters","ValueName":"DCHUVen"},"DchuIntelGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","ValueName":"DriverDelete"},"DchuIntelGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","IfExists":true},"DchuIntelGrfxNExists":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfxn","IfExists":true},"DchuIntelGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","ValueName":"DCHUVen"},"DchuIntelGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters","ValueName":"DCHUVen"},"DchuNvidiaGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DriverDelete"},"DchuNvidiaGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","IfExists":true},"DchuNvidiaGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DCHUVen"},"DchuNvidiaGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters","ValueName":"DCHUVen"},"DchuNvidiaGrfxVenTest":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DCHUVenTest","RegValueType":"REG_DWORD"},"DefaultUserRegion":{"HKey":"HKEY_USERS","FullPath":".DEFAULT\\Control Panel\\International\\Geo","ValueName":"Nation","RegValueType":"REG_SZ"},"DeviceInfoGatherSuccessful":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing","ValueName":"DeviceInfoGatherSuccessful","RegValueType":"REG_DWORD"},"DisableWUfBOfferBlock":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"DisableWUfBOfferBlock","RegValueType":"REG_DWORD"},"DisconnectedStandby":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\Power","ValueName":"EnforceDisconnectedStandby","RegValueType":"REG_DWORD"},"DotNetMissingComponentsTroubleshooterSuccess":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\.NETFramework","ValueName":"DotNetMissingComponentsTroubleshooterSuccess","RegValueType":"REG_DWORD"},"DriverPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\DriverFlighting\\Partner","ValueName":"TargetRing","RegValueType":"REG_SZ"},"DSS_Enrolled_DF":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\WindowsUpdate","ValueName":"WUfBDF","RegValueType":"REG_DWORD"},"DSS_Enrolled_State":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WufbDS","ValueName":"enrollmenttype","RegValueType":"REG_SZ"},"DUInternal":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\MoSetup","ValueName":"DynamicUpdateInternalTest","RegValueType":"REG_DWORD"},"DurableDeviceRegionGeo":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\DeviceRegion","ValueName":"DeviceRegion","RegValueType":"REG_DWORD"},"EdgeStableOPV_Native":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"opv","RegValueType":"REG_SZ"},"EdgeStablePV_Native":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"pv","RegValueType":"REG_SZ"},"EdgeStablePV_WOW6432":{"FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"pv","RegValueType":"REG_SZ"},"EdgeStableVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"opv","RegValueType":"REG_SZ"},"EdgeWithChromiumInstallFailureCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateAttempts"},"EdgeWithChromiumInstallFailureCountWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateAttempts"},"EdgeWithChromiumInstallVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateVersion"},"EdgeWithChromiumInstallVersionWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateVersion"},"EKB19H2InstallCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\2","ValueName":"Count"},"EKB19H2InstallTimeEpoch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\2","ValueName":"Timestamp"},"EKB19H2UnInstallCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\0","ValueName":"Count"},"EKB19H2UnInstallTimeEpoch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\0","ValueName":"Timestamp"},"EnableWUfBUpgradeGatesRS5":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0","ValueName":"DataRequireGatedScanForFeatureUpdates","RegValueType":"REG_DWORD"},"ESETInstalledKey":{"FullPath":"SOFTWARE\\ESET\\ESET Security","IfExists":true},"ESETInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\ESET\\ESET Security","IfExists":true},"EsetReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters","ValueName":"WindowsCompatibilityLevel","RegValueType":"REG_DWORD"},"ESTSecurityInstalledKey":{"FullPath":"SOFTWARE\\ESTsoft","IfExists":true},"ESTSecurityInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\ESTsoft","IfExists":true},"ExpPkgs":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability","ValueName":"ExpPkgs","RegValueType":"REG_SZ"},"ExpStates":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs","ValueName":"PreviewConfigs","RegValueType":"REG_SZ"},"FeatureUpdateDeadline":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\","ValueName":"ConfigureDeadlineForFeatureUpdates","RegValueType":"REG_DWORD"},"FlightContent":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability","ValueName":"ContentType","RegValueType":"REG_SZ"},"FlightingOptOutState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection","ValueName":"OptOutState","RegValueType":"REG_DWORD"},"FODRetryPending":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing","ValueName":"FODRetry","RegValueType":"REG_DWORD"},"FSecureInstalledKey":{"FullPath":"SOFTWARE\\F-Secure\\OneClient","IfExists":true},"FSecureInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\F-Secure\\OneClient","IfExists":true},"FSRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability","ValueName":"FSRing","RegValueType":"REG_SZ"},"GamingServicesInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\GamingServices","IfExists":true},"GridZoneName":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS","ValueName":"GridZoneName","RegValueType":"REG_SZ","PersistedSourceId":"COAWOSRoot"},"GStatus_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"GStatus","RegValueType":"REG_SZ"},"GStatusBlockIDs_All":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX","ValueName":"SdbEntries","RegValueType":"REG_SZ"},"HidOverGattReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll","ValueName":"Source","RegValueType":"REG_SZ"},"HotPatchEKBInstalled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64","IfExists":true},"IIS_ASPNET":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET","ValueName":"Selection","RegValueType":"REG_DWORD"},"IIS_NetFxExtensibility":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility","ValueName":"Selection","RegValueType":"REG_DWORD"},"InstallDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"InstallDate","RegValueType":"REG_DWORD"},"IntelPlatformId":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0","ValueName":"Platform Specific Field 1","RegValueType":"REG_DWORD"},"IppPrinterBadDefaultPdc":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData","ValueName":"V4_PDC_ChangeID","RegValueType":"REG_SZ","EncodingType":"Json"},"IsAutopilotRegistered":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache","ValueName":"ProfileAvailable","RegValueType":"REG_DWORD"},"IsFlightingEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability","ValueName":"IsBuildFlightingEnabled","RegValueType":"REG_DWORD"},"IsCHCapableBuild":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}","IfExists":true},"IsCldFltSyncRoots":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*","IfExists":true},"IsConfigMgrEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState","ValueName":"ConfigMgrEnabled","RegValueType":"REG_DWORD"},"IsContainerMgrInstalled":{"FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService","IfExists":true},"IsEdgeWithChromiumInstalled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"IsEdgeWithChromiumInstalledWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"IsFeedbackHubSelfhost":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost","IfExists":true},"IsFSOverlay":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\GlobMerger","ValueName":"IsEnabled","RegValueType":"REG_DWORD"},"IsHybridOrXGpu":{"FullPath":"SOFTWARE\\Microsoft\\DirectX","ValueName":"HybridDeviceApplicableForDxDbGpuPreferences"},"IsProcessorMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings","ValueName":"IsProcessorMode","RegValueType":"REG_QWORD"},"IsSpotlightEnabledInOEMTheme":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes","ValueName":"WindowsSpotlight","RegValueType":"REG_DWORD"},"IsSpotlightThemeEnabledByOEM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization","ValueName":"WindowsSpotlightTheme","RegValueType":"REG_DWORD"},"IsVbsEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\ControlSet001\\Control\\DeviceGuard","ValueName":"EnableVirtualizationBasedSecurity","RegValueType":"REG_DWORD"},"IsWDAGEnabled":{"FullPath":"SYSTEM\\ControlSet001\\Services\\hvsics","IfExists":true},"IsWDATPEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status","ValueName":"OnboardingState"},"K7InstalledKey":{"FullPath":"SOFTWARE\\K7 Computing","IfExists":true},"K7InstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\K7 Computing","IfExists":true},"KasperskyInstalledKey":{"FullPath":"SOFTWARE\\KasperskyLab","IfExists":true},"KasperskyInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\KasperskyLab","IfExists":true},"KasperskyReg":{"FullPath":"System\\CurrentControlSet\\Services\\klhk\\Parameters","ValueName":"UseVtHardware"},"KingsoftInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security","IfExists":true},"KingsoftInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security","IfExists":true},"KioskMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount","ValueName":"ConfigSource","RegValueType":"REG_DWORD"},"KnownFoldersBackupStatus":{"HKey":"HKEY_CURRENT_USER","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus","ValueName":"OneDrive","RegValueType":"REG_SZ"},"LaunchUserOOBE":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"LaunchUserOOBE","RegValueType":"REG_DWORD"},"LCUVer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"LCUVer"},"LenovoInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1","IfExists":true},"LenovoInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1","IfExists":true},"MalwarebytesInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1","IfExists":true},"MalwarebytesInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1","IfExists":true},"McAfeeInstalledKey":{"FullPath":"SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams","IfExists":true},"McAfeeInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams","IfExists":true},"Migrated_GatedFeature_NI22H2":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2","ValueName":"GatedFeatureSingleString","RegValueType":"REG_SZ"},"Migrated_GatedFeature_NI22H2Setup":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup","ValueName":"GatedFeatureSingleString","RegValueType":"REG_SZ"},"MTPTargetingInfo":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Platform\\MTPTargetingInfo","ValueName":"TargetRing"},"NonSecurityUpdate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"NonSecurityRelease","RegValueType":"REG_DWORD"},"NPUEnabledDevice":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects","ValueName":"EffectsCameraAvailable","RegValueType":"REG_DWORD"},"OEMMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM","ValueName":"OOBEMode","RegValueType":"REG_SZ"},"OEMModelBaseBoard":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\BIOS","ValueName":"BaseBoardProduct","RegValueType":"REG_SZ"},"OemPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Platform\\DeviceTargetingInfo","ValueName":"TargetRing","RegValueType":"REG_SZ"},"OEMSubModel":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\BIOS","ValueName":"SystemSKU","RegValueType":"REG_SZ"},"OobeNdupAcceptedTarget":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates","ValueName":"Target","RegValueType":"REG_SZ"},"OobeNdupFU22621CommitChoice":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621","ValueName":"CommitChoice","RegValueType":"REG_DWORD"},"OobeNdupFUTarget":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22631","ValueName":"Target","RegValueType":"REG_SZ"},"OobeSeeker":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates","ValueName":"OOBEUpdateStarted"},"OSDataDriverPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner","ValueName":"TargetRing","RegValueType":"REG_SZ"},"OSRollbackBuild":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"BuildString","RegValueType":"REG_SZ"},"OSRollbackCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"Count","RegValueType":"REG_DWORD"},"OSRollbackDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"DateStamp","RegValueType":"REG_DWORD"},"PandaInstalledKey":{"FullPath":"SOFTWARE\\Panda Software\\Setup","IfExists":true},"PandaInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Panda Software\\Setup","IfExists":true},"PausedFeatureStatus":{"FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"PausedFeatureStatus"},"PausedQualityStatus":{"FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"PausedQualityStatus"},"PlayFabPartyRelay":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PlayFabPartyRelay","IfExists":true},"PonchAllow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"cadca5fe-87d3-4b96-b7fb-a231484277cc","RegValueType":"REG_DWORD"},"PonchAllowKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc","IfExists":true},"PonchAllowWow":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"cadca5fe-87d3-4b96-b7fb-a231484277cc"},"PonchAllowWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc","IfExists":true},"PonchBlock":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"65d75b03-6f4d-46e9-b870-517731e06cf9","RegValueType":"REG_DWORD"},"PreviewBuildsManagerEnabled":{"FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager","ValueName":"ArePreviewBuildsAllowed"},"PSAKyoceraMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg","IfExists":true},"PSATATriumphMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y","IfExists":true},"PSAXeroxMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8","IfExists":true},"QihooInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity","IfExists":true},"QUDeadline":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"ConfigureDeadlineForQualityUpdates","RegValueType":"REG_DWORD"},"QUDeadlineMDM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update","ValueName":"ConfigureDeadlineForQualityUpdates","RegValueType":"REG_DWORD"},"QuickhealInstalledKey1":{"FullPath":"SYSTEM\\CurrentControlSet\\Servicescatflt","IfExists":true},"QuickhealInstalledKey2":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe","IfExists":true},"RecoveredFromBuild":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom","ValueName":"LastBuild","RegValueType":"REG_DWORD"},"RecoveredOnDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom","ValueName":"DateStamp","RegValueType":"REG_DWORD"},"ReleaseType":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo","ValueName":"ReleaseType","RegValueType":"REG_SZ"},"RobloxPlayer":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"roblox-player","RegValueType":"REG_SZ","IfExists":true},"RobloxStudio":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"roblox-studio","RegValueType":"REG_SZ","IfExists":true},"SetupDisplayedEulaVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\","ValueName":"SetupDisplayedEulaVersion","RegValueType":"REG_DWORD"},"SH_SIPolicyCleanup":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PPI\\Settings","ValueName":"SIPolicyCleanup","RegValueType":"REG_DWORD"},"SmartActiveHoursState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SmartActiveHoursState","RegValueType":"REG_DWORD"},"SophosInstalledKey1":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\SAVService","IfExists":true},"SophosInstalledKey2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc","IfExists":true},"StayOnWindows10Timestamp":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferDeclined","RegValueType":"REG_QWORD"},"Steam":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Classes\\Steam","ValueName":"","RegValueType":"REG_SZ"},"StrictHiveSecurityReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*","ValueName":"StrictHiveSecuritySet"},"SymantecInstalledKey":{"FullPath":"SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}","IfExists":true},"SymantecInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}","IfExists":true},"TargetReleaseVersionGP":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"TargetReleaseVersionInfo","RegValueType":"REG_SZ"},"TargetReleaseVersionMDM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update","ValueName":"TargetReleaseVersion","RegValueType":"REG_SZ"},"TenantId":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*","ValueName":"TenantId"},"TencentInstalledKey":{"FullPath":"SOFTWARE\\Tencent\\QQPCMgr","IfExists":true},"TencentInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr","IfExists":true},"TencentReg":{"FullPath":"SYSTEM\\CurrentControlSet\\services\\TesSafe","ValueName":"LoadStartTime"},"TencentType":{"FullPath":"SYSTEM\\CurrentControlSet\\services\\TesSafe","ValueName":"Type"},"TestRN":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON","ValueName":"TestRing"},"ThreatTrackInstalledKey":{"FullPath":"SOFTWARE\\SBAMSvc","IfExists":true},"ThreatTrackInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\SBAMSvc","IfExists":true},"TimestampEpochString_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"TimestampEpochString","RegValueType":"REG_SZ"},"TrendInstalledKey":{"FullPath":"SOFTWARE\\TrendMicro","IfExists":true},"TrendInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\TrendMicro","IfExists":true},"UHSEnrolled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"UHSEnrolled","RegValueType":"REG_SZ","IfExists":true},"UninstallActive":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"System\\Setup","ValueName":"UninstallActive","RegValueType":"REG_DWORD"},"UpdateOfferedDays":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\","ValueName":"UpToDateDays","RegValueType":"REG_DWORD"},"UpdatePreference":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"UpdatePreference","RegValueType":"REG_DWORD"},"UpgEx_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"UpgEx","RegValueType":"REG_SZ"},"UpgradeAccepted":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\","ValueName":"UpgradeAccepted","RegValueType":"REG_DWORD","IfExists":true},"UpgradeEligible":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"UpgradeEligible","RegValueType":"REG_DWORD"},"UserInPlaceUpgrade":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"UserInPlaceUpgrade","RegValueType":"REG_DWORD"},"UsoScanMitigation":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator\\Mitigation\\","ValueName":"UsoScanNotStartingMitigationCompleted","RegValueType":"REG_DWORD","IfExists":true},"UtcDataHandlingPolicies":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack","ValueName":"UtcDataHandlingPolicies","RegValueType":"REG_QWORD"},"UUSVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator","ValueName":"LastRunVersion","RegValueType":"REG_SZ"},"WAS_NetFxEnvironment":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment","ValueName":"Selection","RegValueType":"REG_DWORD"},"WCFHTTPActivationNotificationState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation","ValueName":"Selection","RegValueType":"REG_DWORD"},"WCFNonHTTPActivationNotificationState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation","ValueName":"Selection","RegValueType":"REG_DWORD"},"WebExperience":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"WebExperienceWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"WebrootInstalledKey":{"FullPath":"SOFTWARE\\WRData","IfExists":true},"WebrootInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\WRData","IfExists":true},"Win11UpgradeAcceptedTimestamp":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferAccepted","RegValueType":"REG_QWORD"},"Win11UpgradeAcceptedWUSeeker":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferAccepted","RegValueType":"REG_QWORD","IfExists":true},"WindowsAccountSyncConsentApplicable":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT","ValueName":"isApplicable","RegValueType":"REG_DWORD"},"WindowsAccountSyncConsentPromptAllowed":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT","ValueName":"isSystemInitiatedPromptAllowed","RegValueType":"REG_DWORD"},"WindowsAccountSyncConsentState":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT\\DATASHARING","ValueName":"isConsentAccepted","RegValueType":"REG_DWORD"},"WindowsMixedReality":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors","ValueName":"WdfMajorVersion","RegValueType":"REG_DWORD"},"WOSCEndpointsSupported":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent","ValueName":"EndpointsSupported","RegValueType":"REG_SZ"},"WSX_Runtime":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"ExperienceExtensions","RegValueType":"REG_SZ"},"WSX_Windows_AppSample":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.AppSample","RegValueType":"REG_SZ"},"WSX_Windows_Settings_Account":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.Settings.Account","RegValueType":"REG_SZ"},"WSX_Windows_Shell_Start":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.Shell.StartMenu","RegValueType":"REG_SZ"}},"FileInfo":{"AvastVer":{"Path":"\\system32\\Drivers\\aswVmm.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"AvgVer":{"Path":"\\system32\\Drivers\\avgVmm.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"BullguardInstalledVer":{"Path":"\\BullGuard Ltd\\BullGuard\\BullGuard.exe","IfExists":true,"FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CortanaAppVer":{"Path":"\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CortanaAppVerTest":{"Path":"\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CrowdStrikeInstalledVer":{"Path":"drivers\\CrowdStrike\\CSAgent.sys","IfExists":true,"FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"DmdHpControlPackageEnUs":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\en-US\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"DmdHpControlPackageMultiloc":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\multiloc\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"DmdHpControlPackageTr":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\tr\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"EsetVer":{"Path":"\\drivers\\ehdrv.sys","FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"FileExistsMscoreeDll":{"Path":"%windir%\\\\system32\\\\mscoree.dll","IfExists":true},"GDataInstalledVer":{"Path":"\\drivers\\MiniIcpt.sys","IfExists":true,"FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"HidparseDriversVer":{"Path":"%windir%\\system32\\drivers\\hidparse.sys"},"HidparseSystem32Ver":{"Path":"%windir%\\system32"},"HidparseSystem32Ver1":{"Path":"%windir%\\system32\\hidparse.sys"},"IsNotepadExePresent":{"Path":"%windir%\\system32\\notepad.exe","IfExists":true},"K7InstalledVer":{"Path":"\\K7 Computing","IfExists":true,"FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"KasperskyVer":{"Path":"\\system32\\Drivers\\klhk.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"OnnxruntimeVer":{"Path":"%windir%\\\\system32\\\\onnxruntime.dll"},"PandaInstalledVer":{"Path":"\\Panda Security","IfExists":true,"FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"SkypeRoomSystem":{"Path":"%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml","IfExists":true},"SymantecVer":{"Path":"\\Symantec\\Shared\\EENGINE\\eeCtrl.sys","FolderGuid":"{DE974D24-D9C6-4D3E-BF91-F4455120B917}"},"SymantecVer64":{"Path":"\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys","FolderGuid":"{DE974D24-D9C6-4D3E-BF91-F4455120B917}"},"TobiiVer":{"Path":"\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"TobiiVer1x86":{"Path":"\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"TobiiVerx86":{"Path":"\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"TrendInstalledVer":{"Path":"\\Trend Micro\\Titanium\\plugin\\plugVizor.dll","IfExists":true,"FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"TrendMicroVer":{"Path":"\\drivers\\TMUMH.sys","FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"WuClientVer":{"Path":"\\system32\\wuaueng.dll","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"XamlCbsActivationStore":{"Path":"%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat","IfExists":true},"XamlCbsActivationStoreArm64":{"Path":"%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat","IfExists":true}},"Licensing":{"UpdateManagementGroup":{"Name":"UpdatePolicy-UpdateManagementGroup"}},"UpdatePolicy":{"AllowOptionalContent":{"PolicyEnum":58,"Enterprise":true},"BranchReadinessLevel":{"PolicyEnum":5,"Enterprise":true},"BranchReadinessLevelSource":{"PolicyEnum":5,"Enterprise":true,"UseSource":true},"DeferFeatureUpdatePeriodInDays":{"PolicyEnum":9,"Enterprise":true},"DeferQualityUpdatePeriodInDays":{"PolicyEnum":7,"Enterprise":true},"DisableDualScan":{"PolicyEnum":42,"Enterprise":true},"EnableWUfBUpgradeGates":{"PolicyEnum":51,"Enterprise":true},"TargetProductVersion":{"PolicyEnum":53,"Enterprise":true},"TargetReleaseVersion":{"PolicyEnum":50,"Enterprise":true},"UpdateServiceUrl":{"PolicyEnum":12},"WUfBClientManaged":{"PolicyEnum":32,"Enterprise":true}},"Policy":{"DesiredOcpVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"},"DesiredOsVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"},"DesiredSystemManifestVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"},"DucCustomPackageId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"},"DucDeviceModelId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"},"DucOemPartnerRing":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"},"DucPublisherId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"},"SetPolicyDrivenUpdateSourceForFeatureUpdates":{"LocUri":"./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"},"WSUSconfigured_csp":{"LocUri":"./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"}},"AppInfo":{"WidgetsAppVer":{"Name":"MicrosoftWindows.Client.WebExperience"}},"WMI":{"ElanFingerprintDriverVersion":{"Query":"SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'","Name":"DriverVersion","Timeout":2000},"FirstStorageSpaceDeviceId":{"Query":"SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'","Name":"DeviceID","Timeout":2000},"IIS_ASPNET_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'","Name":"InstallState","Timeout":2000},"IIS_NetFxExtensibility_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'","Name":"InstallState","Timeout":2000},"NetFx3State":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'","Name":"InstallState","Timeout":2000},"PSAKyoceraInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'","Name":"Name","Timeout":2000},"PSATATriumphInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'","Name":"Name","Timeout":2000},"WAS_NetFxEnvironment_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'","Name":"InstallState","Timeout":2000},"WCFHTTPActivationState":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'","Name":"InstallState","Timeout":2000},"WCFNonHTTPActivationState":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'","Name":"InstallState","Timeout":2000},"XeroxPsaInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'","Name":"Name","Timeout":2000}},"RegionPolicy":{"IsCampaignEdgePromotionEnabled":{"ForceEvaluate":false,"PolicyGUID":"{2BF706DE-6DBB-4692-B7EF-84D80C47E927}"},"IsCampaignSegmentTargetingEnabled":{"ForceEvaluate":false,"PolicyGUID":"{36996754-E327-483A-902F-523E2BA03239}"}}}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfhost\OneSettings]
"TargetingAttributesVerified"="{"Version":360,"SchemaVersion":1,"PartA":["App","AppVer","AttrDataVer"],"Default":["DeviceFamily","f:FlightRing","t:OSVersionFull"],"PartB":{"ACSOVERRIDE":["OSArchitecture","c:IsAlwaysOnAlwaysConnectedCapable"],"APPTARGETEDFEATUREDB":["c:FlightingBranchName","f:FlightRing","t:OSVersionFull","DeviceFamily"],"CASSCLIENT":["OSVersion","c:OSEdition","f:FlightRing","c:OSUILocale","f:FlightingBranchName","r:OEMMode"],"CDM":["ChassisTypeId","r:CurrentBranch","DeviceFamily","f:FlightingBranchName","f:FlightRing","c:InstallLanguage","c:IsDomainJoined","t:IsTestLab","OEMModel","OSArchitecture","OSVersion","t:OSSkuId","c:ProcessorIdentifier","c:TelemetryLevel","t:IsMsftOwned","t:WCOSProductId","c:OSUILocale","c:CommercialId","s:MinShellVersion","s:MaxShellVersion","c:ActivationChannel","c:SCCMClientId","c:IsCloudDomainJoined","r:WebExperience","c:FlightIds","AccountFirstChar","r:WSX_Windows_Settings_Account","r:InstallDate","r:WSX_Runtime","r:DefaultUserRegion","a:GatedFeature_NI22H2","r:WSX_Windows_Shell_Start","a:GatedFeature_CU23H2","r:ExpStates","n:MXVersion","r:CIOptin","c:ProcessorCores","c:TotalPhysicalRAM","r:TestRN","u:UpdateServiceUrl","u:WUfBClientManaged","r:UUSVersion","DL_OSVersion","r:ExpPkgs","u:AllowOptionalContent","n:IsMicrosoftAAD","q:WidgetsAppVer","c:IsDeviceRetailDemo","r:IsFSOverlay","a:SdbVer_NI22H2","r:EdgeStableVersion","r:Migrated_GatedFeature_NI22H2Setup","a:SdbVer_21H2","a:GatedFeature_21H2"],"CDM_OS":["+CDM","c:FlightIds"],"COMPATLOGGER":["osVer","ring","deviceId"],"CONTENT_DELIVERY_MANAGER":["c:OSEdition","t:OSSkuId","c:OSUILocale","a:UpgEx_CO21H2","a:GStatus_CO21H2","a:DataExpDateEpoch_CO21H2","a:TimestampEpochString_CO21H2","r:AndroidUserOptinValue","f:FlightingBranchName","f:FlightRing","r:CurrentBranch","c:ProcessorModel","r:NPUEnabledDevice","MX_FlightIds","r:KnownFoldersBackupStatus","c:IsDomainJoined","iepe","iste","drgng","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed"],"CORTANA_GATEKEEPER":["r:CurrentBranch","f:FlightRing","f:IsRetailOS"],"CORTANAUWP":["c:OSUILocale","t:OSVersionFull","v:CortanaAppVer"],"CORTANAUWPTEST":["+CORTANAUWP","v:CortanaAppVerTest"],"CTAC":["+FSS"],"DDC":["+WU_STORE","+_WU_PTI"],"DXDB":["DeviceFamily","f:FlightRing","r:IsHybridOrXGpu","t:OSVersionFull","OSVersion"],"EDGE_SERVICEUI":["t:LocalDeviceID","t:LocalUserID"],"FCON":["+CDM"],"FSS":["r:PreviewBuildsManagerEnabled","f:BranchReadinessLevelRaw","u:BranchReadinessLevelSource","r:BuildFID","t:DeviceFamily","DeviceId","c:EnablePreviewBuilds","f:FlightingPolicyValue","f:IsRetailOS","f:ManagePreviewBuilds","OSVersionFull","t:WCOSProductId","r:SmartActiveHoursState","r:ActiveHoursStart","r:ActiveHoursEnd","r:IsCHCapableBuild","r:FSRing","s:MaxShellVersion","s:MinShellVersion","c:TPMVersion","c:SecureBootCapable","c:ProcessorClockSpeed","c:ProcessorCores","c:TotalPhysicalRAM","t:SMode","c:SystemVolumeTotalCapacity","c:OEMManufacturerName","c:OEMModelNumber","a:ISVM","r:AllowUpgradesWithUnsupportedTPMOrCPU","r:IntelPlatformId","r:IsConfigMgrEnabled","f:IsFlightingEnabled","r:DeviceInfoGatherSuccessful"],"FXIRISCLIENT":["+IRISCLIENT"],"GS":["t:OSSkuId","t:OSVersionFull","r:CurrentBranch","r:DefaultUserRegion","DeviceFamily","c:FlightIds","f:FlightingBranchName","f:FlightRing","c:IsCloudDomainJoined","t:IsMsftOwned","f:IsRetailOS","c:OSUILocale","c:IsDomainJoined"],"IRISCLIENT":["+IRISCLIENTBASE","c:FlightIds"],"IRISCLIENTBASE":["DeviceFamily","OSVersion","t:OSSkuId","OSArchitecture","c:TelemetryLevel","f:FlightRing","f:FlightingBranchName","c:InternalPrimaryDisplayResolutionHorizontal","c:InternalPrimaryDisplayResolutionVetical","t:IsMsftOwned","c:ChassisType","OEMModel","c:OSUILocale","c:OSEdition","r:CurrentBranch","t:WCOSProductId","c:InstallationType","r:InstallDate","c:IsCloudDomainJoined","c:IsDeviceRetailDemo","f:IsRetailOS","c:ProcessorClockSpeed","c:ProcessorCores","c:ProcessorManufacturer","c:TotalPhysicalRAM","c:D3DMaxFeatureLevel","c:IsAlwaysOnAlwaysConnectedCapable","t:SMode","t:LocalUserID","r:AndroidUserOptinValue","c:ProcessorModel","MX_FlightIds","a:UpgEx_CO21H2","r:KnownFoldersBackupStatus","c:OEMModelSystemFamily","OEMName_Uncleaned","r:IsSpotlightEnabledInOEMTheme","r:IsSpotlightThemeEnabledByOEM","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed","iepe","iste","drgng"],"IRISCLIENTV2":["+IRISCLIENTBASE","IX_FlightIds"],"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE":["t:OSVersionFull","t:IsTestLab","f:FlightRing"],"MITIGATION":["t:DeviceFamily","f:FlightRing","c:FlightIds","c:IsDomainJoined","t:IsMsftOwned","f:IsRetailOS","t:IsTestLab","IsVM","OEMModel","c:OSEdition","t:OSSkuId","t:OSVersionFull","c:OSUILocale","t:SMode","f:IsFlightingEnabled","c:FirmwareVersion","c:TelemetryLevel","f:FlightingBranchName","r:CurrentBranch","OSVersion","w:FirstStorageSpaceDeviceId","r:IsCldFltSyncRoots","c:OSInstallType","v:IsNotepadExePresent","r:StrictHiveSecurityReg","a:GatedBlockId_21H1","r:UpdateOfferedDays","r:UsoScanMitigation","r:GamingServicesInstalledKey","v:FileExistsMscoreeDll","w:NetFx3State","r:WCFHTTPActivationNotificationState","w:WCFHTTPActivationState","r:WCFNonHTTPActivationNotificationState","w:WCFNonHTTPActivationState","r:DotNetMissingComponentsTroubleshooterSuccess","r:IIS_ASPNET","w:IIS_ASPNET_WMI","r:IIS_NetFxExtensibility","w:IIS_NetFxExtensibility_WMI","r:WAS_NetFxEnvironment","w:WAS_NetFxEnvironment_WMI","v:XamlCbsActivationStore","v:XamlCbsActivationStoreArm64","v:OnnxruntimeVer","w:ElanFingerprintDriverVersion","r:AADBrokerPluginNotRegistered","r:TenantId","r:IppPrinterBadDefaultPdc","r:FlightingOptOutState","r:CloudFilesFilter","r:PSAKyoceraMissingDEH","r:PSATATriumphMissingDEH","r:PSAXeroxMissingDEH","w:PSAKyoceraInstalledName","w:PSATATriumphInstalledName","w:XeroxPsaInstalledName","v:DmdHpControlPackageEnUs","v:DmdHpControlPackageMultiloc","v:DmdHpControlPackageTr"],"MLMOD":["ChassisTypeId","t:DeviceFamily","f:FlightingBranchName","f:FlightRing","f:IsRetailOS","t:OSSkuId","t:OSVersionFull","c:OSUILocale","OSVersion","c:TelemetryLevel","r:CurrentBranch","t:IsTestLab","c:PrimaryDiskType","FX_FlightIds"],"MTP":["+_WU_OS_CORE"],"MUSE":["+_WU_FB","ChassisTypeId","deviceClass","deviceId","c:FlightIds","locale","ms","os","osVer","ring","sampleId","sku","r:DaysSince19H1FUOffer","u:DisableDualScan","u:UpdateServiceUrl","c:CommercialId","f:FlightingBranchName","c:SystemVolumeTotalCapacity","c:IsAlwaysOnAlwaysConnectedCapable","c:ProcessorCores","c:PrimaryDiskType","c:TotalPhysicalRAM","c:ProcessorClockSpeed","c:ProcessorIdentifier","c:ProcessorModel","c:ActivationChannel","c:IsCloudDomainJoined","c:isCommercial","c:IsDomainJoined","c:IsMDMEnrolled","c:SCCMClientID","r:OEMSubModel","c:OEMModelNumber","c:OEMManufacturerName","r:OobeSeeker","r:DefaultUserRegion"],"NARRATORNNV":["+WU_STORE"],"NOISYHAMMER":["+WU_OS"],"PHS":["r:GridZoneName","OEMModel","c:OEMManufacturerName","c:OSUILocale","r:OEMSubModel","DeviceFamily"],"RULESENGINE":["c:OSEdition","t:OSSkuId","c:OSUILocale","a:UpgEx_CO21H2","a:GStatus_CO21H2","a:DataExpDateEpoch_CO21H2","a:TimestampEpochString_CO21H2","r:AndroidUserOptinValue","f:FlightingBranchName","f:FlightRing","r:CurrentBranch","c:ProcessorModel","r:NPUEnabledDevice","MX_FlightIds","r:KnownFoldersBackupStatus","c:IsDomainJoined","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed"],"RUXIM":["c:ActivationChannel","f:FlightRing","r:InstallDate","f:IsFlightingEnabled","a:ISVM","OEMModel","OSArchitecture","t:OSSkuId","c:SCCMClientID","r:SetupDisplayedEulaVersion","r:KioskMode","r:OobeSeeker","r:UninstallActive","c:OEMManufacturerName","r:OEMSubModel"],"SEDIMENTPACK":["+WU_OS"],"SERVICEEXPERIENCES":["f:FlightingBranchName","f:FlightRing","s:MaxShellVersion","s:MinShellVersion","t:IsTestLab","c:TelemetryLevel","t:OSSkuId","r:CurrentBranch","OSVersion","DeviceFamily","r:WSX_Windows_Settings_Account","c:FlightIds","r:WSX_Runtime","r:WSX_Windows_Shell_Start","r:WSX_Windows_AppSample"],"SERVICING_CBS":["+WU","osVer"],"SETUP360":["t:OSSkuId","f:FlightRing"],"SMARTOPTOUT":["+CDM"],"STORAGEGROVELER":["a:Free","c:TelemetryLevel","f:FlightRing","f:IsFlightingEnabled","IsVM","t:OSVersionFull"],"UTC":["+UTC_STATIC","osVer","locale","ring","f:PilotRing","f:IsRetailOS","ms","expId","t:SMode","f:FlightingBranchName","c:CommercialId","r:IsFeedbackHubSelfhost","c:AzureVMType","t:IsTestLab","c:TelemetryLevel","c:IsVirtualDevice","r:IsProcessorMode","r:UtcDataHandlingPolicies"],"UTC_STATIC":["os","deviceId","sampleId","deviceClass","sku","OEMModel","OEMName_Uncleaned","c:PrimaryDiskType","c:ProcessorModel","c:TotalPhysicalRAM"],"UUS":["OSVersion","f:FlightRing","t:IsTestLab","t:OSVersionFull","f:FlightingBranchName","r:CurrentBranch","f:IsFlightingEnabled"],"WAASASSESSMENT":["+WU_OS"],"WAASMEDIC":["os","osVer","ring","deviceClass","deviceId","locale","sku","c:ActivationChannel","c:CommercialId","r:CurrentBranch","f:FlightingBranchName","c:IsCloudDomainJoined","c:IsDomainJoined","t:IsTestLab","OSVersion","c:SCCMClientID","c:TelemetryLevel","r:FlightingOptOutState"],"WOSC":["t:DeviceFamily","f:FlightRing","f:IsFlightingEnabled","t:IsMsftOwned","t:LocalDeviceID","t:OSSkuId","c:OSUILocale","t:OSVersionFull","c:TelemetryLevel","r:IsHybridOrXGpu","r:PlayFabPartyRelay","OSVersion","n:IsMicrosoftAAD","r:WOSCEndpointsSupported"],"WPSHIFT":["+MTP"],"WU":["+WU_OS","r:DUInternal"],"_WU_AV":["r:AvastReg","r:AvastBlackScreen","v:AvastVer","r:AvgReg","v:AvgVer","r:EsetReg","v:EsetVer","r:KasperskyReg","v:KasperskyVer","v:SymantecVer","r:TencentReg","r:TencentType","r:AhnlabInstalledKey","r:AvastInstalledKey","r:AVGInstalledKey","r:AviraInstalledKey","r:BullguardInstalledKey","r:ESETInstalledKey","r:ESTSecurityInstalledKey","r:FSecureInstalledKey","v:GDataInstalledVer","r:K7InstalledKey","r:KasperskyInstalledKey","r:KingsoftInstalledKey","r:LenovoInstalledKey","r:MalwarebytesInstalledKey","r:McAfeeInstalledKey","r:PandaInstalledKey","r:QuickhealInstalledKey1","r:SophosInstalledKey1","r:SymantecInstalledKey","r:TencentInstalledKey","r:ThreatTrackInstalledKey","r:TrendInstalledKey","r:WebrootInstalledKey","v:K7InstalledVer"],"_WU_COMMON":["r:CurrentBranch","r:DefaultUserRegion","DeviceFamily","r:DriverPartnerRing","r:FlightContent","f:FlightingBranchName","f:FlightRing","HoloLens","c:InstallationType","c:InstallLanguage","f:IsFlightingEnabled","r:IsFlightingEnabled","c:MobileOperatorCommercialized","OEMModel","OEMName_Uncleaned","r:OemPartnerRing","OSArchitecture","OSVersion","t:OSSkuId","c:OSUILocale","c:ProcessorManufacturer","r:ReleaseType","v:SkypeRoomSystem","t:SMode","c:TelemetryLevel","r:WindowsMixedReality","v:WuClientVer","p:DucPublisherId","p:DucDeviceModelId","p:DucOemPartnerRing","p:DucCustomPackageId","p:DesiredOsVersion","p:DesiredSystemManifestVersion","r:TenantId"],"_WU_FB":["u:BranchReadinessLevel","u:DeferQualityUpdatePeriodInDays","u:DeferFeatureUpdatePeriodInDays","r:PausedFeatureStatus","r:PausedQualityStatus","u:TargetReleaseVersion","r:QUDeadline","r:UpdatePreference","r:UpdateOfferedDays","u:TargetProductVersion","DSS_Enrolled","r:NonSecurityUpdate"],"WU_OS":["+_WU_OS_CORE","+_WU_FB"],"_WU_OS_CORE":["+_WU_COMMON","+_WU_AV","r:AhnLabKeyboard","a:Bios","r:BlockFeatureUpdates","c:CommercialId","a:DataVer_RS5","r:DisconnectedStandby","r:DchuNvidiaGrfxExists","r:DchuNvidiaGrfxVen","r:DchuIntelGrfxExists","r:DchuIntelGrfxVen","r:DchuAmdGrfxExists","r:DchuAmdGrfxVen","c:FirmwareVersion","a:Free","a:GStatus_RS3","a:GStatus_RS4","a:GStatus_RS5","r:HidOverGattReg","r:InstallDate","c:IsDeviceRetailDemo","c:IsPortableOperatingSystem","IsVM","c:OEMModelBaseBoard","r:OobeSeeker","r:OSRollbackBuild","r:OSRollbackCount","r:OSRollbackDate","PhoneTargetingName","r:PonchAllow","r:PonchBlock","c:ProcessorIdentifier","r:RecoveredFromBuild","r:RecoveredOnDate","r:Steam","v:TobiiVer","v:TrendMicroVer","r:UninstallActive","l:UpdateManagementGroup","a:UpgEx_RS3","a:UpgEx_RS4","a:UpgEx_RS5","a:Version_RS5","r:DisableWUfBOfferBlock","a:UpgEx_19H1","a:SdbVer_19H1","a:GStatus_19H1","a:GStatus_19H1Setup","a:TimestampEpochString_19H1Setup","a:GenTelRunTimestamp_19H1","a:DataExpDateEpoch_19H1","u:EnableWUfBUpgradeGates","r:GStatusBlockIDs_All","TimestampDelta_19H1Subtract19H1Setup","DataExpDateDelta_19H1Subtract19H1Setup","a:DataExpDateEpoch_19H1Setup","a:TimestampEpochString_19H1","r:IsContainerMgrInstalled","r:IsWDAGEnabled","r:MTPTargetingInfo","r:EKB19H2InstallCount","r:EKB19H2UnInstallCount","r:EKB19H2InstallTimeEpoch","r:EKB19H2UnInstallTimeEpoch","r:BlockEdgeWithChromiumUpdate","r:IsWDATPEnabled","r:IsAutopilotRegistered","r:EdgeWithChromiumInstallVersion","r:EdgeWithChromiumInstallFailureCount","r:IsEdgeWithChromiumInstalled","r:KioskMode","c:IsCloudDomainJoined","c:IsDomainJoined","a:DataExpDateEpoch_20H1","a:DataExpDateEpoch_20H1Setup","a:GStatus_20H1","a:GStatus_20H1Setup","a:SdbVer_20H1","a:TimestampEpochString_20H1","a:TimestampEpochString_20H1Setup","DataExpDateDelta_20H1Subtract20H1Setup","TimestampDelta_20H1Subtract20H1Setup","a:UpgEx_20H1","r:AutopilotUpdateInProgress","r:UHSEnrolled","r:HotPatchEKBInstalled","r:LCUVer","c:isCommercial","c:ActivationChannel","c:IsMDMEnrolled","c:SCCMClientID","r:ChinaTypeApproval_CTA","p:DesiredOcpVersion","r:UpgradeEligible","r:AllowInPlaceUpgrade","r:SH_SIPolicyCleanup","r:FeatureUpdateDeadline","a:DataExpDateEpoch_21H1","a:UpgEx_CO21H2","a:GStatus_21H1","DataExpDateDelta_21H1Subtract20H1Setup","TimestampDelta_21H1Subtract20H1Setup","a:TimestampEpochString_21H1","r:OEMSubModel","c:ProcessorModel","c:TPMVersion","r:StayOnWindows10Timestamp","a:GStatus_CO21H2Setup","TimestampDelta_CO21H2SubtractCO21H2Setup","DataExpDateDelta_CO21H2SubtractCO21H2Setup","a:TimestampEpochString_CO21H2Setup","a:DataExpDateEpoch_CO21H2Setup","a:TimestampEpochString_CO21H2","a:DataExpDateEpoch_CO21H2","a:GStatus_CO21H2","p:SetPolicyDrivenUpdateSourceForFeatureUpdates","r:DchuNvidiaGrfxVenTest","a:DataExpDateDelta_21H2Subtract20H1Setup","a:TimestampEpochString_21H2","a:TimestampDelta_21H2Subtract20H1Setup","a:GStatus_21H2","a:DataExpDateEpoch_21H2","r:DSS_Enrolled_DF","r:UpgradeAccepted","r:SetupDisplayedEulaVersion","c:ProcessorCores","c:ProcessorClockSpeed","c:TotalPhysicalRAM","c:SecureBootCapable","c:PrimaryDiskTotalCapacity","r:BitDefenderInstalledKey","r:BroadcomInstalledKey","v:CrowdStrikeInstalledVer","r:QihooInstalledKey","r:Win11UpgradeAcceptedTimestamp","a:UpgEx_NI22H2","r:OobeNdupAcceptedTarget","r:OobeNdupFU22621CommitChoice","a:DataExpDateEpoch_NI22H2","a:GStatus_NI22H2","a:GStatus_NI22H2Setup","a:TimestampEpochString_NI22H2Setup","TimestampDelta_NI22H2SubtractNI22H2Setup","DataExpDateDelta_NI22H2SubtractNI22H2Setup","a:DataExpDateEpoch_NI22H2Setup","a:TimestampEpochString_NI22H2","r:IsVbsEnabled","r:FODRetryPending","r:UserInPlaceUpgrade","v:HidparseDriversVer","v:HidparseSystem32Ver","v:HidparseSystem32Ver1","r:CIOptin","r:FlightingOptOutState","p:WSUSconfigured_csp","a:UpgEx_NI22H2Setup","a:UpgEx_CO21H2Setup","u:WUfBClientManaged","u:UpdateServiceUrl","u:AllowOptionalContent","FX_FlightIds","DL_OSVersion","r:ExpPkgs","r:UUSVersion","c:FlightIds","r:OobeNdupFUTarget","a:GStatus_NI23H2","a:DataExpDateEpoch_NI23H2","a:TimestampEpochString_NI23H2","DataExpDateDelta_NI23H2SubtractNI22H2Setup","TimestampDelta_NI23H2SubtractNI22H2Setup","r:LaunchUserOOBE","r:RobloxPlayer","r:RobloxStudio","c:VBSState"],"_WU_PTI":["c:FrontFacingCameraResolution","c:RearFacingCameraResolution","c:TotalPhysicalRAM","c:NFCProximity","c:Magnetometer","c:Gyroscope","c:D3DMaxFeatureLevel","c:InternalPrimaryDisplayResolutionHorizontal","c:InternalPrimaryDisplayResolutionVetical"],"WU_STORE":["+_WU_COMMON","r:AppChannels","r:AppRMIDs","u:BranchReadinessLevel"]},"Required":["App","AppVer","AttrDataVer"],"Aliases":{"AccountFirstChar":"c:MSA_Accounts","ChassisTypeId":"c:ChassisType","CX_FlightIds":"c:CX_FlightIds","DataExpDateDelta_19H1Subtract19H1Setup":"a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup","DataExpDateDelta_20H1Subtract20H1Setup":"a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup","DataExpDateDelta_21H1Subtract20H1Setup":"a:DataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup","DataExpDateDelta_CO21H2SubtractCO21H2Setup":"a:DataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup","DataExpDateDelta_NI22H2SubtractNI22H2Setup":"a:DataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup","DataExpDateDelta_NI23H2SubtractNI22H2Setup":"a:DataExpDateEpoch_NI23H2_Subtract_DataExpDateEpoch_NI22H2Setup","deviceClass":"DeviceFamily","deviceId":"t:LocalDeviceID","DeviceId":"t:LocalDeviceID","DL_OSVersion2":"DL_OSVersion","drgng":"r:DurableDeviceRegionGeo","DSS_Enrolled":"r:DSS_Enrolled_State","EdgeStableVersion":"r:EdgeStableVersion","expId":"c:FlightIds","FlightRing":"f:FlightRing","FX_FlightIds":"c:FlightIds","iepe":"g:IsCampaignEdgePromotionEnabled","iste":"g:IsCampaignSegmentTargetingEnabled","IsVM":"a:ISVM","IX_FlightIds":"c:FlightIds","locale":"c:OSUILocale","ms":"t:IsMsftOwned","MX_FlightIds":"c:FlightIds","OEMModel":"c:OEMModelNumber","OEMName_Uncleaned":"c:OEMManufacturerName","osVer":"t:OSVersionFull","OSVersionFull":"t:OSVersionFull","PhoneTargetingName":"c:OEMModelName","ring":"f:FlightRing","sampleId":"t:PopVal","sku":"t:OSSkuId","TimestampDelta_19H1Subtract19H1Setup":"a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup","TimestampDelta_20H1Subtract20H1Setup":"a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup","TimestampDelta_21H1Subtract20H1Setup":"a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup","TimestampDelta_CO21H2SubtractCO21H2Setup":"a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup","TimestampDelta_NI22H2SubtractNI22H2Setup":"a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup","TimestampDelta_NI23H2SubtractNI22H2Setup":"a:TimestampEpochString_NI23H2_Subtract_TimestampEpochString_NI22H2Setup"},"Fallback":{"r:AhnlabInstalledKey":"r:AhnlabInstalledWowKey","r:AvastBlackScreen":"r:AvgBlackScreen","r:AvastInstalledKey":"r:AvastInstalledWowKey","r:AVGInstalledKey":"r:AVGInstalledWowKey","r:AviraInstalledKey":"r:AviraInstalledWowKey","a:Bios":"a:Bios_RS3","a:Bios_RS3":"a:Bios_RS4","a:Bios_RS4":"a:Bios_RS5","r:BlockFeatureUpdates":"r:BlockWUUpgrades","r:BlockWUUpgrades":"r:BlockWUUpgradesWow","r:BuildFID":"r:BuildFID_WCOS","r:BuildFID_WCOS":"r:BuildFID_WCOS2","r:BullguardInstalledKey":"v:BullguardInstalledVer","a:DataExpDateEpoch_CO21H2":"r:DataExpDateEpoch_CO21H2RegFb","r:DchuAmdGrfxVen":"r:DchuAmdGrfxVen2","r:DchuAmdGrfxVen2":"r:DchuAmdGrfxDeletePending","r:DchuIntelGrfxDeletePending":"r:DchuIntelGrfxNExists","r:DchuIntelGrfxVen":"r:DchuIntelGrfxVen2","r:DchuIntelGrfxVen2":"r:DchuIntelGrfxDeletePending","r:DchuNvidiaGrfxVen":"r:DchuNvidiaGrfxVen2","r:DchuNvidiaGrfxVen2":"r:DchuNvidiaGrfxDeletePending","DL_OSVersion":"OSVersion","r:DriverPartnerRing":"r:OSDataDriverPartnerRing","r:EdgeStableOPV_Native":"r:EdgeStablePV_Native","r:EdgeStablePV_WOW6432":"r:EdgeStableOPV_Native","r:EdgeStableVersion":"r:EdgeStablePV_WOW6432","r:EdgeWithChromiumInstallFailureCount":"r:EdgeWithChromiumInstallFailureCountWow","r:EdgeWithChromiumInstallVersion":"r:EdgeWithChromiumInstallVersionWow","u:EnableWUfBUpgradeGates":"r:EnableWUfBUpgradeGatesRS5","r:ESETInstalledKey":"r:ESETInstalledWowKey","r:ESTSecurityInstalledKey":"r:ESTSecurityInstalledWowKey","f:FlightingBranchName":"c:FlightingBranchName","a:Free":"a:Free_RS3","a:Free_RS3":"a:Free_RS4","a:Free_RS4":"a:Free_RS5","r:FSecureInstalledKey":"r:FSecureInstalledWowKey","a:GatedFeature_NI22H2":"r:Migrated_GatedFeature_NI22H2Setup","a:GStatus_CO21H2":"r:GStatus_CO21H2RegFb","HoloLens":"r:WindowsMixedReality","r:IsEdgeWithChromiumInstalled":"r:IsEdgeWithChromiumInstalledWow","a:ISVM":"a:ISVM_RS3","a:ISVM_RS3":"a:ISVM_RS4","a:ISVM_RS4":"a:ISVM_RS5","r:K7InstalledKey":"r:K7InstalledWowKey","r:KasperskyInstalledKey":"r:KasperskyInstalledWowKey","r:KingsoftInstalledKey":"r:KingsoftInstalledWowKey","r:LenovoInstalledKey":"r:LenovoInstalledWowKey","r:MalwarebytesInstalledKey":"r:MalwarebytesInstalledWowKey","r:McAfeeInstalledKey":"r:McAfeeInstalledWowKey","r:Migrated_GatedFeature_NI22H2Setup":"r:Migrated_GatedFeature_NI22H2","c:OEMModelBaseBoard":"r:OEMModelBaseBoard","r:PandaInstalledKey":"r:PandaInstalledWowKey","r:PandaInstalledWowKey":"v:PandaInstalledVer","r:PonchAllow":"r:PonchAllowKey","r:PonchAllowKey":"r:PonchAllowWow","r:PonchAllowWow":"r:PonchAllowWowKey","r:QUDeadline":"r:QUDeadlineMDM","r:QuickhealInstalledKey1":"r:QuickhealInstalledKey2","r:SophosInstalledKey1":"r:SophosInstalledKey2","r:SymantecInstalledKey":"r:SymantecInstalledWowKey","v:SymantecVer":"v:SymantecVer64","u:TargetReleaseVersion":"r:TargetReleaseVersionGP","r:TargetReleaseVersionGP":"r:TargetReleaseVersionMDM","r:TencentInstalledKey":"r:TencentInstalledWowKey","r:ThreatTrackInstalledKey":"r:ThreatTrackInstalledWowKey","a:TimestampEpochString_CO21H2":"r:TimestampEpochString_CO21H2RegFb","v:TobiiVer":"v:TobiiVerx86","v:TobiiVerx86":"v:TobiiVer1x86","r:TrendInstalledKey":"r:TrendInstalledWowKey","r:TrendInstalledWowKey":"v:TrendInstalledVer","a:UpgEx_CO21H2":"r:UpgEx_CO21H2RegFb","r:UpgradeAccepted":"r:Win11UpgradeAcceptedWUSeeker","r:WebExperience":"r:WebExperienceWow","r:WebrootInstalledKey":"r:WebrootInstalledWowKey"},"Transform":{"AccountFirstChar":{"SubLength":1},"CX_FlightIds":{"Regex":"CX:[^,]*","RegexDelimiter":","},"FlightingOptOutState":{"Ignore":["0"]},"FX_FlightIds":{"Regex":"FX:[^,]*","RegexDelimiter":","},"IppPrinterBadDefaultPdc":{"Contains":"V4_No_ChangeID_Present"},"IsDomainJoined":{"Ignore":["0"]},"IsHybridOrXGpu":{"Ignore":["0"]},"IsMsftOwned":{"Ignore":["0"]},"IsPortableOperatingSystem":{"Ignore":["0"]},"IsTestLab":{"Ignore":["0"]},"IsVM":{"Ignore":["0"]},"IX_FlightIds":{"Regex":"IX:[^,]*","RegexDelimiter":","},"MX_FlightIds":{"Regex":"ME:[^,]*|MD:[^,]*","RegexDelimiter":","},"OEMModel":{"SubLength":100},"OEMName_Uncleaned":{"SubLength":100},"PausedFeatureStatus":{"Ignore":["0"]},"PausedQualityStatus":{"Ignore":["0"]},"PSAKyoceraInstalledName":{"Contains":"A97ECD55.KYOCERAPrintCenter"},"PSATATriumphInstalledName":{"Contains":"TATriumph-AdlerGmbH.TAUTAXPrintCenter"},"SMode":{"Ignore":["0"]},"StayOnWindows10Timestamp":{"SubLength":-3,"Ignore":[""]},"XeroxPsaInstalledName":{"Contains":"XeroxCorp.PrintExperience"}},"Registry":{"AADBrokerPluginNotRegistered":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered","IfExists":true},"ActiveHoursEnd":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"ActiveHoursEnd","RegValueType":"REG_DWORD"},"ActiveHoursStart":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"ActiveHoursStart","RegValueType":"REG_DWORD"},"AhnlabInstalledKey":{"FullPath":"SOFTWARE\\Ahnlab","IfExists":true},"AhnlabInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Ahnlab","IfExists":true},"AhnLabKeyboard":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt","ValueName":"NbTpMsExist"},"AllowInPlaceUpgrade":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"AllowInPlaceUpgrade","RegValueType":"REG_DWORD"},"AllowUpgradesWithUnsupportedTPMOrCPU":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\MoSetup","ValueName":"AllowUpgradesWithUnsupportedTPMOrCPU","RegValueType":"REG_DWORD"},"AndroidUserOptinValue":{"HKey":"HKEY_CURRENT_USER","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\","ValueName":"OptedIn","RegValueType":"REG_DWORD"},"AppChannels":{"FullPath":"SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*","ValueName":"ChannelId","EncodingType":"Json"},"AppRMIDs":{"FullPath":"SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*","ValueName":"ReleaseManagementId","EncodingType":"Json"},"AutopilotUpdateInProgress":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate","ValueName":"AutopilotUpdateInProgress","RegValueType":"REG_DWORD"},"AvastBlackScreen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters","ValueName":"Win10-1803"},"AvastInstalledKey":{"FullPath":"SOFTWARE\\Avast Software\\Avast","IfExists":true},"AvastInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Avast Software\\Avast","IfExists":true},"AvastReg":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters","ValueName":"QualityCompat"},"AvgBlackScreen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters","ValueName":"Win10-1803"},"AVGInstalledKey":{"FullPath":"SOFTWARE\\AVG\\Antivirus","IfExists":true},"AVGInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\AVG\\Antivirus","IfExists":true},"AvgReg":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters","ValueName":"QualityCompat"},"AviraInstalledKey":{"FullPath":"SOFTWARE\\X-AVCSD\\Workstation\\Antivirus","IfExists":true},"AviraInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus","IfExists":true},"BitDefenderInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}","IfExists":true},"BlockEdgeWithChromiumUpdate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"DoNotUpdateToEdgeWithChromium","RegValueType":"REG_DWORD"},"BlockFeatureUpdates":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade","ValueName":"BlockFeatureUpdates","RegValueType":"REG_DWORD"},"BlockWUUpgrades":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile","ValueName":"BlockWUUpgrades","RegValueType":"REG_DWORD"},"BlockWUUpgradesWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile","ValueName":"BlockWUUpgrades","RegValueType":"REG_DWORD"},"BroadcomInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Symantec\\Symantec Endpoint Protection","IfExists":true},"BuildFID":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BuildFID_WCOS":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BuildFID_WCOS2":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BullguardInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard","IfExists":true},"ChinaTypeApproval_CTA":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess","ValueName":"ActivePolicyCode","RegValueType":"REG_SZ"},"CIOptin":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"IsContinuousInnovationOptedIn","RegValueType":"REG_DWORD"},"CloudFilesFilter":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\","ValueName":"DefaultInstance","RegValueType":"REG_SZ"},"CurrentBranch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"BuildBranch","RegValueType":"REG_SZ"},"DataExpDateEpoch_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"DataExpDateEpoch","RegValueType":"REG_SZ"},"DaysSince19H1FUOffer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin","ValueName":"DaysSinceLastOffer","RegValueType":"REG_QWORD"},"DchuAmdGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","ValueName":"DriverDelete"},"DchuAmdGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","IfExists":true},"DchuAmdGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","ValueName":"DCHUVen"},"DchuAmdGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters","ValueName":"DCHUVen"},"DchuIntelGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","ValueName":"DriverDelete"},"DchuIntelGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","IfExists":true},"DchuIntelGrfxNExists":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfxn","IfExists":true},"DchuIntelGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","ValueName":"DCHUVen"},"DchuIntelGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters","ValueName":"DCHUVen"},"DchuNvidiaGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DriverDelete"},"DchuNvidiaGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","IfExists":true},"DchuNvidiaGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DCHUVen"},"DchuNvidiaGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters","ValueName":"DCHUVen"},"DchuNvidiaGrfxVenTest":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DCHUVenTest","RegValueType":"REG_DWORD"},"DefaultUserRegion":{"HKey":"HKEY_USERS","FullPath":".DEFAULT\\Control Panel\\International\\Geo","ValueName":"Nation","RegValueType":"REG_SZ"},"DeviceInfoGatherSuccessful":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing","ValueName":"DeviceInfoGatherSuccessful","RegValueType":"REG_DWORD"},"DisableWUfBOfferBlock":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"DisableWUfBOfferBlock","RegValueType":"REG_DWORD"},"DisconnectedStandby":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\Power","ValueName":"EnforceDisconnectedStandby","RegValueType":"REG_DWORD"},"DotNetMissingComponentsTroubleshooterSuccess":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\.NETFramework","ValueName":"DotNetMissingComponentsTroubleshooterSuccess","RegValueType":"REG_DWORD"},"DriverPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\DriverFlighting\\Partner","ValueName":"TargetRing","RegValueType":"REG_SZ"},"DSS_Enrolled_DF":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\WindowsUpdate","ValueName":"WUfBDF","RegValueType":"REG_DWORD"},"DSS_Enrolled_State":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WufbDS","ValueName":"enrollmenttype","RegValueType":"REG_SZ"},"DUInternal":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\MoSetup","ValueName":"DynamicUpdateInternalTest","RegValueType":"REG_DWORD"},"DurableDeviceRegionGeo":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\DeviceRegion","ValueName":"DeviceRegion","RegValueType":"REG_DWORD"},"EdgeStableOPV_Native":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"opv","RegValueType":"REG_SZ"},"EdgeStablePV_Native":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"pv","RegValueType":"REG_SZ"},"EdgeStablePV_WOW6432":{"FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"pv","RegValueType":"REG_SZ"},"EdgeStableVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"opv","RegValueType":"REG_SZ"},"EdgeWithChromiumInstallFailureCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateAttempts"},"EdgeWithChromiumInstallFailureCountWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateAttempts"},"EdgeWithChromiumInstallVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateVersion"},"EdgeWithChromiumInstallVersionWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateVersion"},"EKB19H2InstallCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\2","ValueName":"Count"},"EKB19H2InstallTimeEpoch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\2","ValueName":"Timestamp"},"EKB19H2UnInstallCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\0","ValueName":"Count"},"EKB19H2UnInstallTimeEpoch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\0","ValueName":"Timestamp"},"EnableWUfBUpgradeGatesRS5":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0","ValueName":"DataRequireGatedScanForFeatureUpdates","RegValueType":"REG_DWORD"},"ESETInstalledKey":{"FullPath":"SOFTWARE\\ESET\\ESET Security","IfExists":true},"ESETInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\ESET\\ESET Security","IfExists":true},"EsetReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters","ValueName":"WindowsCompatibilityLevel","RegValueType":"REG_DWORD"},"ESTSecurityInstalledKey":{"FullPath":"SOFTWARE\\ESTsoft","IfExists":true},"ESTSecurityInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\ESTsoft","IfExists":true},"ExpPkgs":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability","ValueName":"ExpPkgs","RegValueType":"REG_SZ"},"ExpStates":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs","ValueName":"PreviewConfigs","RegValueType":"REG_SZ"},"FeatureUpdateDeadline":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\","ValueName":"ConfigureDeadlineForFeatureUpdates","RegValueType":"REG_DWORD"},"FlightContent":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability","ValueName":"ContentType","RegValueType":"REG_SZ"},"FlightingOptOutState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection","ValueName":"OptOutState","RegValueType":"REG_DWORD"},"FODRetryPending":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing","ValueName":"FODRetry","RegValueType":"REG_DWORD"},"FSecureInstalledKey":{"FullPath":"SOFTWARE\\F-Secure\\OneClient","IfExists":true},"FSecureInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\F-Secure\\OneClient","IfExists":true},"FSRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability","ValueName":"FSRing","RegValueType":"REG_SZ"},"GamingServicesInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\GamingServices","IfExists":true},"GridZoneName":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS","ValueName":"GridZoneName","RegValueType":"REG_SZ","PersistedSourceId":"COAWOSRoot"},"GStatus_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"GStatus","RegValueType":"REG_SZ"},"GStatusBlockIDs_All":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX","ValueName":"SdbEntries","RegValueType":"REG_SZ"},"HidOverGattReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll","ValueName":"Source","RegValueType":"REG_SZ"},"HotPatchEKBInstalled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64","IfExists":true},"IIS_ASPNET":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET","ValueName":"Selection","RegValueType":"REG_DWORD"},"IIS_NetFxExtensibility":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility","ValueName":"Selection","RegValueType":"REG_DWORD"},"InstallDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"InstallDate","RegValueType":"REG_DWORD"},"IntelPlatformId":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0","ValueName":"Platform Specific Field 1","RegValueType":"REG_DWORD"},"IppPrinterBadDefaultPdc":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData","ValueName":"V4_PDC_ChangeID","RegValueType":"REG_SZ","EncodingType":"Json"},"IsAutopilotRegistered":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache","ValueName":"ProfileAvailable","RegValueType":"REG_DWORD"},"IsFlightingEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability","ValueName":"IsBuildFlightingEnabled","RegValueType":"REG_DWORD"},"IsCHCapableBuild":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}","IfExists":true},"IsCldFltSyncRoots":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*","IfExists":true},"IsConfigMgrEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState","ValueName":"ConfigMgrEnabled","RegValueType":"REG_DWORD"},"IsContainerMgrInstalled":{"FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService","IfExists":true},"IsEdgeWithChromiumInstalled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"IsEdgeWithChromiumInstalledWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"IsFeedbackHubSelfhost":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost","IfExists":true},"IsFSOverlay":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\GlobMerger","ValueName":"IsEnabled","RegValueType":"REG_DWORD"},"IsHybridOrXGpu":{"FullPath":"SOFTWARE\\Microsoft\\DirectX","ValueName":"HybridDeviceApplicableForDxDbGpuPreferences"},"IsProcessorMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings","ValueName":"IsProcessorMode","RegValueType":"REG_QWORD"},"IsSpotlightEnabledInOEMTheme":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes","ValueName":"WindowsSpotlight","RegValueType":"REG_DWORD"},"IsSpotlightThemeEnabledByOEM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization","ValueName":"WindowsSpotlightTheme","RegValueType":"REG_DWORD"},"IsVbsEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\ControlSet001\\Control\\DeviceGuard","ValueName":"EnableVirtualizationBasedSecurity","RegValueType":"REG_DWORD"},"IsWDAGEnabled":{"FullPath":"SYSTEM\\ControlSet001\\Services\\hvsics","IfExists":true},"IsWDATPEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status","ValueName":"OnboardingState"},"K7InstalledKey":{"FullPath":"SOFTWARE\\K7 Computing","IfExists":true},"K7InstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\K7 Computing","IfExists":true},"KasperskyInstalledKey":{"FullPath":"SOFTWARE\\KasperskyLab","IfExists":true},"KasperskyInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\KasperskyLab","IfExists":true},"KasperskyReg":{"FullPath":"System\\CurrentControlSet\\Services\\klhk\\Parameters","ValueName":"UseVtHardware"},"KingsoftInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security","IfExists":true},"KingsoftInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security","IfExists":true},"KioskMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount","ValueName":"ConfigSource","RegValueType":"REG_DWORD"},"KnownFoldersBackupStatus":{"HKey":"HKEY_CURRENT_USER","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus","ValueName":"OneDrive","RegValueType":"REG_SZ"},"LaunchUserOOBE":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"LaunchUserOOBE","RegValueType":"REG_DWORD"},"LCUVer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"LCUVer"},"LenovoInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1","IfExists":true},"LenovoInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1","IfExists":true},"MalwarebytesInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1","IfExists":true},"MalwarebytesInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1","IfExists":true},"McAfeeInstalledKey":{"FullPath":"SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams","IfExists":true},"McAfeeInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams","IfExists":true},"Migrated_GatedFeature_NI22H2":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2","ValueName":"GatedFeatureSingleString","RegValueType":"REG_SZ"},"Migrated_GatedFeature_NI22H2Setup":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup","ValueName":"GatedFeatureSingleString","RegValueType":"REG_SZ"},"MTPTargetingInfo":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Platform\\MTPTargetingInfo","ValueName":"TargetRing"},"NonSecurityUpdate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"NonSecurityRelease","RegValueType":"REG_DWORD"},"NPUEnabledDevice":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects","ValueName":"EffectsCameraAvailable","RegValueType":"REG_DWORD"},"OEMMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM","ValueName":"OOBEMode","RegValueType":"REG_SZ"},"OEMModelBaseBoard":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\BIOS","ValueName":"BaseBoardProduct","RegValueType":"REG_SZ"},"OemPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Platform\\DeviceTargetingInfo","ValueName":"TargetRing","RegValueType":"REG_SZ"},"OEMSubModel":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\BIOS","ValueName":"SystemSKU","RegValueType":"REG_SZ"},"OobeNdupAcceptedTarget":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates","ValueName":"Target","RegValueType":"REG_SZ"},"OobeNdupFU22621CommitChoice":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621","ValueName":"CommitChoice","RegValueType":"REG_DWORD"},"OobeNdupFUTarget":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22631","ValueName":"Target","RegValueType":"REG_SZ"},"OobeSeeker":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates","ValueName":"OOBEUpdateStarted"},"OSDataDriverPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner","ValueName":"TargetRing","RegValueType":"REG_SZ"},"OSRollbackBuild":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"BuildString","RegValueType":"REG_SZ"},"OSRollbackCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"Count","RegValueType":"REG_DWORD"},"OSRollbackDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"DateStamp","RegValueType":"REG_DWORD"},"PandaInstalledKey":{"FullPath":"SOFTWARE\\Panda Software\\Setup","IfExists":true},"PandaInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Panda Software\\Setup","IfExists":true},"PausedFeatureStatus":{"FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"PausedFeatureStatus"},"PausedQualityStatus":{"FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"PausedQualityStatus"},"PlayFabPartyRelay":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PlayFabPartyRelay","IfExists":true},"PonchAllow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"cadca5fe-87d3-4b96-b7fb-a231484277cc","RegValueType":"REG_DWORD"},"PonchAllowKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc","IfExists":true},"PonchAllowWow":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"cadca5fe-87d3-4b96-b7fb-a231484277cc"},"PonchAllowWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc","IfExists":true},"PonchBlock":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"65d75b03-6f4d-46e9-b870-517731e06cf9","RegValueType":"REG_DWORD"},"PreviewBuildsManagerEnabled":{"FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager","ValueName":"ArePreviewBuildsAllowed"},"PSAKyoceraMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg","IfExists":true},"PSATATriumphMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y","IfExists":true},"PSAXeroxMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8","IfExists":true},"QihooInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity","IfExists":true},"QUDeadline":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"ConfigureDeadlineForQualityUpdates","RegValueType":"REG_DWORD"},"QUDeadlineMDM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update","ValueName":"ConfigureDeadlineForQualityUpdates","RegValueType":"REG_DWORD"},"QuickhealInstalledKey1":{"FullPath":"SYSTEM\\CurrentControlSet\\Servicescatflt","IfExists":true},"QuickhealInstalledKey2":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe","IfExists":true},"RecoveredFromBuild":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom","ValueName":"LastBuild","RegValueType":"REG_DWORD"},"RecoveredOnDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom","ValueName":"DateStamp","RegValueType":"REG_DWORD"},"ReleaseType":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo","ValueName":"ReleaseType","RegValueType":"REG_SZ"},"RobloxPlayer":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"roblox-player","RegValueType":"REG_SZ","IfExists":true},"RobloxStudio":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"roblox-studio","RegValueType":"REG_SZ","IfExists":true},"SetupDisplayedEulaVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\","ValueName":"SetupDisplayedEulaVersion","RegValueType":"REG_DWORD"},"SH_SIPolicyCleanup":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PPI\\Settings","ValueName":"SIPolicyCleanup","RegValueType":"REG_DWORD"},"SmartActiveHoursState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SmartActiveHoursState","RegValueType":"REG_DWORD"},"SophosInstalledKey1":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\SAVService","IfExists":true},"SophosInstalledKey2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc","IfExists":true},"StayOnWindows10Timestamp":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferDeclined","RegValueType":"REG_QWORD"},"Steam":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Classes\\Steam","ValueName":"","RegValueType":"REG_SZ"},"StrictHiveSecurityReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*","ValueName":"StrictHiveSecuritySet"},"SymantecInstalledKey":{"FullPath":"SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}","IfExists":true},"SymantecInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}","IfExists":true},"TargetReleaseVersionGP":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"TargetReleaseVersionInfo","RegValueType":"REG_SZ"},"TargetReleaseVersionMDM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update","ValueName":"TargetReleaseVersion","RegValueType":"REG_SZ"},"TenantId":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*","ValueName":"TenantId"},"TencentInstalledKey":{"FullPath":"SOFTWARE\\Tencent\\QQPCMgr","IfExists":true},"TencentInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr","IfExists":true},"TencentReg":{"FullPath":"SYSTEM\\CurrentControlSet\\services\\TesSafe","ValueName":"LoadStartTime"},"TencentType":{"FullPath":"SYSTEM\\CurrentControlSet\\services\\TesSafe","ValueName":"Type"},"TestRN":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON","ValueName":"TestRing"},"ThreatTrackInstalledKey":{"FullPath":"SOFTWARE\\SBAMSvc","IfExists":true},"ThreatTrackInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\SBAMSvc","IfExists":true},"TimestampEpochString_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"TimestampEpochString","RegValueType":"REG_SZ"},"TrendInstalledKey":{"FullPath":"SOFTWARE\\TrendMicro","IfExists":true},"TrendInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\TrendMicro","IfExists":true},"UHSEnrolled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"UHSEnrolled","RegValueType":"REG_SZ","IfExists":true},"UninstallActive":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"System\\Setup","ValueName":"UninstallActive","RegValueType":"REG_DWORD"},"UpdateOfferedDays":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\","ValueName":"UpToDateDays","RegValueType":"REG_DWORD"},"UpdatePreference":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"UpdatePreference","RegValueType":"REG_DWORD"},"UpgEx_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"UpgEx","RegValueType":"REG_SZ"},"UpgradeAccepted":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\","ValueName":"UpgradeAccepted","RegValueType":"REG_DWORD","IfExists":true},"UpgradeEligible":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"UpgradeEligible","RegValueType":"REG_DWORD"},"UserInPlaceUpgrade":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"UserInPlaceUpgrade","RegValueType":"REG_DWORD"},"UsoScanMitigation":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator\\Mitigation\\","ValueName":"UsoScanNotStartingMitigationCompleted","RegValueType":"REG_DWORD","IfExists":true},"UtcDataHandlingPolicies":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack","ValueName":"UtcDataHandlingPolicies","RegValueType":"REG_QWORD"},"UUSVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator","ValueName":"LastRunVersion","RegValueType":"REG_SZ"},"WAS_NetFxEnvironment":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment","ValueName":"Selection","RegValueType":"REG_DWORD"},"WCFHTTPActivationNotificationState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation","ValueName":"Selection","RegValueType":"REG_DWORD"},"WCFNonHTTPActivationNotificationState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation","ValueName":"Selection","RegValueType":"REG_DWORD"},"WebExperience":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"WebExperienceWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"WebrootInstalledKey":{"FullPath":"SOFTWARE\\WRData","IfExists":true},"WebrootInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\WRData","IfExists":true},"Win11UpgradeAcceptedTimestamp":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferAccepted","RegValueType":"REG_QWORD"},"Win11UpgradeAcceptedWUSeeker":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferAccepted","RegValueType":"REG_QWORD","IfExists":true},"WindowsAccountSyncConsentApplicable":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT","ValueName":"isApplicable","RegValueType":"REG_DWORD"},"WindowsAccountSyncConsentPromptAllowed":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT","ValueName":"isSystemInitiatedPromptAllowed","RegValueType":"REG_DWORD"},"WindowsAccountSyncConsentState":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT\\DATASHARING","ValueName":"isConsentAccepted","RegValueType":"REG_DWORD"},"WindowsMixedReality":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors","ValueName":"WdfMajorVersion","RegValueType":"REG_DWORD"},"WOSCEndpointsSupported":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent","ValueName":"EndpointsSupported","RegValueType":"REG_SZ"},"WSX_Runtime":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"ExperienceExtensions","RegValueType":"REG_SZ"},"WSX_Windows_AppSample":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.AppSample","RegValueType":"REG_SZ"},"WSX_Windows_Settings_Account":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.Settings.Account","RegValueType":"REG_SZ"},"WSX_Windows_Shell_Start":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.Shell.StartMenu","RegValueType":"REG_SZ"}},"FileInfo":{"AvastVer":{"Path":"\\system32\\Drivers\\aswVmm.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"AvgVer":{"Path":"\\system32\\Drivers\\avgVmm.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"BullguardInstalledVer":{"Path":"\\BullGuard Ltd\\BullGuard\\BullGuard.exe","IfExists":true,"FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CortanaAppVer":{"Path":"\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CortanaAppVerTest":{"Path":"\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CrowdStrikeInstalledVer":{"Path":"drivers\\CrowdStrike\\CSAgent.sys","IfExists":true,"FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"DmdHpControlPackageEnUs":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\en-US\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"DmdHpControlPackageMultiloc":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\multiloc\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"DmdHpControlPackageTr":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\tr\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"EsetVer":{"Path":"\\drivers\\ehdrv.sys","FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"FileExistsMscoreeDll":{"Path":"%windir%\\\\system32\\\\mscoree.dll","IfExists":true},"GDataInstalledVer":{"Path":"\\drivers\\MiniIcpt.sys","IfExists":true,"FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"HidparseDriversVer":{"Path":"%windir%\\system32\\drivers\\hidparse.sys"},"HidparseSystem32Ver":{"Path":"%windir%\\system32"},"HidparseSystem32Ver1":{"Path":"%windir%\\system32\\hidparse.sys"},"IsNotepadExePresent":{"Path":"%windir%\\system32\\notepad.exe","IfExists":true},"K7InstalledVer":{"Path":"\\K7 Computing","IfExists":true,"FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"KasperskyVer":{"Path":"\\system32\\Drivers\\klhk.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"OnnxruntimeVer":{"Path":"%windir%\\\\system32\\\\onnxruntime.dll"},"PandaInstalledVer":{"Path":"\\Panda Security","IfExists":true,"FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"SkypeRoomSystem":{"Path":"%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml","IfExists":true},"SymantecVer":{"Path":"\\Symantec\\Shared\\EENGINE\\eeCtrl.sys","FolderGuid":"{DE974D24-D9C6-4D3E-BF91-F4455120B917}"},"SymantecVer64":{"Path":"\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys","FolderGuid":"{DE974D24-D9C6-4D3E-BF91-F4455120B917}"},"TobiiVer":{"Path":"\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"TobiiVer1x86":{"Path":"\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"TobiiVerx86":{"Path":"\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"TrendInstalledVer":{"Path":"\\Trend Micro\\Titanium\\plugin\\plugVizor.dll","IfExists":true,"FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"TrendMicroVer":{"Path":"\\drivers\\TMUMH.sys","FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"WuClientVer":{"Path":"\\system32\\wuaueng.dll","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"XamlCbsActivationStore":{"Path":"%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat","IfExists":true},"XamlCbsActivationStoreArm64":{"Path":"%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat","IfExists":true}},"Licensing":{"UpdateManagementGroup":{"Name":"UpdatePolicy-UpdateManagementGroup"}},"UpdatePolicy":{"AllowOptionalContent":{"PolicyEnum":58,"Enterprise":true},"BranchReadinessLevel":{"PolicyEnum":5,"Enterprise":true},"BranchReadinessLevelSource":{"PolicyEnum":5,"Enterprise":true,"UseSource":true},"DeferFeatureUpdatePeriodInDays":{"PolicyEnum":9,"Enterprise":true},"DeferQualityUpdatePeriodInDays":{"PolicyEnum":7,"Enterprise":true},"DisableDualScan":{"PolicyEnum":42,"Enterprise":true},"EnableWUfBUpgradeGates":{"PolicyEnum":51,"Enterprise":true},"TargetProductVersion":{"PolicyEnum":53,"Enterprise":true},"TargetReleaseVersion":{"PolicyEnum":50,"Enterprise":true},"UpdateServiceUrl":{"PolicyEnum":12},"WUfBClientManaged":{"PolicyEnum":32,"Enterprise":true}},"Policy":{"DesiredOcpVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"},"DesiredOsVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"},"DesiredSystemManifestVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"},"DucCustomPackageId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"},"DucDeviceModelId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"},"DucOemPartnerRing":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"},"DucPublisherId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"},"SetPolicyDrivenUpdateSourceForFeatureUpdates":{"LocUri":"./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"},"WSUSconfigured_csp":{"LocUri":"./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"}},"AppInfo":{"WidgetsAppVer":{"Name":"MicrosoftWindows.Client.WebExperience"}},"WMI":{"ElanFingerprintDriverVersion":{"Query":"SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'","Name":"DriverVersion","Timeout":2000},"FirstStorageSpaceDeviceId":{"Query":"SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'","Name":"DeviceID","Timeout":2000},"IIS_ASPNET_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'","Name":"InstallState","Timeout":2000},"IIS_NetFxExtensibility_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'","Name":"InstallState","Timeout":2000},"NetFx3State":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'","Name":"InstallState","Timeout":2000},"PSAKyoceraInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'","Name":"Name","Timeout":2000},"PSATATriumphInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'","Name":"Name","Timeout":2000},"WAS_NetFxEnvironment_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'","Name":"InstallState","Timeout":2000},"WCFHTTPActivationState":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'","Name":"InstallState","Timeout":2000},"WCFNonHTTPActivationState":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'","Name":"InstallState","Timeout":2000},"XeroxPsaInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'","Name":"Name","Timeout":2000}},"RegionPolicy":{"IsCampaignEdgePromotionEnabled":{"ForceEvaluate":false,"PolicyGUID":"{2BF706DE-6DBB-4692-B7EF-84D80C47E927}"},"IsCampaignSegmentTargetingEnabled":{"ForceEvaluate":false,"PolicyGUID":"{36996754-E327-483A-902F-523E2BA03239}"}}}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software\Browser\aswSP]
"LimitedRegistry"="\REGISTRY\USER\S-1-5-21-3545764084-2441850025-860840010-1001\Software\AVAST Software\Browser
\REGISTRY\MACHINE\Software\WOW6432Node\AVAST Software\Browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software\Browser\aswSP]
"LimitedFolders"="\??\C:\Program Files (x86)\AVAST Software\Browser\
\??\C:\Users\Jeremy\AppData\Local\AVAST Software\Browser\
\??\C:\ProgramData\AVAST Software\Browser\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\com.avast.nativeproxy]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\com.avast.nativeproxy]
""="C:\Program Files\AVAST Software\Avast\AvastNM.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LAV\Audio\Blacklist]
"avastui.exe"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LAV\Splitter\Blacklist]
"avastui.exe"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LAV\Video\Blacklist]
"avastui.exe"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}]
"InstallSource"="C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1189.1\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}]
"Publisher"="AVAST Software"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19C3AB22-3718-4E4D-B203-242F5001565B}]
"DisplayName"="Avast Update Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe]
[HKEY_USERS\.DEFAULT\Software\Avast Software]
[HKEY_USERS\.DEFAULT\Software\Avast Software\Avast]
[HKEY_USERS\.DEFAULT\Software\Avast Software\Browser\Update]
"endpoint"="update.avastbrowser.com"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Avast Software]
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\AvastAdSDK]
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\AvastAdSDK]
"LastOfferAvast"="1563284509"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2652c3a6_0]
""="{2}.\\?\usb#vid_1038&pid_12ad&mi_00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\global/00010003|\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastUI.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\84a1aaae_0]
""="{2}.\\?\root#media#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topologyspeakerheadphone/00010001|\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastUI.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\b4fd1227_0]
""="{2}.\\?\usb#vid_1038&pid_12ad&mi_03#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\global/00010001|\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastUI.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\eb18a047_0]
""="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0892&subsys_18497893&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastUI.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f147b5a_0]
""="{2}.\\?\hdaudio#func_01&ven_10de&dev_0083&subsys_14583795&rev_1001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\topo05/00010001|\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastUI.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_http"="0"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_https"="0"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_.htm"="0"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_.html"="0"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_.shtml"="0"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_.xht"="0"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_.xhtml"="0"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"AvastHTML_.pdf"="0"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{6736683e-4fba-40c9-abdd-48e10cca15e6}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avast antivirus]
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{6736683e-4fba-40c9-abdd-48e10cca15e6}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avast antivirus]
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated]
"Avast_Secure_Browser"="5"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch]
"avast! Antivirus"="25"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch]
"Avast_Secure_Browser"="1"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"avast! Antivirus"="31"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"Avast_Secure_Browser"="4"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"C:\Users\Jeremy\AppData\Local\Temp\AvastBrowserUninstall.exe_{F11CCB4A-60FC-4B06-9715-74325BC1F8B8}.exe"="1"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{6D809377-6AF0-444B-8957-A3773F02200E}\AVAST Software\Avast\setup\instup.exe"="1"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView]
"avast! Antivirus"="7"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView]
"Avast_Secure_Browser"="3"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids]
"AvastHTML"=""
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids]
"AvastHTML"=""
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids]
"AvastHTML"=""
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"AvastBrowserAutoLaunch_2423EE30CEE50EE68CB8AEF061DC31A9"="0x020000000000000000000000"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\AVAST Software\Avast\wsc_proxy.exe"="0x5341435001000000000000000700000028000000A0E0000071D7010001000000000000000000000A0021000067077CBAC54CD40100000000000000000200000028000000000000000000004000000000000000000000000000000000F9490000000000000200000002000000"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Avast Driver Updater\UninstallStub.exe"="0x5341435001000000000000000700000028000000D82902007D08030001000000000000000000000A7122000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000008450000000000000100000001000000"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe"="0x5341435001000000000000000700000028000000C02E26002B33260001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000000000000000000000000000000000000000CD1F0000000000000100000001000000"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\AVAST Software\Browser\AvastBrowserUninstall.exe"="0x5341435001000000000000000700000028000000C8F16200F388630001000000000000000000000A0021000050BB64EDDDACD5010000000000000000"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\AVAST Software\Avast\AvastUI.exe"="0x534143500100000000000000070000002800000098F545019993460101000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000000000000000000000000000000000000086010000000000000100000001000000"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files\AVAST Software\Avast\setup\instup.exe"="0x5341435001000000000000000700000028000000C8573B00EA9A3B0001000000000000000000000A0021000050BB64EDDDACD50100000000000000000200000028000000000000000000004000000000000000000000000000000000ACAB0100000000000100000001000000"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\AVAST Software\Avast\AvastUI.exe.FriendlyAppName"="Avast Antivirus"
[HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\AVAST Software\Avast\AvastUI.exe.ApplicationCompany"="AVAST Software"
 
 
====== End of Search ======


#5 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Yesterday, 09:57 AM

Yes these fixes can take a while to complete sometimes.
I'll get back to you on the search results.
This will do a memory check for you.

  • Press Windows Key+R keys to launch the Run window.
  • Type mdsched.exe and press Enter.
  • Click Restart now and check for problems (recommended).
  • Be sure to save your work before proceeding.
  • Your computer will then restart.
  • The Windows Memory Diagnostics Tool screen will launch.
  • The test may take several minutes and you will see a progress bar and a Status message showing any problems that have been detected.
  • When it has completed, your computer will automatically reboot.
  • After you log in, the test results should appear.
  • If they don't, right click the Start button and select Event Viewer from the menu.
  • Navigate to Windows Logs > System.
  • Click Find in the right pane.
  • Type MemoryDiagnostic into the find box and click Find.
  • In the Event Viewer, double-click the MemoryDiagnostics-Results source.
  • You will see the results displayed and also information about your RAM, at the bottom of the window.

Please include the results in your next post.



#6 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Yesterday, 02:32 PM

I need to add some more lines to the Avast search fix.

Will post this in the morning.


Edited by dennis_l, Yesterday, 03:01 PM.


#7 jesters89

jesters89
  • Topic Starter

  •  Avatar image
  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted Yesterday, 10:22 PM

Sounds good! 

 

Well, according to the program you recommended, there are no issues with the memory. I've updated drivers across the board and updated the BIOS which was from 2018. Someone on a forum having a similar issue said it was a fix for them. No luck for me. I did some microsoft Gameinput service fix. No luck. 

 

I see several warnings and some errors in the event viewer. Some warnings include:

 

Resource-Exhaustion-Detector: Windows successfully diagnosed a low virtual memory condition. The following programs consumed the most virtual memory: MidnightSuns-Win64-Shipping.exe (2636) consumed 11467534336 bytes, MsMpEng.exe (5100) consumed 405340160 bytes, and steamwebhelper.exe (19264) consumed 393285632 bytes.

 

-This is the most obvious. The Midnight Sons game is one of the two games crashing when I run it. Now Helldivers doesnt crash, but it is unplayably choppy. Again- I had issues with either game 2 days ago. 

 

I also got an information event that says: Application popup: Windows - Out of Virtual Memory : Your system is low on virtual memory. To ensure that Windows runs properly, increase the size of your virtual memory paging file. For more information, see Help. 

 

Should I do this? I dont understand why suddenly memory is an issue for me. I have 16gb of RAM and have never had any issues, even when running high end games. I can't fathom what changed. 

 

 

A bunch of DistributedCOM warnings. I dont understand these. They say things like: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID 
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user JeremyPC\Jeremy SID (S-1-5-21-3545764084-2441850025-860840010-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
And a disk warning that says: Disk 4 has the same disk identifiers as one or more disks connected to the system. Go to Microsoft's support website (http://support.microsoft.com) and search for KB2983588 to resolve the issue. 
 
Could the disk warning be related to recently setting up a second SSD by the same manufacturer? They are USB external drives. Removing one didnt fix the crashing, unfortunately. I'm not sure if its actually causing any issues. 
 
All in all, it seems I have a real issue with memory, but I can't discern what caused it or how to correct it. Looking at the Memory Performance in Task Manager tells me that about 5 gigs are in use, 11 available, and 5.7 cached. This number has climbed up to 10 at times. It says Paged Pool is 428mb and Non-paged pool is 236mb. Committed: 6.8/17.7gb. 
 
I think we are outside of the scope of what you guys offer here, so feel free to let me know if I should be taking these concerns elsewhere. I really appreciate you helping me ruleout malware. If you think there might be some indicator of a bad actor because of the memory issue, just tell me what to do. 
 
Thanks much!


#8 dennis_l

dennis_l

  •  Avatar image
  • Malware Response Team
  • 3,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:58 AM

Posted Today, 04:54 AM

Here is the script to remove the Avast remnants.
It is possible that this might help with performance.

  • Right click on the FRST icon and select Run as administrator.
  • Highlight all of the information in the text box below then hit the Ctrl + C keys together to copy the text.
  • It is not necessary to paste the information anywhere as FRST will do this for you.
Start::
CreateRestorePoint:
CloseProcesses:
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.cat
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.manifest
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.cat
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.manifest
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.cat
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.manifest
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.cat
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.manifest
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.cat
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.manifest
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.cat
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.manifest
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.cat
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.manifest
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.cat
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.manifest
C:\Windows\System32\Tasks_Migrated\Avast Driver Updater Startup
C:\Windows\System32\Tasks_Migrated\Avast Emergency Update
C:\Windows\Prefetch\AVASTNM.EXE-DDE86B71.pf
C:\Windows\Prefetch\AVASTUI.EXE-56B29A08.pf
C:\Windows\Prefetch\AVASTUI.EXE-56B29A09.pf
C:\Windows\Prefetch\AVASTUI.EXE-56B29A0A.pf
C:\Windows\Prefetch\AVASTUI.EXE-56B29A10.pf
C:\Users\Jeremy\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\avast! Antivirus
C:\Program Files\Oculus\CoreData\Manifests\C_ProgramFiles_AVASTSoftware_Avast_AvastUI.json
C:\Program Files\Oculus\CoreData\Manifests\C_ProgramFiles_AVASTSoftware_Avast_AvastUI_assets.json
2020-08-05 12:47 - 2020-08-05 12:47 _____ C:\Windows\WinSxS\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5
2020-08-05 12:47 - 2020-08-05 12:47 _____ C:\Windows\WinSxS\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128
2020-08-05 12:47 - 2020-08-05 12:47 _____ C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb
2020-08-05 12:47 - 2020-08-05 12:47 _____ C:\Windows\WinSxS\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e
2020-06-21 20:04 - 2020-08-05 08:50 _____ C:\Windows\System32\Tasks_Migrated\Avast Software
2020-01-25 13:25 - 2020-08-13 12:18 _____ C:\Program Files (x86)\Avast Driver Updater
2020-09-07 20:34 - 2020-09-07 20:34 _____ C:\Program Files\Oculus\CoreData\Software\StoreAssets\C_ProgramFiles_AVASTSoftware_Avast_AvastUI_assets
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AvastUI.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Avast Driver Updater\
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Program Files\AVAST Software
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Program Files (x86)\Avast Driver Updater
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LAV\Audio\Blacklist|avastui.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LAV\Splitter\Blacklist|avastui.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LAV\Video\Blacklist|avastui.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_http
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_https
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.htm
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.html
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.shtml
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.xht
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.xhtml
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.pdf
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|Avast_Secure_Browser
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch|avast! Antivirus
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch|Avast_Secure_Browser
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|avast! Antivirus
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|Avast_Secure_Browser
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|C:\Users\Jeremy\AppData\Local\Temp\AvastBrowserUninstall.exe_{F11CCB4A-60FC-4B06-9715-74325BC1F8B8}.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\AVAST Software\Avast\setup\instup.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|avast! Antivirus
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|Avast_Secure_Browser
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids|AvastHTML
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids|AvastHTML
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids|AvastHTML
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_2423EE30CEE50EE68CB8AEF061DC31A9
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\Avast Driver Updater\UninstallStub.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\AVAST Software\Browser\AvastBrowserUninstall.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\AVAST Software\Avast\AvastUI.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\AVAST Software\Avast\setup\instup.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\AVAST Software\Avast\AvastUI.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\AVAST Software\Avast\AvastUI.exe.ApplicationCompany
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\Avast Driver Updater.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AvastSvc_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AvastSvc_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.mfc_fcc99ee6193ebbca_none_018be6966dc83925
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_eea141d5921f913b
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\com.avast.nativeproxy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe
DeleteKey: HKEY_USERS\.DEFAULT\Software\Avast Software
DeleteKey: HKEY_USERS\.DEFAULT\Software\Avast Software\Avast
DeleteKey: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Avast Software
DeleteKey: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\AvastAdSDK
DeleteKey: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{6736683e-4fba-40c9-abdd-48e10cca15e6}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avast antivirus
DeleteKey: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{6736683e-4fba-40c9-abdd-48e10cca15e6}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avast antivirus
End::
  • Click on the Fix button just once and wait.
  • Please make sure you let the system restart normally. After that let the tool complete its run.
  • When it's finished FRST will generate a log in the location you ran the tool from. (Fixlog.txt).

Please copy the contents from this text file and paste into your next reply.
---------------------------------------------------------------------------------------------------------------------------------
Let's finish our checks for malware next.
I'd now like you to run a full scan with ESET Online Scanner.

  • Download ESET Online Scanner from here and save it to your Desktop.
  • Right click the esetonlinescanner.exe file you downloaded and select Run as administrator.
  • Select your desired language from the drop-down menu and click Get started.
  • Click Yes if a User Account window appears.
  • In the Terms of use screen, click Accept if you agree to the Terms of use.
  • Click Get started in the welcome screen.
  • Select your preference for the Customer Experience Improvement Program and the Detection feedback system.Click Continue.
  • Click Computer scan, in the Welcome back screen.
  • Choose Full scan on the next screen.
  • Select Enable ESET to detect and quarantine potentially unwanted applications.Then click Start scan
  • Please note that this process can take several hours to complete.
  • At the end of the scan, the Found and resolved detections screen may be displayed. You can click View detailed results to view specific information. Click Continue.
  • On the following screen click Save scan log and save it to your Desktop as ESETScan.txt. Click Continue.
  • ESET Online Scanner will now ask if you wish to turn on the Periodic Scan feature.I suggest that you do not do this for now Click Continue
  • You are offered a 30 day trial of ESET Internet Security on the next screen. Click Continue
  • On the next screen, you can leave feedback about the program if you wish.
  • There is an option to delete the application's data on closing, but we can but we can do this later.
  • If you left feedback, click Submit and Close. If not, click Close.
  • Copy and paste the contents of the ESETScan.txt file in your next reply.

--------------------------------------------------------------------------------------------------------------------
Then please do this.
Resource Monitor

  •     Press Windows Key + R at the same time.
  •     In the Run box type resmon and press Enter.
  •     Click on the Memory tab.
  •     You may have to maximize the window to see all the data.
  •     If necessary, click on the Commit (KB) column, so that the numbers go from highest to lowest.
  •     Maximize the view.
  •     Take a screen shot and include in your next reply.
  • In the Resource Monitor window, now select the CPU tab.
  • Select the Average CPU column header to sort the list by overall CPU usage.
  • Make sure that the arrow that appears on the header points down to sort the data from highest to lowest CPU consumption.
  • Please take another screen shot and include in your next reply.

-------------------------------------------------------------------------------------------------------------------------------
Finally please check if any Windows Updates were installed on the date the issues started.
To do this type CMD in taskbar search and when Command Prompt appears press Enter.
At the prompt in the Command Prompt window, enter the following command:
wmic qfe list
And press Enter.

We can get an updated list of errors later and investigate these further, if necessary.
As you say if the virtual memory paging file was a problem, then one would have expected to see issues before now.



#9 jesters89

jesters89
  • Topic Starter

  •  Avatar image
  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted Today, 09:08 AM

Boy- AVAST sure left a lot of garbage behind.

Here is the FRST fixlog. I'm planning to run the virus scan while at work. I'll post later today with the last few stesp:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05.03.2024
Ran by Jeremy (05-03-2024 08:00:00) Run:3
Running from C:\Users\Jeremy\Desktop\PC Maintenance
Loaded Profiles: Jeremy
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.cat
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.manifest
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.cat
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.manifest
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.cat
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.manifest
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.cat
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.manifest
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.cat
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.manifest
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.cat
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.manifest
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.cat
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.manifest
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.cat
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.manifest
C:\Windows\System32\Tasks_Migrated\Avast Driver Updater Startup
C:\Windows\System32\Tasks_Migrated\Avast Emergency Update
C:\Windows\Prefetch\AVASTNM.EXE-DDE86B71.pf
C:\Windows\Prefetch\AVASTUI.EXE-56B29A08.pf
C:\Windows\Prefetch\AVASTUI.EXE-56B29A09.pf
C:\Windows\Prefetch\AVASTUI.EXE-56B29A0A.pf
C:\Windows\Prefetch\AVASTUI.EXE-56B29A10.pf
C:\Users\Jeremy\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\avast! Antivirus
C:\Program Files\Oculus\CoreData\Manifests\C_ProgramFiles_AVASTSoftware_Avast_AvastUI.json
C:\Program Files\Oculus\CoreData\Manifests\C_ProgramFiles_AVASTSoftware_Avast_AvastUI_assets.json
2020-08-05 12:47 - 2020-08-05 12:47 _____ C:\Windows\WinSxS\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5
2020-08-05 12:47 - 2020-08-05 12:47 _____ C:\Windows\WinSxS\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128
2020-08-05 12:47 - 2020-08-05 12:47 _____ C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb
2020-08-05 12:47 - 2020-08-05 12:47 _____ C:\Windows\WinSxS\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e
2020-06-21 20:04 - 2020-08-05 08:50 _____ C:\Windows\System32\Tasks_Migrated\Avast Software
2020-01-25 13:25 - 2020-08-13 12:18 _____ C:\Program Files (x86)\Avast Driver Updater
2020-09-07 20:34 - 2020-09-07 20:34 _____ C:\Program Files\Oculus\CoreData\Software\StoreAssets\C_ProgramFiles_AVASTSoftware_Avast_AvastUI_assets
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|AvastUI.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders|C:\Program Files (x86)\Avast Driver Updater\
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Program Files\AVAST Software
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Program Files (x86)\Avast Driver Updater
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LAV\Audio\Blacklist|avastui.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LAV\Splitter\Blacklist|avastui.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LAV\Video\Blacklist|avastui.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_http
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_https
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.htm
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.html
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.shtml
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.xht
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.xhtml
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts|AvastHTML_.pdf
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|Avast_Secure_Browser
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch|avast! Antivirus
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch|Avast_Secure_Browser
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|avast! Antivirus
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|Avast_Secure_Browser
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|C:\Users\Jeremy\AppData\Local\Temp\AvastBrowserUninstall.exe_{F11CCB4A-60FC-4B06-9715-74325BC1F8B8}.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{6D809377-6AF0-444B-8957-A3773F02200E}\AVAST Software\Avast\setup\instup.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|avast! Antivirus
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|Avast_Secure_Browser
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids|AvastHTML
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids|AvastHTML
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids|AvastHTML
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastBrowserAutoLaunch_2423EE30CEE50EE68CB8AEF061DC31A9
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\Avast Driver Updater\UninstallStub.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\AVAST Software\Browser\AvastBrowserUninstall.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\AVAST Software\Avast\AvastUI.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files\AVAST Software\Avast\setup\instup.exe
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\AVAST Software\Avast\AvastUI.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\AVAST Software\Avast\AvastUI.exe.ApplicationCompany
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\Avast Driver Updater.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AvastSvc_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AvastSvc_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.mfc_fcc99ee6193ebbca_none_018be6966dc83925
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_eea141d5921f913b
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\com.avast.nativeproxy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe
DeleteKey: HKEY_USERS\.DEFAULT\Software\Avast Software
DeleteKey: HKEY_USERS\.DEFAULT\Software\Avast Software\Avast
DeleteKey: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Avast Software
DeleteKey: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\AvastAdSDK
DeleteKey: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{6736683e-4fba-40c9-abdd-48e10cca15e6}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avast antivirus
DeleteKey: HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{6736683e-4fba-40c9-abdd-48e10cca15e6}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avast antivirus
End::
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.manifest => moved successfully
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.manifest => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.manifest => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.manifest => moved successfully
C:\Windows\System32\Tasks_Migrated\Avast Driver Updater Startup => moved successfully
C:\Windows\System32\Tasks_Migrated\Avast Emergency Update => moved successfully
C:\Windows\Prefetch\AVASTNM.EXE-DDE86B71.pf => moved successfully
C:\Windows\Prefetch\AVASTUI.EXE-56B29A08.pf => moved successfully
C:\Windows\Prefetch\AVASTUI.EXE-56B29A09.pf => moved successfully
C:\Windows\Prefetch\AVASTUI.EXE-56B29A0A.pf => moved successfully
C:\Windows\Prefetch\AVASTUI.EXE-56B29A10.pf => moved successfully
C:\Users\Jeremy\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\avast! Antivirus => moved successfully
C:\Program Files\Oculus\CoreData\Manifests\C_ProgramFiles_AVASTSoftware_Avast_AvastUI.json => moved successfully
C:\Program Files\Oculus\CoreData\Manifests\C_ProgramFiles_AVASTSoftware_Avast_AvastUI_assets.json => moved successfully
 
"C:\Windows\WinSxS\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5" folder move:
 
C:\Windows\WinSxS\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5 => moved successfully
 
"C:\Windows\WinSxS\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128" folder move:
 
C:\Windows\WinSxS\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128 => moved successfully
 
"C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb" folder move:
 
C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb => moved successfully
 
"C:\Windows\WinSxS\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e" folder move:
 
C:\Windows\WinSxS\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e => moved successfully
 
"C:\Windows\System32\Tasks_Migrated\Avast Software" folder move:
 
C:\Windows\System32\Tasks_Migrated\Avast Software => moved successfully
 
"C:\Program Files (x86)\Avast Driver Updater" folder move:
 
C:\Program Files (x86)\Avast Driver Updater => moved successfully
 
"C:\Program Files\Oculus\CoreData\Software\StoreAssets\C_ProgramFiles_AVASTSoftware_Avast_AvastUI_assets" folder move:
 
C:\Program Files\Oculus\CoreData\Software\StoreAssets\C_ProgramFiles_AVASTSoftware_Avast_AvastUI_assets => moved successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AvastUI.exe" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\AvastUI.exe" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\Avast Driver Updater\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168" => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths => Access Denied
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths => Access Denied
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LAV\Audio\Blacklist\\avastui.exe" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LAV\Splitter\Blacklist\\avastui.exe" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\LAV\Video\Blacklist\\avastui.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_http" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_https" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_.htm" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_.html" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_.shtml" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_.xht" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_.xhtml" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\\AvastHTML_.pdf" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated\\Avast_Secure_Browser" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch\\avast! Antivirus" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch\\Avast_Secure_Browser" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\avast! Antivirus" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\Avast_Secure_Browser" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\C:\Users\Jeremy\AppData\Local\Temp\AvastBrowserUninstall.exe_{F11CCB4A-60FC-4B06-9715-74325BC1F8B8}.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\{6D809377-6AF0-444B-8957-A3773F02200E}\AVAST Software\Avast\setup\instup.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView\\avast! Antivirus" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView\\Avast_Secure_Browser" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithProgids\\AvastHTML" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithProgids\\AvastHTML" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithProgids\\AvastHTML" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AvastBrowserAutoLaunch_2423EE30CEE50EE68CB8AEF061DC31A9" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files (x86)\Avast Driver Updater\UninstallStub.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files (x86)\AVAST Software\Browser\AvastBrowserUninstall.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\AVAST Software\Avast\AvastUI.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files\AVAST Software\Avast\setup\instup.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\AVAST Software\Avast\AvastUI.exe.FriendlyAppName" => removed successfully
"HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\AVAST Software\Avast\AvastUI.exe.ApplicationCompany" => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\Avast Driver Updater.exe => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AvastSvc_RASAPI32 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\AvastSvc_RASMANCS => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.mfc_fcc99ee6193ebbca_none_018be6966dc83925 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_eea141d5921f913b => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe => removed successfully
RegLink Found. Source: "" => Target: "HKLM\SOFTWARE\Avast Software"
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software" => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\com.avast.nativeproxy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastBrowserUpdate.exe => not found
HKEY_USERS\.DEFAULT\Software\Avast Software => removed successfully
"HKEY_USERS\.DEFAULT\Software\Avast Software\Avast" => not found
HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Avast Software => removed successfully
HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\AvastAdSDK => removed successfully
HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{6736683e-4fba-40c9-abdd-48e10cca15e6}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avast antivirus => removed successfully
HKEY_USERS\S-1-5-21-3545764084-2441850025-860840010-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{6736683e-4fba-40c9-abdd-48e10cca15e6}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avast antivirus => removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 08:00:18 ====


#10 jesters89

jesters89
  • Topic Starter

  •  Avatar image
  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted Today, 06:46 PM

Alright. Ran the rest of the steps. I also remembered that several months ago my PC stopped going to sleep when idle despite being configured to do so. Might that have something to do with all this? 

 

No updates since early-mid February, so that doesnt seem like the culprit. 

 

I had a TON of processes using memory and CPU. I thought it might be easiest to upload the pics to IMGUR for review. Links below. Maybe this is the issue? Perhaps I should have so many processes pulling memory? 

 

Here are the links followed by the scan log. 

 

Memory screen caps 1-6

https://i.imgur.com/CemhFTL.png

https://i.imgur.com/SAXxHBP.png

https://i.imgur.com/hhhxHUG.png

https://i.imgur.com/iJyq3Pd.png

https://i.imgur.com/tKf6BUP.png

https://i.imgur.com/vhA6OIe.png

 

CPU Screen Caps 1-5

https://i.imgur.com/yEyT2kg.png

https://i.imgur.com/WXwGYMy.png

https://i.imgur.com/opkKrWA.png

https://i.imgur.com/OdPUdFp.png

https://i.imgur.com/YhYOJwA.png

 

Virus Log:

3/5/2024 17:26:16 PM
Files scanned: 1537356
Detected files: 3
Cleaned files: 3
Total scan time 06:19:59
Scan status: Finished
C:\FRST\Quarantine\C\Users\Jeremy\AppData\Local\AVAST Software\Avast Driver Updater\Updates\hdd.exe a variant of Win32/Slimware.A potentially unwanted application cleaned by deleting
 
E:\FileHistory\Jeremy\JEREMYPC\Data\C\Users\Jeremy\Downloads\aimp_5.11.2436_w64 (2023_11_07 01_08_18 UTC).exe a variant of Win64/AIMP.A potentially unwanted application cleaned by deleting
 
E:\FileHistory\Jeremy\JEREMYPC\Data\C\Users\Jeremy\Downloads\uTorrent (2022_11_06 23_24_14 UTC).exe Win32/OfferCore.C potentially unwanted application,a variant of Win32/OfferCore.D potentially unwanted application cleaned by deleting





4 user(s) are reading this topic

0 members, 4 guests, 0 anonymous users