www.bleepingcomputer.com
Open in
urlscan Pro
104.20.59.209
Public Scan
Submitted URL: https://www.bleepingcomputer.com/forums/t/769713/hardware-replaced-x4-with-system-degradation-over-time-freezehangshutdowns/#entr...
Effective URL: https://www.bleepingcomputer.com/forums/t/769713/hardware-replaced-x4-with-system-degradation-over-time-freezehangshutdowns/
Submission: On April 08 via api from US — Scanned from DE
Effective URL: https://www.bleepingcomputer.com/forums/t/769713/hardware-replaced-x4-with-system-degradation-over-time-freezehangshutdowns/
Submission: On April 08 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:769713" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="22">
<input type="hidden" name="t" value="769713">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/769713/hardware-replaced-x4-with-system-degradation-over-time-freezehangshutdowns/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
* Sign In
* Create Account
Search Advanced This topic
* Search section:
* This topic
* Forums
* Members
* Help Files
* Calendar
*
* View New Content
* Forum Rules
* BleepingComputer.com
* Forums
* Members
* Tutorials
* Startup List
* Virus Removal
* Downloads
* Uninstall List
* Welcome Guide
* More
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please
re-enable javascript to access full functionality.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come
together to discuss and learn how to use their computers. Using the site is easy
and fun. As a guest, you can browse and view the various discussions in the
forums, but can not create a new topic or reply to an existing one unless you
are logged in. Other benefits of registering an account are subscribing to
topics and forums, creating a blog, and having no ads shown anywhere on the
site.
Click here to Register a free account now! or read our Welcome Guide to learn
how to use this site.
Latest News: Microsoft takes down APT28 domains used in attacks against
Ukraine
Featured Deal: Automate Microsoft Windows tasks with this PowerShell training
bundle
HARDWARE REPLACED X4 WITH SYSTEM DEGRADATION OVER TIME: FREEZE/HANG/SHUTDOWNS
Started by Delusionz , Mar 11 2022 02:21 PM
* Page 1 of 5
* 1
* 2
* 3
* Next
* »
* This topic is locked
63 replies to this topic
#1 DELUSIONZ
Delusionz
*
* Members
* 43 posts
* OFFLINE
* Gender:Female
* Location:Texas
* Local time:07:59 AM
Posted 11 March 2022 - 02:21 PM
I'm running a L340-15API Laptop (ideapad) - Type 81LW x64 based laptop
Windows 11 Home Version 10.0.22000 Build 22000
Lenovo Bios ARCN37WW, 5/14/2022 Ver 3.1 EUFI
Lenovo Motherboard LNVNB161216, version SDK0K17763WIN
2X4 gb for 8GB RAM, Total Physical Memory 5.88,
Available physical memory 946 MB (wow!!)
Total Virtual Memory 13.2 GB
Available Virtual Memory 4.03 GB
Page File Space 7.28 GB Yes, I gave it an outlandish amount of Virtual RAM
because I was sick of freezing, as Lenovo continues to load Bloatware for their
own selfish needs.
2 days ago I had 1.76 GB of original RAM available and today, I'm eating away at
a large chunk of Virtual RAM
This thing just keeps eating the RAM (Lenovo modules)
I have been working with Lenovo for the past year, and carrying an extended,
warranty. It started out with my complaints that the system was having
application hangs, crashes and freezes and shutdowns and it seemed the same
every time, starting with a disappearing, slow to respond or frozen mouse
pointer using the original touchpad at that time. They led me through reset
after reset and restore and fresh start and on and on. From February 2021 to
October 2021, they have sent a technician THREE different times to replace the
Hard Drive, and the Motherboard, as well as another item that I cannot recall
(they don't ever let me have an invoice detailing the work done).
After each new installation, the tech would leave me with the Lenovo Recovery
USB running and the machine would work fine for a day or two and I would noticed
the almost imperceptible moment when the mouse would get lost or get stuck and I
would hold my breath knowing we were again on the same path of degradation.
Lenovo tells me to stop looking at Event logs, but I'm not a doomsday advocate
simply complaining about what I see there, I only GO there when I have issues!!
Anyway, I began watching Event Logs at key times/behaviors, just for a learning
thing and I could see that services were stopped, or shut down, or unable to
restart, and eventually there would a slew of things that failed to start
because other services they were dependent on had long ago stopped working. The
Windows Update driver constantly fails to load, although that gets fixed i guess
during routine maintenance.
It was just a gradual degradation of the whole system, and Lenovo would ask me
to reset again......and again.....until I'm ready to chop off heads!!! We did
that dance through 3 hardware replacements of the hard drive and motherboard.
and three Recovery USB replacements.
In about November or so, I started noticing more and more Lenovo components
active in Task Manager and seeing those components failing more and more in the
Event Viewer, and with Lenovo's increased presence, I noticed my RAM
availability shrinking, so now there were low memory issues on top of all the
rest!
In January they begrudgingly convinced me to let the device go into their repair
Depot for a full evaluation. I attempted to do a full backup onto Disks prior to
sending it in, but discovered during that process that the Optical Drive I had
never used until now was not working **Eyeroll**
It came home from Depot with a new facelift (replaced the whole lower half of
the laptop from headphone jacks to CD/DVD rom and keyboard, to hard drive? and
motherboard? and a battery, but it would seem they did absolutely NADA to my OS,
So they just put some lipstick on the PIG and sent her back to me.
What I left out:
A whole lot of intense details that were repetitive,
Some application error where Firewall was behaving oddly and/or shut down
Same with Malwarbytes running as my AV - I'm back to Microsoft standard AV and
Firewall
What I've tried:
*As noted above.
*Also I have run the Malicious Software Removal tool some time back and it
removed something (i'm pretty sure its the same "Virus" that I will show for
Microsoft Safety Scanner below.....
*Microsoft Safety Scanner run found 6 infected files, and it supposedly removed
the following Malware:
VirTool: =Win32/Defender TamperingRestore (Removed)
**throws hand in the air**
Following is my FRST scan results.
Thanks for your time.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2022
Ran by fabfi (administrator) on LENOVOLASTCHANC (LENOVO 81LW) (11-03-2022
11:52:34)
Running from C:\Users\fabfi\Desktop
Loaded Profiles: fabfi
Platform: Microsoft Windows 11 Home Version 21H2 22000.556 (X64) Language:
English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)
(Advanced Micro Devices Inc.) C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(Advanced Micro Devices Inc.) C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe
->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files
(x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(DeviceSettingsHeartbeatAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe
->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files
(x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe
->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files
(x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe
->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files
(x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe
->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files
(x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe
->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files
(x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(LenovoSecurityAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe
->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files
(x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe
->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files
(x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(SmartInteractAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe
->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files
(x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(SmartPrivacyAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe
->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files
(x86)\Lenovo\VantageService\3.11.20.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common
Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe
->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->)
(Lenovo -> Lenovo Group Ltd.)
C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->)
(Lenovo -> Lenovo Group Ltd.)
C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
<3>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->)
(Lenovo -> Lenovo Group Ltd.)
C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->)
(Lenovo -> Lenovo Group Ltd.)
C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited)
C:\Users\fabfi\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_925ded1d9428eaee\DAX3API.exe
->) (Dolby Laboratories, Inc. -> Dolby Laboratories)
C:\Windows\System32\DriverStore\FileRepository\DAX3_S~2.INF\DAX3API.exe
(ETDCtrl.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics
Corp.) C:\Windows\System32\ETDTouch.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics
Corp.) C:\Windows\System32\ETDCtrl.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics
Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files (x86)\Microsoft\Edge\Application\msedge.exe <16>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files\Microsoft Office\root\Office16\ONENOTE.EXE
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common
Files\DynamicAppDownloader\Downloads\OSSwitchService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft
Office\root\Office16\ONENOTEM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD)
C:\Windows\System32\DriverStore\FileRepository\u0359203.inf_amd64_defa562a856800f4\B357435\atiesrxx.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories)
C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_925ded1d9428eaee\DAX3API.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics
Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program
Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files
(x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.)
C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program
Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher ->
Advanced Micro Devices, Inc.) C:\Windows\System32\amdlogsr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher ->
Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor)
C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_74518f403e753586\RtkAudUService64.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\DisplaySwitch.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] =>
C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_74518f403e753586\RtkAudUService64.exe
[1219312 2020-12-23] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll
[3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher ->
Logitech)
HKLM\...\Print\Monitors\HP 5912 Status Monitor: hpinksts5912LM.dll
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8600):
HPDiscoPM5912.dll
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program
Files\Google\Chrome\Application\99.0.4844.51\Installer\chrmstp.exe [2022-03-05]
(Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers:
[{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\fabfi\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\Send to OneNote.lnk [2022-03-11]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft
Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft
Corporation)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
Task: {047A5997-F0E4-44CA-B91C-CFC3D3F34D53} - System32\Tasks\Mirkat =>
C:\Users\fabfi\AppData\Local\Microsoft\WindowsApps\MirkatService.exe /logon (No
File)
Task: {084C0D04-1264-4717-BC9C-742B235D31D7} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\36a194a3-1b10-47a0-81fb-b234d6ac3cf3
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {129A3DFF-6ABE-4C6D-A18D-9D14B4EB760D} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\3a5d997d-a379-46c0-912f-3cf536dbbf85
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {4D61B23A-A92E-4945-A7C1-2B150BB2C29F} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification
=> C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-03-05] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {4DB8A333-18D2-4520-ACD7-8B53D84E366B} -
System32\Tasks\McAfee\mfewin10switch => C:\Program
Files\McAfeeOSDetection\1.7.104\DADUpdater.exe [4089168 2022-02-08] (McAfee, LLC
-> McAfee, LLC)
Task: {5350AB99-6FE9-42D4-ADE9-5E384149426B} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache
Maintenance => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-03-05] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {5744A087-676F-4AF2-9047-D6E8BD240B9B} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled
Scan => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2201.10-0\MpCmdRun.exe [925848 2022-03-05] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {59CE211C-5D64-4A38-8140-752C33050327} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup =>
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe
[925848 2022-03-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {63DD0C15-0417-4ADD-90A0-517DAE398A83} -
System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance =>
C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
[145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {6E3370C0-C4E7-4461-9ECD-A499478719B3} -
System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program
Files\Microsoft Office\root\Office16\sdxhelper.exe [137072 2022-03-11]
(Microsoft Corporation -> Microsoft Corporation)
Task: {767558E9-A1C0-444E-81BC-67A151E1FE34} -
System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask
=> %windir%\System32\reg.exe add
hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f
/reg:32
Task: {7A760C1D-78A2-4ADF-A68F-262EBF7F7197} -
System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor =>
C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo ->
Lenovo Group Ltd.)
Task: {7B81B0E3-A3FB-4E08-ACDC-58E6CF2EB945} -
System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22580696
2022-03-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {7FA5FB60-7960-4F30-830D-46E7F25D1AE7} -
System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance =>
"%windir%\system32\sc.exe" START ImControllerService
Task: {85CDFC1C-9F56-4CBB-82AE-32694B580237} -
System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files
(x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20]
(Lenovo -> Lenovo Group Ltd.)
Task: {86797681-00CA-4BDA-982B-959DC0265A25} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\25618efe-7600-4064-8c13-6f3a52c02148
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {8D12D52A-FF18-47B8-8AC5-2FE6B210F543} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\b139c84f-b1cc-4d37-9aed-c1004403cd6e
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {9E9177D5-6CEB-42A9-B70F-87232877AB0F} - System32\Tasks\LenovoUtility
Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {B3A8C2B7-91C2-4E46-ABE1-564EF68FB5C0} -
System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program
Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344
2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {B4452A6A-C773-4A3C-94B0-EE78449B29D7} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\d3283e69-1ba6-438e-bc2e-fd5bfcd6d0ad
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {BA043EA2-EFA6-4D40-99DB-BAB2FD11B60A} -
System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask =>
C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe
[25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {C5615E7A-BC32-48A7-8C3A-3E166C5FFB0C} -
System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan =>
C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe
[25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.)
Task: {C6AB035E-FDD3-420D-BD5A-29AAB13F9B6F} - System32\Tasks\OneDrive
Standalone Update Task-S-1-5-21-3491684324-3942835478-4158577442-500 =>
C:\Users\fabfi\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(No File)
Task: {C7D551D2-D267-4CC7-ACF5-13060E2D63D7} -
System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft
Shared\Office16\operfmon.exe [59232 2022-03-05] (Microsoft Corporation ->
Microsoft Corporation)
Task: {CA664B1E-2F7C-432C-8E43-7915CC6394AC} -
System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program
Files\Microsoft Office\root\Office16\sdxhelper.exe [137072 2022-03-11]
(Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} -
System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
=> C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D4E05EB2-BE4E-44D7-AE24-DC1A86362D5B} -
System32\Tasks\GoogleUpdateTaskMachineCore{539E034A-CA36-48AE-BB90-A41F11E03EB6}
=> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-05]
(Google LLC -> Google LLC)
Task: {D6A9DCC4-1C5E-4CB0-9E80-D86F0EB07F84} -
System32\Tasks\GoogleUpdateTaskMachineUA{A0FD0F6C-7172-461E-B806-871177C4D59D}
=> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-05]
(Google LLC -> Google LLC)
Task: {ECDADC1B-7C65-480E-925A-C95A59E164D7} -
System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program
Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22580696
2022-03-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {EEE80B6B-EE9D-493E-B49F-7D0F4B40F539} - System32\Tasks\Lenovo\Lenovo
Service Bridge\S-1-5-21-3491684324-3942835478-4158577442-1001 =>
C:\Users\fabfi\AppData\Local\Programs\Lenovo\Lenovo Service
Bridge\LSBUpdater.exe [88408 2021-12-29] (Lenovo (Beijing) Limited -> Lenovo
Group Limited)
Task: {FD3D2242-02A5-451A-AB76-640692B025B2} -
System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance =>
%systemroot%\system32\sc.exe start LenovoVantageService
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{bcaab3a1-f4b0-4ffb-811e-0d570a582bb1}: [DhcpNameServer]
192.168.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\fabfi\AppData\Local\Microsoft\Edge\User Data\Default
[2022-03-11]
Edge HomePage: Default -> hxxp://www.msn.com/?pc=LCTE
Edge Extension: (LastPass: Free Password Manager) -
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2022-03-11]
Edge Extension: (Google Scholar Button) -
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fciokoalnclhnonofghacdplgpafdcgl [2022-03-09]
Edge Extension: (McAfee® WebAdvisor) -
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2022-03-04]
Edge Extension: (Capital One Shopping: Add to Edge for Free) -
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\kiiaghlmeikbpmeabhilfphikfcefljn [2022-03-04]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft
Office\root\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation ->
Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\NPSPWRAP.DLL [2022-03-05] (Microsoft Corporation -> Microsoft
Corporation)
Chrome:
=======
CHR Profile: C:\Users\fabfi\AppData\Local\Google\Chrome\User Data\Default
[2022-03-11]
CHR Extension: (Slides) - C:\Users\fabfi\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-03-05]
CHR Extension: (Docs) - C:\Users\fabfi\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-03-05]
CHR Extension: (Google Drive) - C:\Users\fabfi\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-03-05]
CHR Extension: (YouTube) - C:\Users\fabfi\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-03-05]
CHR Extension: (Sheets) - C:\Users\fabfi\AppData\Local\Google\Chrome\User
Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-03-05]
CHR Extension: (Google Docs Offline) -
C:\Users\fabfi\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-11]
CHR Extension: (AdBlock — best ad blocker) -
C:\Users\fabfi\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-03-09]
CHR Extension: (LastPass: Free Password Manager) -
C:\Users\fabfi\AppData\Local\Google\Chrome\User
Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2022-03-11]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\fabfi\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-05]
CHR Extension: (Gmail) - C:\Users\fabfi\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-03-05]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft
Shared\ClickToRun\OfficeClickToRun.exe [11649952 2022-02-25] (Microsoft
Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI;
C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_925ded1d9428eaee\DAX3API.exe
[2205144 2020-12-22] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [334728 2020-12-20]
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HPPrintScanDoctorService; C:\Program
Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [260256 2022-03-05] (HP
Inc. -> HP Inc.)
R2 ImControllerService;
C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files
(x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe [28928
2022-01-20] (Lenovo -> Lenovo Group Ltd.)
S3 mcafeeintegrationservice;
C:\WINDOWS\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\mcafeeintegrationservice.exe
[3990496 2020-08-20] (McAfee, LLC -> McAfee)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2201.10-0\NisSrv.exe [2909208 2022-03-05] (Microsoft
Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2201.10-0\MsMpEng.exe [128376 2022-03-05] (Microsoft
Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
S3 Hsp; C:\WINDOWS\System32\drivers\Hsp.sys [110904 2022-03-04] (Microsoft
Windows -> Microsoft Corporation)
R3 McAfeeIntegrationDriver;
C:\WINDOWS\System32\drivers\McAfeeIntegrationDriver.sys [49664 2020-08-20]
(McAfee, LLC -> McAfee)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2022-03-05]
(Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [438520 2022-03-05]
(Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-05]
(Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-11 11:52 - 2022-03-11 11:54 - 000023053 _____
C:\Users\fabfi\Desktop\FRST.txt
2022-03-11 11:33 - 2022-03-11 11:33 - 000011653 _____
C:\Users\fabfi\Documents\3.11.22 goes with reliability report.txt
2022-03-11 11:26 - 2022-03-11 11:26 - 000078904 _____
C:\Users\fabfi\Documents\Report 3.11.22.XML
2022-03-11 01:51 - 2022-03-11 01:51 - 000093028 _____
C:\Users\fabfi\Documents\2020 Individual Tax Return.pdf
2022-03-10 23:28 - 2022-03-10 23:28 - 000000315 _____
C:\Users\fabfi\Desktop\Interactive Tax Assistant (ITA).url
2022-03-10 23:28 - 2022-03-10 23:28 - 000000159 _____ C:\Users\fabfi\Desktop\Who
Qualifies for the Earned Income Tax Credit (EITC) - Internal Revenue Service.url
2022-03-10 23:28 - 2022-03-10 23:28 - 000000079 _____
C:\Users\fabfi\Desktop\Book Eye Exam.url
2022-03-10 23:28 - 2022-03-10 23:28 - 000000066 _____
C:\Users\fabfi\Desktop\2021 Publication 907.url
2022-03-09 01:51 - 2022-03-09 01:51 - 000008951 _____
C:\Users\fabfi\Documents\Narrative for.txt
2022-03-08 18:08 - 2022-03-08 18:08 - 000267129 _____
C:\Users\fabfi\Downloads\Taylor CAD - Property Details.pdf
2022-03-08 17:01 - 2022-03-08 17:01 - 000015016 _____
C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-03-08 16:43 - 2022-03-08 16:43 - 000000000 ___HD C:\$WinREAgent
2022-03-08 11:13 - 2022-03-08 11:13 - 000000000 ____D C:\ProgramData\Propagation
2022-03-08 08:15 - 2022-03-08 08:15 - 000000172 _____
C:\Users\fabfi\Desktop\what is an MTA file- - Search.url
2022-03-08 08:05 - 2022-03-08 08:05 - 000000000 ____D
C:\Users\fabfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2022-03-08 02:58 - 2022-03-08 02:58 - 032701616 _____ (HP)
C:\Users\fabfi\Downloads\HPEPrintAppSetupx64.exe
2022-03-07 20:45 - 2022-03-07 20:45 - 000000000 ____D
C:\Users\fabfi\AppData\Local\ElevatedDiagnostics
2022-03-07 18:26 - 2022-03-08 12:13 - 000015479 _____ C:\Users\fabfi\Desktop\to
report to supervisor via customer service.txt
2022-03-07 16:20 - 2022-03-07 16:20 - 000210432 _____
C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-03-07 16:07 - 2022-03-07 16:07 - 000001717 _____ C:\Users\Public\Desktop\HP
Print and Scan Doctor.lnk
2022-03-07 16:07 - 2022-03-07 16:07 - 000000000 ____D
C:\Users\fabfi\AppData\Roaming\HPPSDr
2022-03-07 16:05 - 2022-03-07 16:05 - 011850544 _____
C:\Users\fabfi\Downloads\HPPSdr.exe
2022-03-07 16:05 - 2022-03-07 16:05 - 000000000 ____D C:\HP
2022-03-07 06:02 - 2022-03-11 11:53 - 000000000 ____D C:\FRST
2022-03-07 05:10 - 2022-03-11 10:55 - 000000000 ____D
C:\Users\fabfi\Desktop\FARBAR
2022-03-07 05:07 - 2022-03-09 20:07 - 002364928 _____ (Farbar)
C:\Users\fabfi\Desktop\FRST64.exe
2022-03-06 20:16 - 2022-03-06 20:16 - 000000077 _____
C:\Users\fabfi\Desktop\Credit Karma.url
2022-03-06 18:05 - 2022-03-06 18:05 - 000000073 _____
C:\Users\fabfi\Desktop\Asurion Photos.url
2022-03-06 17:19 - 2022-03-06 17:19 - 000000232 _____
C:\Users\fabfi\Desktop\Fix- Windows 11 Cannot Open Windows Security -
Technipages.url
2022-03-05 23:59 - 2022-03-07 20:58 - 000000000 ____D C:\ProgramData\HP
2022-03-05 23:59 - 2022-03-07 20:58 - 000000000 ____D C:\Program Files (x86)\HP
2022-03-05 23:57 - 2022-03-06 00:10 - 000000000 ____D
C:\Users\fabfi\AppData\Local\HP
2022-03-05 23:56 - 2022-03-05 23:56 - 126241168 _____
C:\Users\fabfi\Downloads\Full_Webpack-1312-OJ8600_Full_Webpack.exe
2022-03-05 16:10 - 2022-03-05 16:10 - 000002330 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-05 16:10 - 2022-03-05 16:10 - 000002289 _____
C:\Users\Public\Desktop\Google Chrome.lnk
2022-03-05 16:10 - 2022-03-05 16:10 - 000000000 ____D C:\Program Files\Google
2022-03-05 16:09 - 2022-03-11 11:14 - 000000000 ____D C:\Program Files
(x86)\Google
2022-03-05 16:09 - 2022-03-05 16:32 - 000000000 ____D
C:\Users\fabfi\AppData\Local\Google
2022-03-05 16:09 - 2022-03-05 16:09 - 000003496 _____
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{A0FD0F6C-7172-461E-B806-871177C4D59D}
2022-03-05 16:09 - 2022-03-05 16:09 - 000003372 _____
C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{539E034A-CA36-48AE-BB90-A41F11E03EB6}
2022-03-05 15:21 - 2022-03-05 15:21 - 000000072 _____
C:\Users\fabfi\Desktop\Taylor County.url
2022-03-05 14:57 - 2022-03-10 00:03 - 000003386 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d83052c4d3bd30
2022-03-05 02:32 - 2022-03-05 02:32 - 000000000 ____D C:\Program
Files\HPPrintScanDoctor
2022-03-04 23:52 - 2022-03-04 23:52 - 000000000 ____D
C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-03-04 23:51 - 2022-03-04 23:51 - 000000000 ____D C:\ProgramData\Microsoft
OneDrive
2022-03-04 23:47 - 2022-03-04 23:47 - 000000020 ___SH C:\Users\fabfi\ntuser.ini
2022-03-04 23:44 - 2022-03-10 00:03 - 000003480 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-04 23:44 - 2022-03-09 19:06 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-04 23:44 - 2022-03-08 08:05 - 000000000 ____D
C:\WINDOWS\system32\Tasks\Lenovo
2022-03-04 23:44 - 2022-03-04 23:44 - 000004036 _____
C:\WINDOWS\system32\Tasks\LenovoUtility Startup
2022-03-04 23:44 - 2022-03-04 23:44 - 000003184 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-03-04 23:44 - 2022-03-04 23:44 - 000002858 _____
C:\WINDOWS\system32\Tasks\OneDrive Standalone Update
Task-S-1-5-21-3491684324-3942835478-4158577442-500
2022-03-04 23:44 - 2022-03-04 23:44 - 000002016 _____
C:\WINDOWS\system32\Tasks\Mirkat
2022-03-04 23:44 - 2022-03-04 23:44 - 000000000 ____D
C:\WINDOWS\system32\Tasks\McAfee
2022-03-04 23:44 - 2022-03-04 20:18 - 000002854 _____
C:\WINDOWS\system32\Tasks\OneDrive Standalone Update
Task-S-1-5-21-2401875139-142509759-3100419400-500
2022-03-04 23:44 - 2020-11-26 19:06 - 000003390 _____
C:\WINDOWS\system32\Tasks\OneDrive Standalone Update
Task-S-1-5-21-2623500204-34688127-2264388554-500
2022-03-04 23:44 - 2020-11-19 01:38 - 000003394 _____
C:\WINDOWS\system32\Tasks\OneDrive Standalone Update
Task-S-1-5-21-3538912014-3826891016-3662973680-500
2022-03-04 23:43 - 2022-03-04 23:44 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2022-03-04 23:43 - 2022-03-04 23:44 - 000011433 _____ C:\WINDOWS\diagerr.xml
2022-03-04 23:39 - 2022-03-09 19:11 - 000803404 _____
C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-04 23:33 - 2022-03-11 10:28 - 000000000 ____D
C:\WINDOWS\system32\SleepStudy
2022-03-04 23:32 - 2022-03-09 19:07 - 000470256 _____
C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-04 23:31 - 2022-03-04 23:45 - 000000000 ____D C:\Windows.old
2022-03-04 22:53 - 2022-03-04 23:32 - 000000000 ____D
C:\WINDOWS\system32\config\bbimigrate
2022-03-04 22:52 - 2022-03-10 17:13 - 000000000 ____D C:\WINDOWS\system32\AMD
2022-03-04 22:52 - 2022-03-04 23:47 - 000000000 ____D C:\Users\fabfi
2022-03-04 22:52 - 2022-03-04 22:52 - 000000000 ____D
C:\WINDOWS\system32\dolbyaposvc
2022-03-04 22:52 - 2022-03-04 22:52 - 000000000 ____D C:\WINDOWS\Lenovo
2022-03-04 22:52 - 2021-06-05 06:04 - 000001281 _____
C:\Users\fabfi\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Administrative Tools.lnk
2022-03-04 22:52 - 2021-06-05 06:04 - 000000407 _____
C:\Users\fabfi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File
Explorer.lnk
2022-03-04 22:50 - 2022-03-04 22:53 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-03-04 22:45 - 2022-03-04 22:45 - 000000000 ____D
C:\WINDOWS\system32\HealthAttestationClient
2022-03-04 22:32 - 2022-03-04 22:32 - 000523776 _____ (curl, hxxps://curl.se/)
C:\WINDOWS\system32\curl.exe
2022-03-04 22:32 - 2022-03-04 22:32 - 000464384 _____ (curl, hxxps://curl.se/)
C:\WINDOWS\SysWOW64\curl.exe
2022-03-04 22:32 - 2022-03-04 22:32 - 000311296 _____
C:\WINDOWS\system32\EsclScan.dll
2022-03-04 22:32 - 2022-03-04 22:32 - 000253952 _____ (Microsoft Corporation)
C:\WINDOWS\system32\ssText3d.scr
2022-03-04 22:32 - 2022-03-04 22:32 - 000247808 _____
C:\WINDOWS\SysWOW64\pku2u.dll
2022-03-04 22:32 - 2022-03-04 22:32 - 000188416 _____
C:\WINDOWS\system32\EsclProtocol.dll
2022-03-04 22:32 - 2022-03-04 22:32 - 000013824 _____
C:\WINDOWS\SysWOW64\prxyqry.dll
2022-03-04 22:32 - 2022-03-04 22:32 - 000009522 _____
C:\WINDOWS\system32\ResPriUHMImageList
2022-03-04 22:32 - 2022-03-04 22:32 - 000009522 _____
C:\WINDOWS\system32\ResPriImageList
2022-03-04 22:32 - 2022-03-04 22:32 - 000009522 _____
C:\WINDOWS\system32\ResPriHMImageList
2022-03-04 22:32 - 2022-03-04 22:32 - 000009402 _____
C:\WINDOWS\system32\ResPriHMImageListLowCost
2022-03-04 22:32 - 2022-03-04 22:32 - 000008964 _____
C:\WINDOWS\system32\ResPriLMImageList
2022-03-04 22:32 - 2022-03-04 22:32 - 000008870 _____
C:\WINDOWS\system32\ResPriImageListLowCost
2022-03-04 22:31 - 2022-03-04 22:31 - 000617648 _____
C:\WINDOWS\SysWOW64\TextShaping.dll
2022-03-04 22:31 - 2022-03-04 22:31 - 000425984 _____
C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-03-04 22:31 - 2022-03-04 22:31 - 000339968 _____
C:\WINDOWS\system32\pku2u.dll
2022-03-04 22:31 - 2022-03-04 22:31 - 000267264 _____
C:\WINDOWS\SysWOW64\Windows.Internal.UI.Dialogs.dll
2022-03-04 22:31 - 2022-03-04 22:31 - 000221184 _____
C:\WINDOWS\SysWOW64\Microsoft.Internal.FrameworkUdk.System.dll
2022-03-04 22:31 - 2022-03-04 22:31 - 000121344 _____
C:\WINDOWS\SysWOW64\TpmTool.exe
2022-03-04 22:31 - 2022-03-04 22:31 - 000077824 _____
C:\WINDOWS\system32\APMonUI.dll
2022-03-04 22:31 - 2022-03-04 22:31 - 000041594 _____
C:\WINDOWS\SysWOW64\ctac.json
2022-03-04 22:31 - 2022-03-04 22:31 - 000040960 _____
C:\WINDOWS\system32\prxyqry.dll
2022-03-04 22:31 - 2022-03-04 22:31 - 000036864 _____
C:\WINDOWS\system32\umpodev.dll
2022-03-04 22:31 - 2022-03-04 22:31 - 000006656 _____
C:\WINDOWS\SysWOW64\nrtapi.dll
2022-03-04 22:31 - 2022-03-04 22:31 - 000003366 _____
C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2022-03-04 22:30 - 2022-03-04 22:30 - 000360448 _____
C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-03-04 22:30 - 2022-03-04 22:30 - 000335872 _____
C:\WINDOWS\system32\Windows.Internal.UI.Dialogs.dll
2022-03-04 22:30 - 2022-03-04 22:30 - 000286720 _____
C:\WINDOWS\system32\AggregatorHost.exe
2022-03-04 22:30 - 2022-03-04 22:30 - 000099560 _____
C:\WINDOWS\system32\wow64con.dll
2022-03-04 22:30 - 2022-03-04 22:30 - 000077824 _____
C:\WINDOWS\system32\runexehelper.exe
2022-03-04 22:30 - 2022-03-04 22:30 - 000024576 _____
C:\WINDOWS\system32\nrtapi.dll
2022-03-04 22:30 - 2022-03-04 22:30 - 000003366 _____
C:\WINDOWS\system32\AppxProvisioning.xml
2022-03-04 22:29 - 2022-03-04 22:29 - 000727576 _____
C:\WINDOWS\system32\TextShaping.dll
2022-03-04 22:29 - 2022-03-04 22:29 - 000614400 _____
C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-03-04 22:29 - 2022-03-04 22:29 - 000180224 _____
C:\WINDOWS\system32\CloudExperienceHostRedirection.dll
2022-03-04 22:28 - 2022-03-04 22:28 - 000339968 _____
C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-03-04 22:28 - 2022-03-04 22:28 - 000311296 _____
C:\WINDOWS\system32\Microsoft.Internal.FrameworkUdk.System.dll
2022-03-04 22:28 - 2022-03-04 22:28 - 000258048 _____
C:\WINDOWS\system32\CoreMas.dll
2022-03-04 22:28 - 2022-03-04 22:28 - 000208896 _____
C:\WINDOWS\system32\IHDS.dll
2022-03-04 22:28 - 2022-03-04 22:28 - 000172032 _____
C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-03-04 22:28 - 2022-03-04 22:28 - 000167936 _____
C:\WINDOWS\system32\TpmTool.exe
2022-03-04 22:28 - 2022-03-04 22:28 - 000041594 _____
C:\WINDOWS\system32\ctac.json
2022-03-04 22:06 - 2022-03-04 22:06 - 000008192 _____
C:\WINDOWS\system32\config\userdiff
2022-03-04 21:23 - 2022-03-04 23:47 - 000000000 ___DC C:\WINDOWS\Panther
2022-03-04 21:23 - 2022-03-04 21:23 - 000000000 _SHDL C:\Documents and Settings
2022-03-04 21:22 - 2022-03-04 21:22 - 000016631 _____ C:\WINDOWS\PLDDATA.XML
2022-03-04 21:11 - 2022-03-04 21:11 - 000000000 ____D
C:\Users\fabfi\AppData\Local\OneDrive
2022-03-04 21:08 - 2022-03-04 21:08 - 008230258 ____H C:\WINDOWS\MFGSTAT.zip
2022-03-04 21:05 - 2022-03-08 16:21 - 000000000 ____D C:\Program Files\Microsoft
Update Health Tools
2022-03-04 21:01 - 2022-03-04 21:01 - 000001153 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-03-04 21:01 - 2022-03-04 21:01 - 000000000 ____D C:\Program
Files\PCHealthCheck
2022-03-04 21:01 - 2022-03-04 19:59 - 000000000 ____D C:\Program
Files\McAfeeOSDetection
2022-03-04 20:59 - 2022-03-04 20:59 - 000000000 ____D C:\Program Files
(x86)\Lenovo
2022-03-04 20:56 - 2022-03-04 21:02 - 000000000 ____D C:\ProgramData\Realtek
2022-03-04 20:53 - 2022-03-04 20:53 - 000000533 _____
C:\WINDOWS\system32\regtest.txt
2022-03-04 20:53 - 2022-03-04 20:53 - 000000000 ____D C:\ProgramData\Dolby
2022-03-04 20:52 - 2022-03-08 16:20 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-04 20:52 - 2022-03-04 20:52 - 000000000 ____D C:\Program Files\AMD
2022-03-04 20:38 - 2022-03-05 19:59 - 000000000 ____D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-03-04 20:38 - 2022-03-04 20:38 - 000002458 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2022-03-04 20:38 - 2022-03-04 20:38 - 000002457 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2022-03-04 20:38 - 2022-03-04 20:38 - 000002421 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2022-03-04 20:38 - 2022-03-04 20:38 - 000002420 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2022-03-04 20:38 - 2022-03-04 20:38 - 000002414 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2022-03-04 20:38 - 2022-03-04 20:38 - 000002408 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2022-03-04 20:38 - 2022-03-04 20:38 - 000002400 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2022-03-04 20:37 - 2022-03-04 20:37 - 000000000 ____D C:\Program Files\Common
Files\DESIGNER
2022-03-04 20:34 - 2022-03-11 04:47 - 000000000 ____D C:\Program Files\Microsoft
Office
2022-03-04 20:34 - 2022-03-04 20:34 - 000000000 ____D C:\Program Files\Microsoft
Office 15
2022-03-04 20:34 - 2022-03-04 20:34 - 000000000 ____D C:\Program Files\Lenovo
2022-03-04 20:33 - 2022-03-04 20:05 - 000000000 ____D C:\ProgramData\Lenovo
2022-03-04 20:33 - 2022-01-28 22:04 - 000109312 _____ (Lenovo Group Ltd.)
C:\WINDOWS\system32\ImController.CoInstaller.dll
2022-03-04 20:23 - 2022-03-04 21:08 - 000001222 _____ C:\WINDOWS\machineinfo.sav
2022-03-04 20:23 - 2022-03-04 20:23 - 000000018 _____
C:\WINDOWS\SysWOW64\Drivers\17AA_LENOVO_L340-15API_Laptop_(ideapad)_81LW.MRK
2022-03-04 20:23 - 2022-03-04 20:23 - 000000006 _____ C:\WINDOWS\core.ver
2022-03-04 20:16 - 2022-03-04 20:16 - 000000000 ____D
C:\Users\fabfi\AppData\Local\Comms
2022-03-04 20:14 - 2022-03-05 03:12 - 000000000 ____D
C:\Users\fabfi\AppData\Local\Publishers
2022-03-04 20:06 - 2022-03-09 19:14 - 000001978 _____
C:\WINDOWS\storelibdebug.txt
2022-03-04 20:04 - 2022-03-04 20:04 - 000001086 _____
C:\Users\fabfi\Desktop\YouTube.lnk
2022-03-04 20:00 - 2022-03-08 01:54 - 000000000 ___RD C:\Users\fabfi\OneDrive
2022-03-04 20:00 - 2022-03-04 20:00 - 000000000 ___HD C:\OneDriveTemp
2022-03-04 19:59 - 2022-03-09 19:32 - 000000000 ____D
C:\Users\fabfi\AppData\Local\PlaceholderTileLogoFolder
2022-03-04 19:59 - 2022-03-04 19:59 - 000000000 ____D
C:\ProgramData\mcafeeintegrationservice
2022-03-04 19:59 - 2022-03-04 19:59 - 000000000 ____D C:\ProgramData\McAfee
2022-03-04 19:59 - 2022-03-04 19:59 - 000000000 ____D C:\Program Files\Common
Files\McAfee
2022-03-04 19:59 - 2022-03-04 19:59 - 000000000 ____D C:\Program Files\Common
Files\DynamicAppDownloader
2022-03-04 19:58 - 2022-03-08 11:18 - 000000000 ____D
C:\Users\fabfi\AppData\Local\AMD
2022-03-04 19:57 - 2022-03-10 01:31 - 000000000 ____D
C:\Users\fabfi\AppData\Local\D3DSCache
2022-03-04 19:57 - 2022-03-09 23:36 - 000000000 ____D
C:\Users\fabfi\AppData\Local\Packages
2022-03-04 19:57 - 2022-03-07 02:01 - 000000000 ____D
C:\Users\fabfi\AppData\Local\ConnectedDevicesPlatform
2022-03-04 19:57 - 2022-03-04 23:48 - 000002359 _____
C:\Users\fabfi\Desktop\Microsoft Edge.lnk
2022-03-04 19:57 - 2022-03-04 20:02 - 000000000 ____D
C:\Users\fabfi\AppData\Local\Lenovo
2022-03-04 19:57 - 2022-03-04 19:57 - 000000000 ___RD C:\Users\fabfi\3D Objects
2022-03-04 19:57 - 2022-03-04 19:57 - 000000000 ____D
C:\Users\fabfi\AppData\Roaming\Adobe
2022-03-04 19:57 - 2022-03-04 19:57 - 000000000 ____D
C:\Users\fabfi\AppData\LocalLow\AMD
2022-03-04 19:57 - 2022-03-04 19:57 - 000000000 ____D
C:\Users\fabfi\AppData\Local\VirtualStore
2022-03-04 19:52 - 2022-03-04 19:43 - 000000012 _____ C:\WINDOWS\csup.txt
2022-03-04 19:48 - 2020-12-23 10:30 - 006005344 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2022-03-04 19:48 - 2020-12-23 10:30 - 000018824 _____
C:\WINDOWS\system32\RtEventLog.dll
2022-03-04 19:48 - 2020-12-23 10:20 - 043605683 _____
C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2022-03-04 19:48 - 2020-12-20 03:42 - 061476472 _____ (Fortemedia Corporation)
C:\WINDOWS\system32\FMAPO64.dll
2022-03-04 19:48 - 2020-12-20 03:42 - 006702448 _____ (Fortemedia Corporation)
C:\WINDOWS\system32\FMPCHAPO64.dll
2022-03-04 19:48 - 2020-12-20 03:42 - 004848952 _____ (Fortemedia)
C:\WINDOWS\system32\FM_Speech_PP64.dll
2022-03-04 19:48 - 2020-12-20 03:42 - 000659080 _____
C:\WINDOWS\system32\FMAPP.exe
2022-03-04 19:48 - 2020-12-20 03:42 - 000334728 _____ (Fortemedia)
C:\WINDOWS\system32\FMService64.exe
2022-03-04 19:48 - 2020-12-20 03:34 - 000004244 _____
C:\WINDOWS\system32\Drivers\SAMSfpa_17AA381D.dat
2022-03-04 19:48 - 2020-10-14 00:49 - 000818528 _____ (Realtek Semiconductor
Corporation) C:\WINDOWS\system32\Drivers\RtkBtfilter.sys
2022-03-04 19:48 - 2020-10-14 00:49 - 000775744 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\RtkBtManServ.exe
2022-03-04 19:48 - 2020-10-14 00:49 - 000070772 _____
C:\WINDOWS\rtl8761a_mp_chip_bt40_fw_asic_rom_patch_8192ee_new
2022-03-04 19:48 - 2020-10-14 00:49 - 000060444 _____
C:\WINDOWS\rtl8822c_mp_chip_bt40_fw_asic_rom_patch_new
2022-03-04 19:48 - 2020-10-14 00:49 - 000051856 _____
C:\WINDOWS\rtl8821c_mp_chip_bt40_fw_asic_rom_patch_new
2022-03-04 19:48 - 2020-10-14 00:49 - 000050472 _____
C:\WINDOWS\rtl8822b_mp_chip_bt40_fw_asic_rom_patch_new
2022-03-04 19:48 - 2020-10-14 00:49 - 000050244 _____
C:\WINDOWS\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new
2022-03-04 19:48 - 2020-10-14 00:49 - 000050192 _____
C:\WINDOWS\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new_s1
2022-03-04 19:48 - 2020-10-14 00:49 - 000038208 _____
C:\WINDOWS\rtl8821a_mp_chip_bt40_fw_asic_rom_patch_new
2022-03-04 19:48 - 2020-10-14 00:49 - 000004080 _____ C:\WINDOWS\PidVid_List
2022-03-04 19:48 - 2020-08-23 07:48 - 011573336 _____ (Realtek Semiconductor
Corporation ) C:\WINDOWS\system32\Drivers\rtwlane.sys
2022-03-04 19:48 - 2020-08-23 07:37 - 000410191 _____
C:\WINDOWS\system32\Drivers\rtldata.txt
2022-03-04 19:48 - 2020-08-20 22:06 - 000049664 _____ (McAfee)
C:\WINDOWS\system32\Drivers\McAfeeIntegrationDriver.sys
2022-03-04 19:48 - 2020-07-20 21:16 - 006041856 _____ (Realtek Semiconductor
Corp.) C:\WINDOWS\system32\RsDMFT64.dll
2022-03-04 19:48 - 2020-06-11 11:35 - 000088176 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\system32\Drivers\amdlog.sys
2022-03-04 19:48 - 2020-06-08 19:57 - 000107936 _____ (Advanced Micro Devices)
C:\WINDOWS\system32\Drivers\AtihdWT6.sys
2022-03-04 19:48 - 2020-06-01 06:13 - 001146456 _____ (Realtek )
C:\WINDOWS\system32\Drivers\rt640x64.sys
2022-03-04 19:48 - 2020-03-29 09:48 - 001269184 _____ (ELAN Microelectronics
Corp.) C:\WINDOWS\system32\ETDCtrl.exe
2022-03-04 19:48 - 2020-03-29 09:48 - 000743872 _____ (ELAN Microelectronics
Corp.) C:\WINDOWS\system32\Drivers\ETD.sys
2022-03-04 19:48 - 2020-03-29 09:48 - 000642496 _____ (ELAN Microelectronics
Corp.) C:\WINDOWS\system32\ETDCmds.dll
2022-03-04 19:48 - 2020-03-29 09:48 - 000509376 _____ (ELAN Microelectronic
Corp.) C:\WINDOWS\system32\ETDApix.dll
2022-03-04 19:48 - 2020-03-29 09:48 - 000470976 _____ (ELAN Microelectronics
Corp.) C:\WINDOWS\system32\ETDFavorite.dll
2022-03-04 19:48 - 2020-03-29 09:48 - 000464832 _____ (ELAN Microelectronics
Corp.) C:\WINDOWS\system32\ETDUn_inst.exe
2022-03-04 19:48 - 2020-03-29 09:48 - 000431040 _____ (ELAN Microelectronic
Corp.) C:\WINDOWS\system32\ETDApi.dll
2022-03-04 19:48 - 2020-03-29 09:48 - 000427456 _____ (ELAN Microelectronics
Corp.) C:\WINDOWS\system32\LenovoAPI.dll
2022-03-04 19:48 - 2020-03-29 09:48 - 000399296 _____ (ELAN Microelectronics
Corp.) C:\WINDOWS\system32\ETDCtrlHelper.exe
2022-03-04 19:48 - 2020-03-29 09:48 - 000254912 _____ (ELAN Microelectronics
Corp.) C:\WINDOWS\system32\ETDService.exe
2022-03-04 19:48 - 2020-03-29 09:48 - 000134080 _____ (ELAN Microelectronics
Corp.) C:\WINDOWS\system32\ETDTouch.exe
2022-03-04 19:48 - 2020-03-29 09:48 - 000030144 _____ (ELAN Microelectronics
Corp.) C:\WINDOWS\system32\Drivers\ETDHCF.sys
2022-03-04 19:47 - 2020-09-21 06:59 - 001792536 _____
C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-03-04 19:47 - 2020-09-21 06:59 - 001792536 _____
C:\WINDOWS\system32\vulkaninfo.exe
2022-03-04 19:47 - 2020-09-21 06:59 - 001382944 _____
C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-03-04 19:47 - 2020-09-21 06:59 - 001382944 _____
C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-03-04 19:47 - 2020-09-21 06:59 - 001093984 _____
C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 001093984 _____
C:\WINDOWS\system32\vulkan-1.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000952832 _____
C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000952832 _____
C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000745504 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000629792 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000505376 _____
C:\WINDOWS\system32\GameManager64.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000501792 _____
C:\WINDOWS\system32\dgtrayicon.exe
2022-03-04 19:47 - 2020-09-21 06:59 - 000441376 _____
C:\WINDOWS\system32\EEURestart.exe
2022-03-04 19:47 - 2020-09-21 06:59 - 000388640 _____
C:\WINDOWS\SysWOW64\GameManager32.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000348192 _____
C:\WINDOWS\system32\clinfo.exe
2022-03-04 19:47 - 2020-09-21 06:59 - 000195616 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\mantle64.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000175648 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\atisamu64.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000175136 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000165408 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000151072 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000149536 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000099360 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\mcl64.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000084000 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\mcl32.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000055336 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000052256 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000028400 _____ (Microsoft Corporation)
C:\WINDOWS\SysWOW64\detoured.dll
2022-03-04 19:47 - 2020-09-21 06:59 - 000028400 _____ (Microsoft Corporation)
C:\WINDOWS\system32\detoured.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 071039000 _____ (Advanced Micro Devices
Inc.) C:\WINDOWS\system32\amdhip64.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 064827424 _____
C:\WINDOWS\system32\amd_comgr.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 053693472 _____
C:\WINDOWS\SysWOW64\amd_comgr32.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 004639264 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\system32\amfrt64.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 004149792 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 001782816 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\system32\atiadlxx.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 001350176 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 001350176 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000949784 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\system32\amdlvr64.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000777248 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000769056 _____ (AMD)
C:\WINDOWS\system32\atieclxx.exe
2022-03-04 19:47 - 2020-09-21 06:58 - 000562208 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000498208 _____
C:\WINDOWS\system32\amdgfxinfo64.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000477216 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\system32\atidemgy.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000475168 _____
C:\WINDOWS\system32\amdlogum.exe
2022-03-04 19:47 - 2020-09-21 06:58 - 000464928 _____
C:\WINDOWS\system32\atieah64.exe
2022-03-04 19:47 - 2020-09-21 06:58 - 000392224 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000388632 _____
C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000360480 _____
C:\WINDOWS\SysWOW64\atieah32.exe
2022-03-04 19:47 - 2020-09-21 06:58 - 000253984 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\atig6txx.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000221728 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000206936 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\system32\amdihk64.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000191016 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\aticfx64.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000176024 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000167272 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000144416 _____ (AMD)
C:\WINDOWS\system32\atimuixx.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000143392 _____ (Khronos Group)
C:\WINDOWS\system32\OpenCL.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000134176 _____
C:\WINDOWS\system32\atidxx64.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000131104 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\amdxc64.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000129056 _____ (Khronos Group)
C:\WINDOWS\SysWOW64\OpenCL.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000116256 _____
C:\WINDOWS\SysWOW64\atidxx32.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000115752 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2022-03-04 19:47 - 2020-09-21 06:58 - 000078880 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\system32\ati2erec.dll
2022-03-04 19:47 - 2020-09-21 06:57 - 001709336 _____ (AMD)
C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2022-03-04 19:47 - 2020-09-21 06:57 - 001385840 _____ (AMD)
C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2022-03-04 19:47 - 2020-09-21 06:57 - 000560216 _____
C:\WINDOWS\system32\amdmiracast.dll
2022-03-04 19:47 - 2020-09-21 06:57 - 000145832 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\amdave64.dll
2022-03-04 19:47 - 2020-09-21 06:57 - 000140088 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\atimpc64.dll
2022-03-04 19:47 - 2020-09-21 06:57 - 000140088 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2022-03-04 19:47 - 2020-09-21 06:57 - 000129976 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2022-03-04 19:47 - 2020-09-21 06:57 - 000117824 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2022-03-04 19:47 - 2020-09-21 06:57 - 000117816 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2022-03-04 19:47 - 2020-09-21 06:37 - 003471376 _____
C:\WINDOWS\SysWOW64\atiumdva.cap
2022-03-04 19:47 - 2020-09-21 06:37 - 003437632 _____
C:\WINDOWS\system32\atiumd6a.cap
2022-03-04 19:47 - 2020-09-21 06:37 - 000544256 _____
C:\WINDOWS\SysWOW64\atiapfxx.blb
2022-03-04 19:47 - 2020-09-21 06:37 - 000544256 _____
C:\WINDOWS\system32\atiapfxx.blb
2022-03-04 19:47 - 2020-09-21 06:37 - 000204952 _____
C:\WINDOWS\SysWOW64\ativvsvl.dat
2022-03-04 19:47 - 2020-09-21 06:37 - 000204952 _____
C:\WINDOWS\system32\ativvsvl.dat
2022-03-04 19:47 - 2020-09-21 06:37 - 000157144 _____
C:\WINDOWS\SysWOW64\ativvsva.dat
2022-03-04 19:47 - 2020-09-21 06:37 - 000157144 _____
C:\WINDOWS\system32\ativvsva.dat
2022-03-04 19:47 - 2020-09-21 06:37 - 000154384 _____
C:\WINDOWS\system32\samu_krnl_ci.sbin
2022-03-04 19:47 - 2020-09-21 06:37 - 000138832 _____
C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2022-03-04 19:47 - 2020-09-21 06:37 - 000125488 _____
C:\WINDOWS\system32\kapp_ci.sbin
2022-03-04 19:47 - 2020-09-21 06:37 - 000121168 _____
C:\WINDOWS\system32\kapp_si.sbin
2022-03-04 19:47 - 2020-09-21 06:36 - 000069770 _____
C:\WINDOWS\system32\AMDKernelEvents.man
2022-03-04 19:47 - 2020-08-26 10:28 - 000065320 _____ (Advanced Micro Devices,
Inc) C:\WINDOWS\system32\Drivers\amdi2c.sys
2022-03-04 19:47 - 2020-06-11 11:35 - 000486320 _____ (Advanced Micro Devices,
Inc.) C:\WINDOWS\system32\amdlogsr.exe
2022-03-04 19:47 - 2020-03-23 21:11 - 000482320 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\tbaseregistry64.dll
2022-03-04 19:47 - 2020-03-23 21:11 - 000442384 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\amdtee_api.dll
2022-03-04 19:47 - 2020-03-23 21:11 - 000433680 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\t-base_client_api.dll
2022-03-04 19:47 - 2020-03-23 21:11 - 000384016 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\tbaseregistry32.dll
2022-03-04 19:47 - 2020-03-23 21:11 - 000355856 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\amdtee_api.dll
2022-03-04 19:47 - 2020-03-23 21:11 - 000347152 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\SysWOW64\t-base_client_api.dll
2022-03-04 19:47 - 2020-03-23 21:11 - 000135184 _____ (Advanced Micro Devices,
Inc. ) C:\WINDOWS\system32\Drivers\amdpsp.sys
2022-03-04 19:47 - 2020-03-15 19:50 - 000046344 _____ (Advanced Micro Devices,
Inc) C:\WINDOWS\system32\Drivers\amdgpio2.sys
2022-03-04 19:46 - 2022-01-28 22:04 - 000109312 _____ (Lenovo Group Ltd.)
C:\WINDOWS\system32\WudfUpdate_02000.dll
2022-03-04 19:46 - 2022-01-28 22:04 - 000064256 _____ (Lenovo Group Ltd.)
C:\WINDOWS\system32\ImController.InfInstaller.exe
2022-03-04 19:46 - 2022-01-28 22:03 - 000431016 _____ (Lenovo Group Limited)
C:\WINDOWS\system32\iMDriverHelper.dll
2022-03-04 19:35 - 2022-03-04 19:37 - 000002167 _____
C:\WINDOWS\system32\InstallUtil.InstallLog
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-11 11:57 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-03-11 01:00 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-11 01:00 - 2021-06-05 06:10 - 000000000 ____D
C:\ProgramData\regid.1991-06.com.microsoft
2022-03-09 23:36 - 2021-06-05 06:10 - 000000000 ___HD C:\Program
Files\WindowsApps
2022-03-09 23:36 - 2020-11-19 01:33 - 000000000 ____D C:\ProgramData\Packages
2022-03-09 19:11 - 2021-06-05 06:09 - 000000000 ____D C:\WINDOWS\INF
2022-03-09 19:06 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-09 19:06 - 2020-11-26 18:59 - 000012288 ___SH C:\DumpStack.log.tmp
2022-03-09 19:05 - 2021-06-05 06:01 - 000524288 _____
C:\WINDOWS\system32\config\BBI
2022-03-09 19:04 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-09 19:04 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-09 19:04 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-09 04:05 - 2020-11-19 01:32 - 000002445 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-08 17:14 - 2021-06-05 06:01 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-08 02:33 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-03-07 23:38 - 2021-06-05 06:10 - 000000000 ____D
C:\WINDOWS\LiveKernelReports
2022-03-07 16:37 - 2021-06-05 06:10 - 000000000 ___RD
C:\WINDOWS\ImmersiveControlPanel
2022-03-07 16:37 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-03-07 16:37 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-03-07 16:37 - 2021-06-05 06:10 - 000000000 ____D
C:\WINDOWS\system32\appraiser
2022-03-07 16:37 - 2021-06-05 06:10 - 000000000 ____D
C:\WINDOWS\PolicyDefinitions
2022-03-05 20:00 - 2021-06-05 06:10 - 000000000 ____D C:\Program Files\Common
Files\microsoft shared
2022-03-05 04:34 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\appcompat
2022-03-05 01:53 - 2021-06-05 06:10 - 000000000 ____D C:\Program Files\Windows
Defender
2022-03-05 01:53 - 2020-11-19 01:30 - 000000000 ____D
C:\WINDOWS\system32\Drivers\wd
2022-03-05 01:30 - 2021-06-05 06:10 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-03-05 00:03 - 2021-06-05 06:01 - 000000000 ____D C:\WINDOWS\servicing
2022-03-04 23:48 - 2020-11-19 01:33 - 000000000 __RHD
C:\Users\Public\AccountPictures
2022-03-04 23:44 - 2021-06-05 06:01 - 000032768 _____
C:\WINDOWS\system32\config\ELAM
2022-03-04 23:38 - 2021-06-05 06:10 - 000000000 __RHD C:\Users\Public\Libraries
2022-03-04 23:33 - 2021-06-05 06:08 - 000028672 _____
C:\WINDOWS\system32\config\BCD-Template
2022-03-04 23:32 - 2021-06-05 06:10 - 000000000 ____D
C:\WINDOWS\system32\WinBioDatabase
2022-03-04 23:32 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\spool
2022-03-04 23:32 - 2019-12-07 03:14 - 000000000 ____D
C:\WINDOWS\system32\Tasks_Migrated
2022-03-04 23:32 - 2019-12-07 03:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-03-04 23:04 - 2021-06-05 06:14 - 000000000 ____D C:\WINDOWS\Setup
2022-03-04 22:57 - 2021-06-05 06:10 - 000000000 ____D C:\ProgramData\USOPrivate
2022-03-04 22:45 - 2021-06-05 07:17 - 000000000 ____D C:\Program Files\Windows
Photo Viewer
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ___SD
C:\WINDOWS\SysWOW64\DiagSvcs
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ___SD
C:\WINDOWS\system32\DiagSvcs
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D
C:\WINDOWS\SysWOW64\WinMetadata
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D
C:\WINDOWS\system32\WinMetadata
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D
C:\WINDOWS\system32\WinBioPlugIns
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D
C:\WINDOWS\system32\ShellExperiences
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\setup
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D
C:\WINDOWS\system32\PerceptionSimulation
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\id-ID
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D
C:\WINDOWS\ShellExperiences
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\Provisioning
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\WINDOWS\DiagTrack
2022-03-04 22:45 - 2021-06-05 06:10 - 000000000 ____D C:\Program Files\Common
Files\System
2022-03-04 22:44 - 2021-06-05 07:17 - 000032768 _____ (Microsoft Corporation)
C:\WINDOWS\system32\OEMDefaultAssociations.dll
2022-03-04 22:44 - 2021-06-05 07:17 - 000021047 _____
C:\WINDOWS\system32\OEMDefaultAssociations.xml
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2022
Ran by fabfi (11-03-2022 12:00:58)
Running from C:\Users\fabfi\Desktop
Microsoft Windows 11 Home Version 21H2 22000.556 (X64) (2022-03-05 05:45:13)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3491684324-3942835478-4158577442-500 - Administrator -
Disabled)
DefaultAccount (S-1-5-21-3491684324-3942835478-4158577442-503 - Limited -
Disabled)
fabfi (S-1-5-21-3491684324-3942835478-4158577442-1001 - Administrator - Enabled)
=> C:\Users\fabfi
Guest (S-1-5-21-3491684324-3942835478-4158577442-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3491684324-3942835478-4158577442-504 - Limited -
Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.51 - Google LLC)
Lenovo Service Bridge
(HKU\S-1-5-21-3491684324-3942835478-4158577442-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1)
(Version: 5.0.2.9 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.11.20.0 -
Lenovo Group Ltd.)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version:
16.0.14931.20132 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.36 - Microsoft
Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version:
99.0.1150.36 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{4812E2CC-BAA9-49AE-B310-DA845882322B})
(Version: 4.66.0.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component
(HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20010 -
Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component
(HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14931.20094 -
Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component
(HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.20616 -
Microsoft Corporation) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91})
(Version: 3.2.2110.14001 - Microsoft Corporation)
Packages:
=========
Amazon Prime Video for Windows -> C:\Program
Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.91.0_x64__pwbj9vvecjh7j
[2022-03-09] (Amazon Development Centre (London) Ltd)
AMD Radeon Software -> C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m
[2022-03-04] (Advanced Micro Devices Inc.) [Startup Task]
Dolby Audio -> C:\Program
Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20800.804.0_x64__rz1tebttyb220
[2022-03-04] (Dolby Laboratories)
HP Smart -> C:\Program
Files\WindowsApps\AD2F1837.HPPrinterControl_134.1.221.0_x64__v10z8vjag6ke6
[2022-03-08] (HP Inc.)
Lenovo Hotkeys -> C:\Program
Files\WindowsApps\E0469640.LenovoUtility_4.2.33.0_x64__5grkq8ppsgwt4
[2022-03-04] (LENOVO INC) [Startup Task]
Lenovo Vantage -> C:\Program
Files\WindowsApps\E046963F.LenovoCompanion_10.2202.9.0_x64__k1h2ywk1493x8
[2022-03-04] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program
Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe
[2022-03-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program
Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe
[2022-03-04] (Microsoft Corporation) [MS Ad]
OneDrive -> C:\Program
Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x64__8wekyb3d8bbwe
[2022-03-05] (Microsoft Corporation)
Photos Add-on -> C:\Program
Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe
[2022-03-07] (Microsoft Corporation)
Photos Media Engine Add-on -> C:\Program
Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe
[2022-03-07] (Microsoft Corporation)
Power2Go for Lenovo -> C:\Program
Files\WindowsApps\CyberLinkCorp.th.Power2GoforLenovo_8.0.12518.0_x86__m916jedk64snt
[2022-03-04] (CYBERLINKCOM CORPORATION) [Startup Task]
PowerDVD for Lenovo -> C:\Program
Files\WindowsApps\CyberLinkCorp.th.PowerDVDforLenovo_14.2.4112.0_x86__m916jedk64snt
[2022-03-04] (CYBERLINKCOM CORPORATION)
Realtek Audio Control -> C:\Program
Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.22.240.0_x64__dt26b99r8h8gj
[2022-03-04] (Realtek Semiconductor Corp)
Windows Package Manager Source (winget) -> C:\Program
Files\WindowsApps\Microsoft.Winget.Source_2022.306.2114.423_neutral__8wekyb3d8bbwe
[2022-03-06] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Pinned Sites\MSEdge._pin_dfmohblocfbldmimjbjomogdom\Amazon.lnk ->
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft
Corporation) -> --pin-url=hxxps://www.amazon.com/ --profile-directory=Default
ShortcutWithArgument: C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Pinned Sites\MSEdge._pin_agjbdfdjmphpkcblilljboheco\Microsoft
Live.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe
(Microsoft Corporation) -> --pin-url=hxxps://www.live.com/
--profile-directory=Default
ShortcutWithArgument: C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Pinned Sites\MSEdge._pin_adnlfjpnmiaohpidplnoimahfh\YouTube.lnk ->
C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft
Corporation) -> --pin-url=hxxps://www.youtube.com/ --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2022-03-04 20:57 - 2022-03-04 20:57 - 000017920 _____ () [File not signed]
C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\libEGL.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 003567616 _____ () [File not signed]
C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\libGLESv2.dll
2022-03-04 23:10 - 2022-03-04 23:10 - 000258048 _____ () [File not signed]
C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\WirelessVR-windesktop64.dll
2022-03-04 20:37 - 2022-03-04 20:37 - 000000000 ____L (Microsoft Corporation)
[simlink -> C:\Program Files\Common Files\Microsoft
Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft
Office\root\Client\AppVIsvSubsystems64.dll
2022-03-04 20:37 - 2022-03-04 20:37 - 000000000 ____L (Microsoft Corporation)
[simlink -> C:\Program Files\Common Files\Microsoft
Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft
Office\root\Office16\AppVIsvSubsystems64.dll
2022-03-04 20:37 - 2022-03-04 20:37 - 000000000 ____L (Microsoft Corporation)
[simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll]
C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000031744 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qgif.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000039424 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qicns.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000031744 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qico.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000413696 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qjpeg.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000025088 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qsvg.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000025088 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qtga.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000023552 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qwbmp.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000519168 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\imageformats\qwebp.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 001431040 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\platforms\qwindows.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 001180672 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\sqldrivers\qsqlite.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000135680 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\plugins\styles\qwindowsvistastyle.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 006010880 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Core.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 006345216 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Gui.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 001078272 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Network.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000313856 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Positioning.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 004000256 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Qml.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 003802624 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Quick.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000171008 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QuickControls2.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 001083904 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5QuickTemplates2.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000205312 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Sql.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000329728 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Svg.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000113152 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebChannel.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000376320 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebEngine.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 092323328 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WebEngineCore.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 005560832 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Widgets.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000463360 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5WinExtras.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000188416 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5Xml.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 002888704 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\Qt5XmlPatterns.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000053760 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000059392 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000017408 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick.2\qtquick2plugin.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000287232 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000329216 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Controls\qtquickcontrolsplugin.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000136192 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Dialogs\dialogplugin.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000089088 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Layouts\qquicklayoutsplugin.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000312320 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000017920 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\QtQuick\Window.2\windowplugin.dll
2022-03-04 20:57 - 2022-03-04 20:57 - 000085504 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\QtWebEngine\qtwebengineplugin.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-3491684324-3942835478-4158577442-1001\Software\Microsoft\Internet
Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-3491684324-3942835478-4158577442-1001 -> DefaultScope
{ED02A964-5BD3-4C16-A520-5C9411D5CB22} URL =
SearchScopes: HKU\S-1-5-21-3491684324-3942835478-4158577442-1001 ->
{ED02A964-5BD3-4C16-A520-5C9411D5CB22} URL =
BHO-x32: Skype for Business Browser Helper ->
{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft
Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
[2022-03-05] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -
C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-05]
(Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} -
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft
Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-05] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft
Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-05] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} -
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft
Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-03-05] (Microsoft
Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program
Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft
Office\Office16\MSOSB.DLL [2022-03-05] (Microsoft Corporation -> Microsoft
Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-12-07 03:14 - 2019-12-07 03:12 - 000000824 _____
C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3491684324-3942835478-4158577442-1001\Control
Panel\Desktop\\Wallpaper ->
C:\Users\fabfi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKU\S-1-5-21-3491684324-3942835478-4158577442-1001\...\StartupApproved\StartupFolder:
=> "Send to OneNote.lnk"
HKU\S-1-5-21-3491684324-3942835478-4158577442-1001\...\StartupApproved\StartupFolder:
=> "Monitor Ink Alerts - HP Officejet Pro 8600jpf.lnk"
HKU\S-1-5-21-3491684324-3942835478-4158577442-1001\...\StartupApproved\Run: =>
"HP Officejet Pro 8600 (NET)"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
FirewallRules: [{1FBABF8A-F0BD-401A-BB07-02A42623BA18}] => (Allow) C:\Program
Files\WindowsApps\MicrosoftTeams_22042.702.1226.2352_x64__8wekyb3d8bbwe\msteams.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CC7CAA35-1CCB-44F5-A099-0DB8779EE145}] => (Allow) C:\Program
Files\WindowsApps\MicrosoftTeams_22042.702.1226.2352_x64__8wekyb3d8bbwe\msteams.exe
(Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{94DDFD4F-C427-46AC-AEB1-20A362C83A9D}] => (Allow) C:\Program
Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F21D8DC6-1477-4F12-9796-FC02D313783A}] => (Allow) C:\Program
Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation ->
Microsoft Corporation)
FirewallRules: [{1B0C6D32-AA30-4428-8761-1382F2CFB929}] => (Allow)
C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development
Company, L.P.)
FirewallRules: [{3CDDC8B5-58C0-43F9-AC71-5D6FF20E9073}] => (Allow)
C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development
Company, L.P.)
FirewallRules: [{AC0A645D-2C9F-4301-8E8B-3F690749CBD5}] => (Allow) C:\Program
Files (x86)\Microsoft\EdgeWebView\Application\99.0.1150.36\msedgewebview2.exe
(Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
05-03-2022 14:57:18 Windows Modules Installer
07-03-2022 16:09:14 Windows Modules Installer
08-03-2022 16:43:25 Windows Modules Installer
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (03/10/2022 11:29:06 AM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: ShellExperienceHost.exe, version:
10.0.22000.132, time stamp: 0xdd210a66
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.22000.556, time stamp:
0xd1e01b4d
Exception code: 0xc000027b
Fault offset: 0x000000000047e113
Faulting process id: 0x12c0
Faulting application start time: 0x01d834a3d7de5ec9
Faulting application path:
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 7e00fd94-9a3f-43e8-af89-b52632054b31
Faulting package full name:
Microsoft.Windows.ShellExperienceHost_10.0.22000.71_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (03/09/2022 07:11:36 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: OSSwitchService.exe, version: 1.0.537.0,
time stamp: 0x61d4767a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x0000000000000000
Faulting process id: 0xc04
Faulting application start time: 0x01d8341b94b4340f
Faulting application path: C:\Program Files\Common
Files\DynamicAppDownloader\Downloads\OSSwitchService.exe
Faulting module path: unknown
Report Id: 8e0f1163-4c22-495f-bb41-d8047f2c87fa
Faulting package full name:
Faulting package-relative application ID:
Error: (03/09/2022 07:11:29 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: OSSwitchService.exe, version: 1.0.537.0,
time stamp: 0x61d4767a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xc04
Faulting application start time: 0x01d8341b94b4340f
Faulting application path: C:\Program Files\Common
Files\DynamicAppDownloader\Downloads\OSSwitchService.exe
Faulting module path: unknown
Report Id: 4bb25bd9-3393-4890-896d-cdc786daf9a7
Faulting package full name:
Faulting package-relative application ID:
Error: (03/09/2022 07:07:59 PM) (Source: CertEnroll) (EventID: 86) (User: NT
AUTHORITY)
Description: SCEP Certificate enrollment initialization for
WORKGROUP\LENOVOLASTCHANC$ via
https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep
failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority
\"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\"
does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 10 Mar 2022 01:07:59 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 064d0a1e-ba00-4865-b61f-38eacd8a5e43
Method: GET(469ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (03/09/2022 07:07:58 PM) (Source: CertEnroll) (EventID: 86) (User: NT
AUTHORITY)
Description: SCEP Certificate enrollment initialization for Local system via
https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep
failed:
GetCACaps
GetCACaps: Not Found
{"Message":"The authority
\"amd-keyid-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net\"
does not exist."}
HTTP/1.1 404 Not Found
Date: Thu, 10 Mar 2022 01:07:58 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 364d0965-e0fa-450b-a4e9-f498e6013b8f
Method: GET(875ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
Error: (03/08/2022 07:59:26 AM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: SystemSettings.exe, version:
10.0.22000.527, time stamp: 0x27a6d211
Faulting module name: SystemSettings.dll, version: 10.0.22000.469, time stamp:
0xa7699510
Exception code: 0xc0000409
Fault offset: 0x00000000004a9cf3
Faulting process id: 0x1c20
Faulting application start time: 0x01d832f482b6bc0c
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\ImmersiveControlPanel\SystemSettings.dll
Report Id: f97e511e-1509-4aef-8a29-36d1eef54981
Faulting package full name:
windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID:
microsoft.windows.immersivecontrolpanel
Error: (03/08/2022 07:55:45 AM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: SystemSettings.exe, version:
10.0.22000.527, time stamp: 0x27a6d211
Faulting module name: SystemSettingsViewModel.Desktop.dll, version:
10.0.22000.527, time stamp: 0x4c3746b3
Exception code: 0xc0000409
Fault offset: 0x00000000000daab0
Faulting process id: 0x990
Faulting application start time: 0x01d832f301f15600
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path:
C:\Windows\ImmersiveControlPanel\SystemSettingsViewModel.Desktop.dll
Report Id: be4d90b3-ffd2-4eb3-a7ce-9554777277d8
Faulting package full name:
windows.immersivecontrolpanel_10.0.6.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID:
microsoft.windows.immersivecontrolpanel
Error: (03/08/2022 07:45:23 AM) (Source: CertEnroll) (EventID: 86) (User: NT
AUTHORITY)
Description: SCEP Certificate enrollment initialization for
WORKGROUP\LENOVOLASTCHANC$ via
https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep
failed:
GetCACaps
Method: GET(16ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007
ERROR_WINHTTP_NAME_NOT_RESOLVED)
System errors:
=============
Error: (03/11/2022 03:33:21 AM) (Source: Service Control Manager) (EventID:
7034) (User: )
Description: The LenovoVantageService service terminated unexpectedly. It has
done this 1 time(s).
Error: (03/09/2022 07:05:29 PM) (Source: Service Control Manager) (EventID:
7023) (User: )
Description: The Microsoft Defender Antivirus Service service terminated with
the following error:
%%2147943515 = A system shutdown is in progress.
Error: (03/09/2022 07:05:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:24:15 PM on 3/9/2022 was
unexpected.
Error: (03/08/2022 07:56:25 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport
\Device\NetBT_Tcpip_{BCAAB3A1-F4B0-4FFB-811E-0D570A582BB1} because another
computer on the network has the same name. The server could not start.
Error: (03/08/2022 07:52:27 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport
\Device\NetBT_Tcpip_{BCAAB3A1-F4B0-4FFB-811E-0D570A582BB1} because another
computer on the network has the same name. The server could not start.
Error: (03/08/2022 07:52:16 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport
\Device\NetBT_Tcpip_{BCAAB3A1-F4B0-4FFB-811E-0D570A582BB1} because another
computer on the network has the same name. The server could not start.
Error: (03/08/2022 07:52:06 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport
\Device\NetBT_Tcpip_{BCAAB3A1-F4B0-4FFB-811E-0D570A582BB1} because another
computer on the network has the same name. The server could not start.
Error: (03/08/2022 07:51:43 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport
\Device\NetBT_Tcpip_{BCAAB3A1-F4B0-4FFB-811E-0D570A582BB1} because another
computer on the network has the same name. The server could not start.
Windows Defender:
================
Date: 2022-03-11 02:06:51
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-10 03:29:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-10 03:12:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-10 03:05:52
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2022-03-09 05:38:37
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
==================== Memory info ===========================
BIOS: LENOVO ARCN37WW 05/14/2021
Motherboard: LENOVO LNVNB161216
Processor: AMD Ryzen 3 3200U with Radeon Vega Mobile Gfx
Percentage of memory in use: 84%
Total physical RAM: 6020.26 MB
Available physical RAM: 942.52 MB
Total Virtual: 13475.56 MB
Available Virtual: 4394.19 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:834.67 GB) NTFS
\\?\Volume{b58b9845-279a-4855-aa1b-2bac78b08c1b}\ (WINRE_DRV) (Fixed)
(Total:0.98 GB) (Free:0.5 GB) NTFS
\\?\Volume{d1e6fd46-3983-41f3-a279-582b2f746700}\ (SYSTEM_DRV) (Fixed)
(Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1715722E)
Partition: GPT.
==================== End of Addition.txt =======================
* Back to top
--------------------------------------------------------------------------------
BC ADBOT (LOGIN TO REMOVE)
*
* BleepingComputer.com
*
* Register to remove ads
PLAY Top Articles Video Settings Full Screen About Connatix V158273 Read More
Read More Read More Read More Read More Read More Microsoft takes down APT28
domains used inattacks against Ukraine 1/1 Skip Ad Continue watching after the
ad Visit Advertiser websiteGO TO PAGE
--------------------------------------------------------------------------------
#2 JSNTGRVR
JSntgRvr
Malware Fighter
*
* Malware Response Team
* 15,114 posts
* OFFLINE
* Gender:Male
* Location:Puerto Rico
* Local time:08:59 AM
Posted 13 March 2022 - 09:42 AM
It could be due to the Radeon software. Follow these steps.
No request for help throughout private messaging will be attended.
Unactive logs for mor more than four (4) days will be closed
* Back to top
--------------------------------------------------------------------------------
#3 DELUSIONZ
Delusionz
* Topic Starter
*
* Members
* 43 posts
* OFFLINE
* Gender:Female
* Location:Texas
* Local time:07:59 AM
Posted 15 March 2022 - 05:12 PM
JSntgRvr, on 13 Mar 2022 - 2:42 PM, said:
> It could be due to the Radeon software. Follow these steps.
Well, I actually had never even looked at the Radeon App until this past week. I
did check it out and do a few things, but no noticeable changes, and I haven't
been getting any notifications about updating drivers ever, either. After
playing with the app a little it started showing up In Spades on my FRST scans,
and while I've been waiting for some help, I uninstalled the Radeon software
yesterday.... or maybe I just disabled it for now.... i don't recal at the
moment.
* Back to top
--------------------------------------------------------------------------------
#4 DELUSIONZ
Delusionz
* Topic Starter
*
* Members
* 43 posts
* OFFLINE
* Gender:Female
* Location:Texas
* Local time:07:59 AM
Posted 15 March 2022 - 05:16 PM
Still have the app, but Notifications already off.
* Back to top
--------------------------------------------------------------------------------
#5 JSNTGRVR
JSntgRvr
Malware Fighter
*
* Malware Response Team
* 15,114 posts
* OFFLINE
* Gender:Male
* Location:Puerto Rico
* Local time:08:59 AM
Posted 15 March 2022 - 05:30 PM
I don't see any malware in your system. Lets cleanup the system.
* Highlight the entire content of the quote box below.
Quote
> Start::
> SystemRestore: On
> CreateRestorePoint:
> CloseProcesses:
> S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
> Task: {047A5997-F0E4-44CA-B91C-CFC3D3F34D53} - System32\Tasks\Mirkat =>
> C:\Users\fabfi\AppData\Local\Microsoft\WindowsApps\MirkatService.exe /logon
> (No File)
> Task: {C6AB035E-FDD3-420D-BD5A-29AAB13F9B6F} - System32\Tasks\OneDrive
> Standalone Update Task-S-1-5-21-3491684324-3942835478-4158577442-500 =>
> C:\Users\fabfi\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
> (No File)
> Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} -
> System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
> => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
> (cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited)
> C:\Users\fabfi\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
> Task: {047A5997-F0E4-44CA-B91C-CFC3D3F34D53} - System32\Tasks\Mirkat =>
> C:\Users\fabfi\AppData\Local\Microsoft\WindowsApps\MirkatService.exe /logon
> (No File)
> Task: {C6AB035E-FDD3-420D-BD5A-29AAB13F9B6F} - System32\Tasks\OneDrive
> Standalone Update Task-S-1-5-21-3491684324-3942835478-4158577442-500 =>
> C:\Users\fabfi\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
> (No File)
> CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
> CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
> CMD: "C:\Windows\SysWOW64\lodctr.exe" /R
> CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
> HOSTS:
> Removeproxy:
> CMD: fltmc instances
> CMD: netsh advfirewall reset
> CMD: netsh advfirewall set allprofiles state ON
> CMD: ipconfig /flushdns
> CMD: netsh winsock reset catalog
> CMD: netsh int ip reset C:\resettcpip.txt
> CMD: Bitsadmin /Reset /Allusers
> CMD: for /F "tokens=*" %i in ('wevtutil.exe el') DO wevtutil.exe cl "%i"
> C:\Windows\Temp\*.*
> C:\WINDOWS\system32\*.tmp
> C:\WINDOWS\syswow64\*.tmp
> EMPTYTEMP:
> CMD: DISM.exe /Online /Cleanup-Image /Restorehealth
> CMD: SFC /ScanNow
> End::
* Right click on the highlighted text and select Copy.
* Start FRST (FRST64) with Administrator privileges
* Press the Fix button. FRST will process the lines copied above from the
clipboard.
* When finished, a log file (Fixlog.txt) will pop up and saved in the same
location the tool was ran from.
Please copy and paste its contents in your next reply.
Download AdwCleaner and save it to your desktop.
* Double click AdwCleaner.exe to run it.
* Click Scan Now ...
* When the scan has finished a Scan Results window will open.
* Click Cancel (at this point do not attempt to Quarantine anything that is
found)
* Now click the Log Files tab ...
* Double click on the latest scan log (Scan logs have a [S0*] suffix, where *
is replaced by a number, the latest scan will have the largest number)
* A Notepad file will open containing the results of the scan.
Please post the contents of the file in your next reply.
No request for help throughout private messaging will be attended.
Unactive logs for mor more than four (4) days will be closed
* Back to top
--------------------------------------------------------------------------------
#6 DELUSIONZ
Delusionz
* Topic Starter
*
* Members
* 43 posts
* OFFLINE
* Gender:Female
* Location:Texas
* Local time:07:59 AM
Posted 16 March 2022 - 03:44 PM
Man, I just know that this has fixed a lot of my little idiosyncrasies about
this laptop!! Dang! That was so much of what i have been telling the thing
needed for at least the last 6 months. And very well could resolve all of it.
HMPH!! Thank you so much!! Wow, you cannot imagine how many of these things i
have DONE myself, and then Lenovo Customer Service strolls through and says
well.... I don't know .... Have you triee a USB recovery/reset to Windows 10
yet? and we'd start from scratch and I'd fix all i knew how to fix for the 45th
time and come down with the same old symptoms because they didn't EVER try doing
their part. I'm dropping this Fixlog here, and I'll complete steps and post the
rest ASAP...
Fix result of Farbar Recovery Scan Tool (x64) Version: 13-03-2022
Ran by fabfi (16-03-2022 13:29:06) Run:1
Running from C:\Users\fabfi\Desktop
Loaded Profiles: fabfi
Boot Mode: Normal
==============================================
fixlist content:
*****************
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
Task: {047A5997-F0E4-44CA-B91C-CFC3D3F34D53} - System32\Tasks\Mirkat =>
C:\Users\fabfi\AppData\Local\Microsoft\WindowsApps\MirkatService.exe /logon (No
File)
Task: {C6AB035E-FDD3-420D-BD5A-29AAB13F9B6F} - System32\Tasks\OneDrive
Standalone Update Task-S-1-5-21-3491684324-3942835478-4158577442-500 =>
C:\Users\fabfi\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} -
System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
=> C:\WINDOWS\System32\MbaeParserTask.exe (No File)
(cmd.exe ->) (Lenovo (Beijing) Limited -> Lenovo Group Limited)
C:\Users\fabfi\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
Task: {047A5997-F0E4-44CA-B91C-CFC3D3F34D53} - System32\Tasks\Mirkat =>
C:\Users\fabfi\AppData\Local\Microsoft\WindowsApps\MirkatService.exe /logon (No
File)
Task: {C6AB035E-FDD3-420D-BD5A-29AAB13F9B6F} - System32\Tasks\OneDrive
Standalone Update Task-S-1-5-21-3491684324-3942835478-4158577442-500 =>
C:\Users\fabfi\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(No File)
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SysWOW64\lodctr.exe" /R
CMD: "C:\Windows\SYSTEM32\lodctr.exe" /R
HOSTS:
Removeproxy:
CMD: fltmc instances
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: Bitsadmin /Reset /Allusers
CMD: for /F "tokens=*" %i in ('wevtutil.exe el') DO wevtutil.exe cl "%i"
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
EMPTYTEMP:
CMD: DISM.exe /Online /Cleanup-Image /Restorehealth
CMD: SFC /ScanNow
*****************
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Logon\{047A5997-F0E4-44CA-B91C-CFC3D3F34D53}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{047A5997-F0E4-44CA-B91C-CFC3D3F34D53}"
=> removed successfully
C:\WINDOWS\System32\Tasks\Mirkat => moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\Mirkat" => removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Plain\{C6AB035E-FDD3-420D-BD5A-29AAB13F9B6F}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6AB035E-FDD3-420D-BD5A-29AAB13F9B6F}"
=> removed successfully
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update
Task-S-1-5-21-3491684324-3942835478-4158577442-500 => moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update
Task-S-1-5-21-3491684324-3942835478-4158577442-500" => removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}"
=> removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO
Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband
Accounts\MNO Metadata Parser" => removed successfully
(Lenovo (Beijing) Limited -> Lenovo Group Limited)
C:\Users\fabfi\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe => No
running process found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{047A5997-F0E4-44CA-B91C-CFC3D3F34D53}"
=> not found
"C:\WINDOWS\System32\Tasks\Mirkat" => not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\Mirkat" => not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6AB035E-FDD3-420D-BD5A-29AAB13F9B6F}"
=> not found
"C:\WINDOWS\System32\Tasks\OneDrive Standalone Update
Task-S-1-5-21-3491684324-3942835478-4158577442-500" => not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update
Task-S-1-5-21-3491684324-3942835478-4158577442-500" => not found
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
========= "C:\Windows\SysWOW64\lodctr.exe" /R =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
========= "C:\Windows\SYSTEM32\lodctr.exe" /R =========
Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-3491684324-3942835478-4158577442-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-3491684324-3942835478-4158577442-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
========= fltmc instances =========
Filter Volume Name Altitude
Instance Name Frame SprtFtrs VlStatus
-------------------- ------------------------------------- ------------
---------------------- ----- -------- --------
CldFlt C: 180451
CldFlt 0 0000000f
CldFlt \Device\HarddiskVolumeShadowCopy11 180451
CldFlt 0 0000000f
CldFlt \Device\HarddiskVolumeShadowCopy5 180451
CldFlt 0 0000000f
CldFlt \Device\HarddiskVolumeShadowCopy7 180451
CldFlt 0 0000000f
FileInfo 40500
FileInfo 0 0000000f
FileInfo C: 40500
FileInfo 0 0000000f
FileInfo 40500
FileInfo 0 0000000f
FileInfo \Device\HarddiskVolumeShadowCopy11 40500
FileInfo 0 0000000f
FileInfo \Device\HarddiskVolumeShadowCopy12 40500
FileInfo 0 0000000f Detached
FileInfo \Device\HarddiskVolumeShadowCopy12 40500
FileInfo 0 0000000f Detached
FileInfo \Device\HarddiskVolumeShadowCopy5 40500
FileInfo 0 0000000f
FileInfo \Device\HarddiskVolumeShadowCopy7 40500
FileInfo 0 0000000f
FileInfo \Device\Mup 40500
FileInfo 0 0000000f
WdFilter 328010
WdFilter Instance 0 0000000f
WdFilter C: 328010
WdFilter Instance 0 0000000f
WdFilter 328010
WdFilter Instance 0 0000000f
WdFilter \Device\HarddiskVolumeShadowCopy11 328010
WdFilter Instance 0 0000000f
WdFilter \Device\HarddiskVolumeShadowCopy12 328010
WdFilter Instance 0 0000000f Detached
WdFilter \Device\HarddiskVolumeShadowCopy12 328010
WdFilter Instance 0 0000000f Detached
WdFilter \Device\HarddiskVolumeShadowCopy5 328010
WdFilter Instance 0 0000000f
WdFilter \Device\HarddiskVolumeShadowCopy7 328010
WdFilter Instance 0 0000000f
WdFilter \Device\Mup 328010
WdFilter Instance 0 0000000f
Wof C: 40700 Wof
Instance 0 0000000f
Wof 40700 Wof
Instance 0 0000000f
Wof \Device\HarddiskVolumeShadowCopy11 40700 Wof
Instance 0 0000000f
Wof \Device\HarddiskVolumeShadowCopy5 40700 Wof
Instance 0 0000000f
Wof \Device\HarddiskVolumeShadowCopy7 40700 Wof
Instance 0 0000000f
bindflt C: 409800
bindflt Instance 0 0000000f
luafv C: 135000
luafv 0 0000000f
npsvctrig \Device\NamedPipe 46000
npsvctrig 0 00000008
========= End of CMD: =========
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Ok.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ip reset C:\resettcpip.txt =========
Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= for /F "tokens=*" %i in ('wevtutil.exe el') DO wevtutil.exe cl "%i"
=========
========= End of CMD: =========
=========== "C:\Windows\Temp\*.*" ==========
C:\Windows\Temp\f32a5879-840b-4953-95a7-bf6ea8dd7c5d.tmp => moved successfully
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-0321.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-0400.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-0406.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-0428.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-0536.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-0539.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-0603.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-0944.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-1726.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-1731.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-1803.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-1905.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-1907.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-1916.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-1929.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-1934.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-2037.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-2042.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220309-2325.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-0021.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-0102.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-0111.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-0123.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-0128.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-0304.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-0309.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-0328.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-0341.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-0347.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-0400.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-0644.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-0849.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1024.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1033.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1038.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1123.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1143.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1149.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1201.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1206.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1246.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1313.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1321.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1408.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1456.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1546.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1551.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1556.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1601.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1622.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1633.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1655.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1701.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1710.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1721.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1757.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1802.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1831.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1841.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1846.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1919.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1924.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1940.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-1947.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-2015.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-2051.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-2231.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-2259.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-2304.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-2310.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-2322.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-2327.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-2343.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220310-2348.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0100.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0120.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0126.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0131.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0201.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0206.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0227.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0245.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0353.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0354.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0443.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0443a.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0446.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0446a.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0446b.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0447.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-0447a.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1028.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1044.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1123.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1443.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1449.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1507.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1522.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1529.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1557.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1602.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1614.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1620.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1622.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1627.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220311-1731.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-0034.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-0038.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-0327.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-0400.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-0514.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-0515.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-0547.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-0608.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-0630.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-1255.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-1258.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-1330.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-1357.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-1406.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-1411.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-1416.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-1442.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-1447.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220312-2316.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-0413.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-0432.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-0806.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-0811.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-0813.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-0913.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1241.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1244.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1422.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1427.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1525.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1530.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1654.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1707.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1713.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1727.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1743.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1748.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1812.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1817.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1828.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1843.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1848.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1856.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1904.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1910.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1917.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1923.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1932.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-1936.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-2001.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-2006.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-2020.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-2028.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-2037.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-2128.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220313-2133.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0400.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0404.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0409.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0417.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0541.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0554.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0558.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0601.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0612.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0624.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0626.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0656.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0700.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0705.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0739.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0905.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0909.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0935.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0947.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-0952.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1038.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1044.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1049.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1102.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1111.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1116.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1129.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1134.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1145.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1150.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1202.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1207.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1254.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1304.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1309.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1315.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1347.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1352.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1600.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1606.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1612.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1754.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1759.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1854.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1900.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1913.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-1918.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2033.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2038.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2047.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2124.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2129.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2134.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2157.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2205.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2210.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2249.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2254.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2330.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2332.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2336.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2341.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2350.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2351.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2354.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220314-2357.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-0002.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-0009.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-0011.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-0016.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-0022.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-0030.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-0043.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-0046.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-0051.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-0053.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-0056.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-1521.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-1526.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-1526a.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-1614.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-1625.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-1638.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-1644.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-1805.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-1811.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-1832.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-1838.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-1950.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-1955.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-2025.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220315-2035.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0003.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0013.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0018.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0024.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0029.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0034.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0039.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0150.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0315.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0319.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0453.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0516.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0712.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-0755.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-1125.log => moved successfully
C:\Windows\Temp\LENOVOLASTCHANC-20220316-1130.log => moved successfully
Could not move "C:\Windows\Temp\LENOVOLASTCHANC-20220316-1329.log" => Scheduled
to move on reboot.
C:\Windows\Temp\MpSigStub.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202203130806181104).log =>
moved successfully
Could not move
"C:\Windows\Temp\officeclicktorun.exe_streamserver(202203161330021870).log" =>
Scheduled to move on reboot.
========= End -> "C:\Windows\Temp\*.*" ========
=========== "C:\WINDOWS\system32\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\system32\*.tmp" ========
=========== "C:\WINDOWS\syswow64\*.tmp" ==========
not found
========= End -> "C:\WINDOWS\syswow64\*.tmp" ========
========= DISM.exe /Online /Cleanup-Image /Restorehealth =========
Deployment Image Servicing and Management tool
Version: 10.0.22000.1
Image Version: 10.0.22000.556
[== 3.8% ]
[== 3.8% ]
[== 3.9% ]
[== 4.2% ]
[== 4.4% ]
[== 4.5% ]
[== 4.7% ]
[== 4.9% ]
[== 5.1% ]
[=== 5.2% ]
[=== 5.5% ]
[=== 5.6% ]
[=== 5.8% ]
[=== 6.0% ]
[=== 6.1% ]
[=== 6.2% ]
[=== 6.2% ]
[=== 6.3% ]
[==== 7.2% ]
[==== 8.2% ]
[==== 8.5% ]
[===== 8.7% ]
[===== 8.9% ]
[===== 9.2% ]
[===== 10.0% ]
[====== 10.9% ]
[====== 11.4% ]
[====== 11.5% ]
[====== 11.9% ]
[======= 12.3% ]
[======= 12.6% ]
[======= 12.8% ]
[======= 13.2% ]
[======= 13.2% ]
[======= 13.4% ]
[======== 13.8% ]
[======== 14.2% ]
[======== 14.6% ]
[======== 14.9% ]
[======== 15.3% ]
[========= 15.5% ]
[========= 15.8% ]
[========= 16.0% ]
[========= 16.3% ]
[========= 16.5% ]
[========= 16.6% ]
[========= 16.8% ]
[========= 17.1% ]
[========== 17.3% ]
[========== 17.7% ]
[========== 17.7% ]
[========== 17.7% ]
[========== 17.8% ]
[========== 17.9% ]
[========== 18.0% ]
[========== 18.0% ]
[========== 18.3% ]
[========== 18.4% ]
[========== 18.5% ]
[========== 18.7% ]
[========== 18.9% ]
[=========== 19.2% ]
[=========== 19.5% ]
[=========== 19.8% ]
[=========== 20.2% ]
[=========== 20.5% ]
[============ 20.8% ]
[============ 21.1% ]
[============ 21.3% ]
[============ 21.7% ]
[============ 21.9% ]
[============ 22.1% ]
[============= 22.6% ]
[============= 22.7% ]
[============= 22.8% ]
[============= 23.2% ]
[============= 23.4% ]
[============= 23.7% ]
[============= 24.0% ]
[============= 24.1% ]
[============== 24.3% ]
[============== 24.5% ]
[============== 24.5% ]
[============== 24.8% ]
[============== 25.0% ]
[============== 25.2% ]
[============== 25.6% ]
[=============== 26.6% ]
[=============== 27.5% ]
[================ 28.5% ]
[================ 28.8% ]
[================ 29.1% ]
[================= 29.4% ]
[================= 29.4% ]
[================= 29.5% ]
[================= 29.6% ]
[================= 29.7% ]
[================= 29.7% ]
[================= 29.8% ]
[================= 29.9% ]
[================= 30.0% ]
[================= 30.0% ]
[================= 30.3% ]
[================= 30.3% ]
[================= 30.5% ]
[================= 30.6% ]
[================= 30.9% ]
[================= 30.9% ]
[================== 31.2% ]
[================== 31.3% ]
[================== 31.6% ]
[================== 31.8% ]
[================== 32.1% ]
[================== 32.2% ]
[================== 32.2% ]
[================== 32.2% ]
[================== 32.2% ]
[================== 32.2% ]
[================== 32.3% ]
[================== 32.3% ]
[================== 32.3% ]
[================== 32.4% ]
[================== 32.4% ]
[================== 32.5% ]
[================== 32.6% ]
[================== 32.7% ]
[================== 32.8% ]
[=================== 32.8% ]
[=================== 32.9% ]
[=================== 32.9% ]
[=================== 33.0% ]
[=================== 33.1% ]
[=================== 33.1% ]
[=================== 33.1% ]
[=================== 33.2% ]
[=================== 33.3% ]
[=================== 33.4% ]
[=================== 33.4% ]
[=================== 33.4% ]
[=================== 33.6% ]
[=================== 33.7% ]
[=================== 33.8% ]
[=================== 34.0% ]
[=================== 34.4% ]
[==================== 34.6% ]
[==================== 34.6% ]
[==================== 34.6% ]
[==================== 34.6% ]
[==================== 34.6% ]
[==================== 34.7% ]
[==================== 34.7% ]
[==================== 34.8% ]
[==================== 34.8% ]
[==================== 34.9% ]
[==================== 34.9% ]
[==================== 34.9% ]
[==================== 35.0% ]
[==================== 35.1% ]
[==================== 35.2% ]
[==================== 35.3% ]
[==================== 35.4% ]
[==================== 35.5% ]
[==================== 35.7% ]
[==================== 35.8% ]
[==================== 35.9% ]
[==================== 36.0% ]
[==================== 36.2% ]
[===================== 36.2% ]
[===================== 36.5% ]
[===================== 36.6% ]
[===================== 36.8% ]
[===================== 36.8% ]
[===================== 37.0% ]
[===================== 37.1% ]
[===================== 37.2% ]
[===================== 37.4% ]
[===================== 37.6% ]
[===================== 37.8% ]
[===================== 37.9% ]
[====================== 38.0% ]
[====================== 38.0% ]
[====================== 38.2% ]
[====================== 38.3% ]
[====================== 38.5% ]
[====================== 38.6% ]
[====================== 38.9% ]
[====================== 39.1% ]
[====================== 39.1% ]
[====================== 39.2% ]
[====================== 39.4% ]
[====================== 39.4% ]
[====================== 39.5% ]
[======================= 39.7% ]
[======================= 39.7% ]
[======================= 39.7% ]
[======================= 39.9% ]
[======================= 40.0% ]
[======================= 40.2% ]
[======================= 40.4% ]
[======================= 40.6% ]
[======================= 40.8% ]
[======================= 40.9% ]
[======================= 41.0% ]
[======================= 41.0% ]
[======================= 41.1% ]
[======================= 41.1% ]
[======================= 41.2% ]
[======================= 41.3% ]
[======================= 41.3% ]
[======================== 41.5% ]
[======================== 41.7% ]
[======================== 41.7% ]
[======================== 41.9% ]
[======================== 42.0% ]
[======================== 42.2% ]
[======================== 42.3% ]
[======================== 42.4% ]
[======================== 42.5% ]
[======================== 42.6% ]
[======================== 42.6% ]
[======================== 42.6% ]
[======================== 42.7% ]
[======================== 42.8% ]
[======================== 42.9% ]
[======================== 42.9% ]
[======================== 43.0% ]
[======================== 43.0% ]
[======================== 43.1% ]
[======================== 43.1% ]
[========================= 43.2% ]
[========================= 43.2% ]
[========================= 43.2% ]
[========================= 43.2% ]
[========================= 43.3% ]
[========================= 43.3% ]
[========================= 43.5% ]
[========================= 43.5% ]
[========================= 43.5% ]
[========================= 43.6% ]
[========================= 43.7% ]
[========================= 43.8% ]
[========================= 43.9% ]
[========================= 44.0% ]
[========================= 44.1% ]
[========================= 44.1% ]
[========================= 44.2% ]
[========================= 44.2% ]
[========================= 44.3% ]
[========================= 44.4% ]
[========================= 44.4% ]
[========================= 44.5% ]
[========================= 44.5% ]
[========================= 44.5% ]
[========================= 44.5% ]
[========================= 44.6% ]
[========================= 44.7% ]
[========================= 44.8% ]
[========================== 44.8% ]
[========================== 44.8% ]
[========================== 44.9% ]
[========================== 45.0% ]
[========================== 45.0% ]
[========================== 45.1% ]
[========================== 45.1% ]
[========================== 45.1% ]
[========================== 45.2% ]
[========================== 45.2% ]
[========================== 45.4% ]
[========================== 45.4% ]
[========================== 45.5% ]
[========================== 45.6% ]
[========================== 45.7% ]
[========================== 45.8% ]
[========================== 46.0% ]
[========================== 46.1% ]
[========================== 46.2% ]
[========================== 46.3% ]
[========================== 46.3% ]
[========================== 46.3% ]
[========================== 46.4% ]
[========================== 46.4% ]
[========================== 46.4% ]
[========================== 46.5% ]
[===========================46.6% ]
[===========================46.6% ]
[===========================46.7% ]
[===========================46.8% ]
[===========================46.8% ]
[===========================46.9% ]
[===========================46.9% ]
[===========================47.0% ]
[===========================47.2% ]
[===========================47.5% ]
[===========================47.9% ]
[===========================48.2% ]
[===========================48.5% ]
[===========================48.8% ]
[===========================49.3% ]
[===========================49.6% ]
[===========================50.0% ]
[===========================50.4% ]
[===========================50.9% ]
[===========================51.4% ]
[===========================51.5% ]
[===========================51.8% ]
[===========================52.2% ]
[===========================52.3% ]
[===========================52.5% ]
[===========================52.5% ]
[===========================52.5% ]
[===========================52.5% ]
[===========================52.5% ]
[===========================52.6% ]
[===========================52.6% ]
[===========================52.6% ]
[===========================52.7% ]
[===========================52.8% ]
[===========================52.8% ]
[===========================52.8% ]
[===========================52.8% ]
[===========================52.9% ]
[===========================52.9% ]
[===========================52.9% ]
[===========================53.0% ]
[===========================53.0% ]
[===========================53.0% ]
[===========================53.0% ]
[===========================53.1% ]
[===========================53.1% ]
[===========================53.1% ]
[===========================53.1% ]
[===========================53.1% ]
[===========================53.2% ]
[===========================53.2% ]
[===========================53.2% ]
[===========================53.3% ]
[===========================53.3% ]
[===========================53.4% ]
[===========================53.4% ]
[===========================53.4% ]
[===========================53.4% ]
[===========================53.4% ]
[===========================53.5% ]
[===========================53.5% ]
[===========================53.6% ]
[===========================53.6% ]
[===========================53.6% ]
[===========================53.7% ]
[===========================53.7% ]
[===========================53.7% ]
[===========================53.7% ]
[===========================53.7% ]
[===========================53.7% ]
[===========================53.7% ]
[===========================53.8% ]
[===========================53.8% ]
[===========================53.9% ]
[===========================53.9% ]
[===========================54.0% ]
[===========================54.0% ]
[===========================54.0% ]
[===========================54.0% ]
[===========================54.1% ]
[===========================54.1% ]
[===========================54.2% ]
[===========================54.2% ]
[===========================54.2% ]
[===========================54.3% ]
[===========================54.3% ]
[===========================54.3% ]
[===========================54.4% ]
[===========================54.4% ]
[===========================54.5% ]
[===========================54.6% ]
[===========================54.6% ]
[===========================54.6% ]
[===========================54.7% ]
[===========================55.0% ]
[===========================55.1% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.3% ]
[===========================55.3% ]
[===========================55.4% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.9% ]
[===========================56.0% ]
[===========================57.0%= ]
[===========================58.0%= ]
[===========================58.9%== ]
[===========================59.9%== ]
[===========================62.3%==== ]
[===========================84.9%================= ]
[==========================100.0%==========================]
The restore operation completed successfully.
The operation completed successfully.
========= End of CMD: =========
========= SFC /ScanNow =========
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 60% complete.
Verification 60% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 72% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 100% complete.
Windows Resource Protection did not find any integrity violations.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31671576
B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 7922978 B
Edge => 0 B
Chrome => 392074208 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 45534 B
fabfi => 705677711 B
RecycleBin => 9498659526 B
EmptyTemp: => 9.9 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 16-03-2022
15:09:34)
C:\Windows\Temp\LENOVOLASTCHANC-20220316-1329.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202203161330021870).log => Is
moved successfully
==== End of Fixlog 15:09:34 ====
**** Also -- following every reset I immediately uninstall the Mitkat app (I
have my own provider), and the OneDrive Sync app, But I do run the Microsoft
Store app (recently), and before that I was doing all my Cloud storage with the
online component...
* Back to top
--------------------------------------------------------------------------------
#7 DELUSIONZ
Delusionz
* Topic Starter
*
* Members
* 43 posts
* OFFLINE
* Gender:Female
* Location:Texas
* Local time:07:59 AM
Posted 16 March 2022 - 04:00 PM
WOOOT WOOT!!! Best mood I've been in for MONTHS! Seriously, Lenovo did me wrong
I had just lost my Mother when I bought this thing. Then took care of my Dad
through a hip replacement, and his gradual decline for 2 years and started full
time raising my Grandbaby and doing custodial battles with my daughter right
before the Covid-19 crisis began, and lost my Dad in September. That was my
daily dance in this life and it was checkered with Monthly, if not Weekly Lenovo
contact. SSDD. I uninstalled or deleted everything I could find for Lenovo
EXCEPT those IM Controllers showing in this Scan below...... And those will be
next!!! Umm, after you have no further instructions, that is!
Again, thanks for your time!
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-03-15.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-16-2022
# Duration: 00:00:13
# OS: Windows 10 Home
# Scanned: 32047
# Detected: 5
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder
C:\Users\fabfi\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder
C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo
Dependency Package_is1
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
* Back to top
--------------------------------------------------------------------------------
#8 JSNTGRVR
JSntgRvr
Malware Fighter
*
* Malware Response Team
* 15,114 posts
* OFFLINE
* Gender:Male
* Location:Puerto Rico
* Local time:08:59 AM
Posted 16 March 2022 - 05:09 PM
All seems clear now. How is it doing?
No request for help throughout private messaging will be attended.
Unactive logs for mor more than four (4) days will be closed
* Back to top
--------------------------------------------------------------------------------
#9 DELUSIONZ
Delusionz
* Topic Starter
*
* Members
* 43 posts
* OFFLINE
* Gender:Female
* Location:Texas
* Local time:07:59 AM
Posted 16 March 2022 - 06:52 PM
Just barely getting back to it, and trying to clear some things up into Cloud so
i can run some errands.
I quarantined those Pre-installed items, but left them in Quarantine for now.
I launched MS Edge to upload some of the logs from today..,... When i launched
it had a notification that I needed to accept McAfee Web Advisor new permissions
to add it back to my extensions, which i did....... although i'm not fond of
McAfee.....and I got this warning:+
Well heck. I cant seem to spot how to add the screenshot lol....
* Back to top
--------------------------------------------------------------------------------
#10 DELUSIONZ
Delusionz
* Topic Starter
*
* Members
* 43 posts
* OFFLINE
* Gender:Female
* Location:Texas
* Local time:07:59 AM
Posted 16 March 2022 - 06:56 PM
https://1drv.ms/u/s!AnR2YiazAuEvhMBNkJFVPiz-hfxwWg
* Back to top
--------------------------------------------------------------------------------
#11 JSNTGRVR
JSntgRvr
Malware Fighter
*
* Malware Response Team
* 15,114 posts
* OFFLINE
* Gender:Male
* Location:Puerto Rico
* Local time:08:59 AM
Posted 16 March 2022 - 07:20 PM
Delusionz, on 16 Mar 2022 - 11:56 PM, said:
> https://1drv.ms/u/s!AnR2YiazAuEvhMBNkJFVPiz-hfxwWg
Allow Private Networks.
Open FRST64. Type the following in the Search box:
Searchall: McAfee
Click on Search File. Post the Search.txt that will be produced.
No request for help throughout private messaging will be attended.
Unactive logs for mor more than four (4) days will be closed
* Back to top
--------------------------------------------------------------------------------
#12 DELUSIONZ
Delusionz
* Topic Starter
*
* Members
* 43 posts
* OFFLINE
* Gender:Female
* Location:Texas
* Local time:07:59 AM
Posted 17 March 2022 - 04:24 PM
Okay, so i'm going to post the results of the search.
As to the settings for MS Edge in the Firewall, I click Allow a program
through...... and that shows
NO check box beside MS Edge, and under Private, there is a check in the box, but
not under Public
Clicking the Network Types under Details, both options are greyed out, but the
Private is checked.
Under Monitoring>Firewall> MS Edge has 2 entries and both are marked with the
Red "not allowed/blocked" Circle.
Under Profile, both are Private, Under Action, both are Blocked. Under Override,
both are No. Under Direction, both are Inbound.
And here is the Search Results. What the heck? McAfee is offered by Lenovo, but
I always tell it i don't want it installed during Setup, and sometimes it
installs anyway and I have to go uninstall. Usually i only see it on the Device
Manager as "Mcafee OS Switch" and i have no idea what that is for?? And that
shows up even if it does not install the app........This an awful lot of entries
for something that isnt installed o.O
File:
========
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\McAfeeIntegrationExtension.cat
[2022-03-04 20:48][2020-08-20 23:29] 000010199 _____ ()
44D12C0CEE8BC06B6ADFB1C3C50B06C3 [File is digitally signed]
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\mcafeeintegrationextension.inf
[2022-03-04 20:48][2020-08-20 23:17] 000001814 _____ ()
AB11FA7A3AEFC60780D2E3FC07FEDF09 [File is digitally signed]
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\mcafeeintegrationservice.exe
[2022-03-04 20:48][2020-08-20 23:29] 003990496 _____ (McAfee)
12A08B37373B3C7672D5D88F2F5AD1FF [File is digitally signed]
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\McAfeeIntegrationDriver.cat
[2022-03-04 20:48][2020-08-20 23:06] 000010180 _____ ()
0BFEE48A3CFCC684948A9D76C917584C [File is digitally signed]
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\mcafeeintegrationdriver.inf
[2022-03-04 20:48][2020-08-20 22:55] 000002422 _____ ()
5FE7205CAFD567E15185182406D522AF [File is digitally signed]
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\mcafeeintegrationdriver.PNF
[2022-03-05 17:54][2022-03-05 17:54] 000008844 _____ ()
91FA2A54007DD13787B72829C4E52268 [File not signed]
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\McAfeeIntegrationDriver.sys
[2022-03-04 20:48][2020-08-20 23:06] 000049664 _____ (McAfee)
502F792139EBF580608F02709EA41854 [File is digitally signed]
C:\Windows\System32\drivers\McAfeeIntegrationDriver.sys
[2022-03-04 20:48][2020-08-20 23:06] 000049664 _____ (McAfee)
502F792139EBF580608F02709EA41854 [File is digitally signed]
C:\Users\fabfi\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\125\5A894077_McAfeeSecurity_wafk5atnkzcwy!App
[2022-03-04 20:59][2022-03-04 20:59] 000012250 _____ ()
41B3E262172041A0FEEE356D5E6A2434 [File not signed]
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\mcafee_wa_crypto_learn.js
[2022-03-16 15:31][2022-03-02 14:22] 000126400 _____ ()
0CB81FD42185DBAFB91492971853E0F9 [File not signed]
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_brand.svg
[2022-03-16 15:31][2022-03-02 14:22] 000003638 _____ ()
16405C6C43A4537A23405324DE6EC0B3 [File not signed]
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_logo.svg
[2022-03-16 15:31][2022-03-02 14:22] 000000439 _____ ()
9BCC6F675F54CDE7CAFB533091009F32 [File not signed]
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_slogan_white.svg
[2022-03-16 15:31][2022-03-02 14:22] 000014424 _____ ()
10F404E036B0309E755D77E4E0348D5D [File not signed]
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_webadvisor_logo.svg
[2022-03-16 15:31][2022-03-02 14:22] 000010135 _____ ()
8912B80638144C8206770D8FA33F522C [File not signed]
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\white_mcafee_icon.svg
[2022-03-16 15:31][2022-03-02 14:22] 000000359 _____ ()
7C7F3D088209C673B10B2825C943233E [File not signed]
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\settings\mcafee-shield-pattern.svg
[2022-03-16 15:31][2022-03-02 14:22] 000415122 _____ ()
33A6B33703566CF94EB42B8AF280AA67 [File not signed]
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\crypto\mcafee-white.png
[2022-03-16 15:31][2022-03-02 14:22] 000008599 _____ ()
82D72E106C7CAA157294BF354E91BB78 [File not signed]
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\advanced_protection_signals\mcafee-logo.svg
[2022-03-16 15:31][2022-03-02 14:22] 000010055 _____ ()
D140F7D6A0EAFE2262BE880AE0CE776E [File not signed]
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\html\mcafee_wa_crypto_learn.html
[2022-03-16 15:31][2022-03-02 14:22] 000003918 _____ ()
17F935E207421A0D7850CAFEC7AD0DBB [File not signed]
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\css\mcafee_wa_crypto_learn.css
[2022-03-16 15:31][2022-03-02 14:22] 000040475 _____ ()
541179B8E3EF90DA002BAF0FACACAFC6 [File not signed]
C:\Recovery\OEM\scripts\RESET_POST\McAfeePBR.cmd
[2022-03-04 22:01][2018-09-26 21:34] 000000223 _____ ()
1829985D5E522DA9004DE450A4072CBF [File not signed]
C:\Recovery\OEM\scripts\FACTORY_POST\McAfeePBR.cmd
[2022-03-04 22:01][2018-09-26 21:34] 000000223 _____ ()
1829985D5E522DA9004DE450A4072CBF [File not signed]
C:\ProgramData\mcafeeintegrationservice.log
[2022-03-04 22:01][2022-03-05 00:51] 000050734 _____ ()
02FD6144FFC384C5AF56279E8BB3BD72 [File not signed]
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.39.0_neutral_split.scale-100_wafk5atnkzcwy.xml
[2022-03-04 21:45][2022-03-04 21:45] 000000782 _____ ()
0E882C258A9CD11B69A0A04B0E1C855B [File not signed]
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy.xml
[2022-03-05 00:08][2022-03-05 00:08] 000000782 _____ ()
B99D3F98F8BE42BA0326632B335BE98F [File not signed]
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy.xml
[2022-03-05 00:08][2022-03-05 00:08] 000014526 _____ ()
097225EA5E3E995822B412DACA485644 [File not signed]
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy.xml
[2022-03-05 00:08][2022-03-05 00:08] 000005506 _____ ()
BF4BB96C12B11AC900254BC073B27B2B [File not signed]
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.dll
[2022-03-05 00:08][2022-03-05 00:08] 016742912 _____ (McAfee LLC)
EE6533041235D9490B9AD24E5B6D5F9D [File not signed]
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
[2022-03-05 00:08][2022-03-05 00:08] 000020480 _____ (McAfee LLC)
E34AE177A042D0D7239C07DE70EDAC70 [File not signed]
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\McAfee.UWP.ResourceStreamer.winmd
[2022-03-05 00:08][2022-03-05 00:08] 000004096 _____ ()
76A794F9D70CDE5C65D9272D2DB4142E [File not signed]
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
[2022-03-05 00:08][2022-03-05 00:08] 000648704 _____ (McAfee, LLC)
6792866AB19DA7ED7D94796CD60634D6 [File not signed]
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Assets\Offline\mcafee-logo.png
[2022-03-04 21:33][2022-03-04 21:33] 000001841 _____ ()
5842DC8AC07CA0BBF672BABD03482B72 [File not signed]
folder:
========
2022-03-04 20:59 - 2022-03-04 20:59 _____
C:\Windows\System32\Tasks_Migrated\McAfee
2022-03-05 00:44 - 2022-03-05 00:44 _____ C:\Windows\System32\Tasks\McAfee
2022-03-04 23:16 - 2022-03-05 17:54 _____
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538
2022-03-04 23:16 - 2022-03-04 23:16 _____
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0
2022-03-04 22:01 - 2022-03-04 22:01 ____A C:\Recovery\OEM\McAfeeSMode
2022-03-04 20:59 - 2022-03-04 20:59 _____ C:\ProgramData\McAfee
2022-03-04 20:59 - 2022-03-04 20:59 _____
C:\ProgramData\mcafeeintegrationservice
2022-03-04 21:45 - 2022-03-04 21:45 _____
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.39.0_neutral_split.scale-100_wafk5atnkzcwy
2022-03-05 00:08 - 2022-03-05 04:04 _____
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
2022-03-05 00:08 - 2022-03-05 00:08 _____
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
2022-03-05 00:08 - 2022-03-05 04:04 _____
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
2022-03-04 22:01 - 2022-03-04 20:59 _____ C:\Program Files\McAfeeOSDetection
2022-03-05 00:08 - 2022-03-05 00:08 _____ C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
2022-03-05 00:08 - 2022-03-05 00:08 _____ C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
2022-03-05 00:08 - 2022-03-05 00:08 _____ C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
2022-03-04 21:33 - 2022-03-04 21:45 _____ C:\Program
Files\WindowsApps\DeletedAllUserPackages\5A894077.McAfeeSecurity_2.1.39.0_neutral_split.scale-100_wafk5atnkzcwy
2022-03-04 20:59 - 2022-03-04 20:59 _____ C:\Program Files\Common Files\McAfee
Registry:
========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\appsync\shell\open\command]
""=""C:\Program Files\McAfee\MSC\mcsync.exe" /ui"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy]
"Path"="C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
"Path"="C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy]
"Path"="C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\DAD]
"jobname"="McAfee\mfewin10switch"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfeeOSDetection]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfeeOSDetection\SwitchTasks\StubInstaller]
"TaskTrigger"="C:\\Program Files\\McAfeeOSDetection\\DADUpdater.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfeeStub]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4b]
"Executable"="mcafee-security.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4b]
"Entrypoint"="mcafee_security.App"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4c]
"Executable"="mcafee-security.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4d]
"Executable"="mcafee-security.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\7a]
"ApplicationUserModelId"="5A894077.McAfeeSecurity_wafk5atnkzcwy!App"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\7a]
"Executable"="mcafee-security.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\7a]
"Entrypoint"="mcafee_security.App"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\147]
"ApplicationUserModelId"="5A894077.McAfeeSecurity_wafk5atnkzcwy!App"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\147]
"_IndexKeys"="Application\7a\147
PackageUser\48b\147
PackageUserAndApplication\48b^7a
UserAndApplication\1^7a
UserAndApplicationUserModelId\1^5A894077.McAfeeSecurity_wafk5atnkzcwy!App\147"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\1^5A894077.McAfeeSecurity_wafk5atnkzcwy!App]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\106]
"PackageFullName"="5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\106]
"InstalledLocation"="C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\106]
"_IndexKeys"="PackageFamily\2d\106
PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\107]
"PackageFullName"="5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\107]
"InstalledLocation"="C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\107]
"_IndexKeys"="PackageFamily\2d\107
PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\108]
"PackageFullName"="5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\108]
"InstalledLocation"="C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\108]
"_IndexKeys"="PackageFamily\2d\108
PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\2d]
"PackageFamilyName"="5A894077.McAfeeSecurity_wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\2d]
"_IndexKeys"="PackageFamilyName\5A894077.McAfeeSecurity_wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\5A894077.McAfeeSecurity_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
"Path"="C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\AppxMetadata\AppxBundleManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\OSRollbackPackages]
"5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\OSRollbackPackages]
"5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\OSRollbackPackages]
"5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.39.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys]
"Source"="%SystemRoot%\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\McAfeeIntegrationDriver.sys"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}]
"Path"="\McAfee\mfewin10switch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}]
"Author"="McAfee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}]
"Description"="$(@C:\Program
Files\McAfeeOSDetection\1.7.104\DADUpdater.exe,-102)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}]
"URI"="\McAfee\mfewin10switch"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributes"="{
"Version": 170,
"SchemaVersion": 1,
"PartA": [
"App",
"AppVer",
"AttrDataVer"
],
"Default": [
"DeviceFamily",
"f:FlightRing",
"t:OSVersionFull"
],
"PartB": {
"ACSOVERRIDE": [
"OSArchitecture",
"c:IsAlwaysOnAlwaysConnectedCapable"
],
"CASSCLIENT": [
"OSVersion",
"c:OSEdition",
"f:FlightRing",
"c:OSUILocale",
"f:FlightingBranchName",
"r:OEMMode"
],
"CDM": [
"ChassisTypeId",
"r:CurrentBranch",
"DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"c:InstallLanguage",
"c:IsDomainJoined",
"t:IsTestLab",
"OEMModel",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:ProcessorIdentifier",
"c:TelemetryLevel",
"t:IsMsftOwned",
"t:WCOSProductId",
"c:OSUILocale",
"c:CommercialId",
"s:MinShellVersion",
"s:MaxShellVersion",
"c:ActivationChannel",
"c:SCCMClientId",
"c:IsCloudDomainJoined",
"r:WebExperience",
"FX_FlightIds",
"AccountFirstChar",
"r:WSX_Windows_Settings_Account",
"r:InstallDate",
"r:WSX_Runtime"
],
"COMPATLOGGER": [
"osVer",
"ring",
"deviceId"
],
"CONTENT_DELIVERY_MANAGER": [
"c:OSEdition",
"t:OSSkuId",
"c:OSUILocale",
"a:UpgEx_CO21H2",
"a:GStatus_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:TimestampEpochString_CO21H2",
"r:AndroidUserOptinValue",
"f:FlightingBranchName",
"f:FlightRing"
],
"CORTANA_GATEKEEPER": [
"r:CurrentBranch",
"f:FlightRing",
"f:IsRetailOS"
],
"CORTANAUWP": [
"c:OSUILocale",
"t:OSVersionFull",
"v:CortanaAppVer"
],
"CORTANAUWPTEST": [
"+CORTANAUWP",
"v:CortanaAppVerTest"
],
"CTAC": [
"+FSS"
],
"DDC": [
"+WU_STORE",
"+_WU_PTI"
],
"DXDB": [
"DeviceFamily",
"f:FlightRing",
"r:IsHybridOrXGpu",
"t:OSVersionFull",
"OSVersion"
],
"EDGE_SERVICEUI": [
"t:LocalDeviceID",
"t:LocalUserID"
],
"FCON": [
"+CDM"
],
"FSS": [
"r:PreviewBuildsManagerEnabled",
"f:BranchReadinessLevelRaw",
"u:BranchReadinessLevelSource",
"r:BuildFID",
"t:DeviceFamily",
"DeviceId",
"c:EnablePreviewBuilds",
"f:FlightingPolicyValue",
"f:IsRetailOS",
"f:ManagePreviewBuilds",
"OSVersionFull",
"t:WCOSProductId",
"r:SmartActiveHoursState",
"r:ActiveHoursStart",
"r:ActiveHoursEnd",
"r:IsCHCapableBuild",
"r:FSRing",
"s:MaxShellVersion",
"s:MinShellVersion",
"c:TPMVersion",
"c:SecureBootCapable",
"c:ProcessorClockSpeed",
"c:ProcessorCores",
"c:TotalPhysicalRAM",
"t:SMode",
"c:SystemVolumeTotalCapacity",
"c:OEMManufacturerName",
"c:OEMModelNumber",
"a:ISVM",
"r:AllowUpgradesWithUnsupportedTPMOrCPU",
"r:IntelPlatformId",
"r:IsConfigMgrEnabled"
],
"FXIRISCLIENT": [
"+IRISCLIENT"
],
"GS": [
"t:OSSkuId",
"t:OSVersionFull",
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"c:FlightIds",
"f:FlightingBranchName",
"f:FlightRing",
"c:IsCloudDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"c:OSUILocale",
"c:IsDomainJoined"
],
"IRISCLIENT": [
"DeviceFamily",
"OSVersion",
"t:OSSkuId",
"OSArchitecture",
"c:TelemetryLevel",
"f:FlightRing",
"f:FlightingBranchName",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical",
"t:IsMsftOwned",
"c:ChassisType",
"c:ProcessorIdentifier",
"OEMModel",
"c:OSUILocale",
"c:OSEdition",
"c:FlightIds",
"r:CurrentBranch",
"t:WCOSProductId",
"c:InstallationType",
"r:InstallDate",
"c:IsCloudDomainJoined",
"c:IsDeviceRetailDemo",
"f:IsRetailOS",
"c:ProcessorClockSpeed",
"c:ProcessorCores",
"c:ProcessorManufacturer",
"c:TotalPhysicalRAM",
"c:D3DMaxFeatureLevel",
"c:IsAlwaysOnAlwaysConnectedCapable",
"t:SMode",
"t:LocalUserID",
"r:AndroidUserOptinValue"
],
"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
"t:OSVersionFull",
"t:IsTestLab",
"f:FlightRing"
],
"MITIGATION": [
"t:DeviceFamily",
"f:FlightRing",
"c:FlightIds",
"c:IsDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"t:IsTestLab",
"IsVM",
"OEMModel",
"c:OSEdition",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"t:SMode",
"f:IsFlightingEnabled",
"c:FirmwareVersion",
"c:TelemetryLevel",
"f:FlightingBranchName",
"r:CurrentBranch",
"OSVersion",
"w:FirstStorageSpaceDeviceId",
"r:IsCldFltSyncRoots",
"c:OSInstallType",
"v:IsNotepadExePresent",
"r:StrictHiveSecurityReg",
"a:GatedBlockId_21H1",
"r:UpdateOfferedDays",
"r:UsoScanMitigation",
"r:GamingServicesInstalledKey"
],
"MLMOD": [
"ChassisTypeId",
"t:DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"f:IsRetailOS",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"OSVersion",
"c:TelemetryLevel",
"r:CurrentBranch",
"t:IsTestLab",
"c:PrimaryDiskType"
],
"MTP": [
"+_WU_OS_CORE"
],
"MUSE": [
"+_WU_FB",
"ChassisTypeId",
"deviceClass",
"deviceId",
"c:FlightIds",
"locale",
"ms",
"os",
"osVer",
"ring",
"sampleId",
"sku",
"r:DaysSince19H1FUOffer",
"u:DisableDualScan",
"u:UpdateServiceUrl",
"c:CommercialId",
"f:FlightingBranchName",
"c:SystemVolumeTotalCapacity",
"c:IsAlwaysOnAlwaysConnectedCapable",
"c:ProcessorCores",
"c:PrimaryDiskType",
"c:TotalPhysicalRAM",
"c:ProcessorClockSpeed",
"c:ProcessorIdentifier",
"c:ProcessorModel",
"c:ActivationChannel",
"c:IsCloudDomainJoined",
"c:isCommercial",
"c:IsDomainJoined",
"c:IsMDMEnrolled",
"c:SCCMClientID",
"r:OEMSubModel",
"c:OEMModelNumber",
"c:OEMManufacturerName",
"r:OobeSeeker",
"r:DefaultUserRegion"
],
"NOISYHAMMER": [
"+WU_OS"
],
"PHS": [
"r:GridZoneName"
],
"SEDIMENTPACK": [
"+WU_OS"
],
"SERVICEEXPERIENCES": [
"f:FlightingBranchName",
"f:FlightRing",
"s:MaxShellVersion",
"s:MinShellVersion",
"t:IsTestLab",
"c:TelemetryLevel",
"t:OSSkuId",
"r:CurrentBranch",
"OSVersion",
"DeviceFamily",
"r:WSX_Windows_Settings_Account",
"c:FlightIds",
"r:WSX_Runtime"
],
"SERVICING_CBS": [
"+WU",
"osVer"
],
"SETUP360": [
"t:OSSkuId",
"f:FlightRing"
],
"STORAGEGROVELER": [
"a:Free",
"c:TelemetryLevel",
"f:FlightRing",
"f:IsFlightingEnabled",
"IsVM",
"t:OSVersionFull"
],
"UTC": [
"+UTC_STATIC",
"osVer",
"locale",
"ring",
"f:PilotRing",
"f:IsRetailOS",
"ms",
"expId",
"t:SMode",
"f:FlightingBranchName",
"c:CommercialId",
"r:IsFeedbackHubSelfhost",
"c:AzureVMType"
],
"UTC_STATIC": [
"os",
"deviceId",
"sampleId",
"deviceClass",
"sku",
"OEMModel",
"OEMName_Uncleaned",
"c:PrimaryDiskType",
"c:ProcessorModel",
"c:TotalPhysicalRAM"
],
"UUS": [
"OSVersion",
"f:FlightRing",
"t:IsTestLab",
"t:OSVersionFull",
"f:FlightingBranchName",
"r:CurrentBranch",
"f:IsFlightingEnabled"
],
"WAASASSESSMENT": [
"+WU_OS"
],
"WAASMEDIC": [
"os",
"osVer",
"ring",
"deviceClass",
"deviceId",
"locale",
"sku",
"c:ActivationChannel",
"c:CommercialId",
"r:CurrentBranch",
"f:FlightingBranchName",
"c:IsCloudDomainJoined",
"c:IsDomainJoined",
"t:IsTestLab",
"OSVersion",
"c:SCCMClientID",
"c:TelemetryLevel"
],
"WOSC": [
"t:DeviceFamily",
"f:FlightRing",
"f:IsFlightingEnabled",
"t:IsMsftOwned",
"t:LocalDeviceID",
"t:OSSkuId",
"c:OSUILocale",
"t:OSVersionFull",
"c:TelemetryLevel",
"r:IsHybridOrXGpu",
"r:PlayFabPartyRelay"
],
"WPSHIFT": [
"+MTP"
],
"WU": [
"+WU_OS",
"r:DUInternal"
],
"_WU_AV": [
"r:AvastReg",
"r:AvastBlackScreen",
"v:AvastVer",
"r:AvgReg",
"v:AvgVer",
"r:EsetReg",
"v:EsetVer",
"r:KasperskyReg",
"v:KasperskyVer",
"v:SymantecVer",
"r:TencentReg",
"r:TencentType",
"r:AhnlabInstalledKey",
"r:AvastInstalledKey",
"r:AVGInstalledKey",
"r:AviraInstalledKey",
"r:BullguardInstalledKey",
"r:ESETInstalledKey",
"r:ESTSecurityInstalledKey",
"r:FSecureInstalledKey",
"v:GDataInstalledVer",
"r:K7InstalledKey",
"r:KasperskyInstalledKey",
"r:KingsoftInstalledKey",
"r:LenovoInstalledKey",
"r:MalwarebytesInstalledKey",
"r:McAfeeInstalledKey",
"r:PandaInstalledKey",
"r:QuickhealInstalledKey1",
"r:SophosInstalledKey1",
"r:SymantecInstalledKey",
"r:TencentInstalledKey",
"r:ThreatTrackInstalledKey",
"r:TrendInstalledKey",
"r:WebrootInstalledKey",
"v:K7InstalledVer"
],
"_WU_COMMON": [
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"r:DriverPartnerRing",
"r:FlightContent",
"f:FlightingBranchName",
"f:FlightRing",
"HoloLens",
"c:InstallationType",
"c:InstallLanguage",
"f:IsFlightingEnabled",
"r:IsFlightingEnabled",
"c:MobileOperatorCommercialized",
"OEMModel",
"OEMName_Uncleaned",
"r:OemPartnerRing",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:OSUILocale",
"c:ProcessorManufacturer",
"r:ReleaseType",
"v:SkypeRoomSystem",
"t:SMode",
"c:TelemetryLevel",
"r:WindowsMixedReality",
"v:WuClientVer",
"p:DucPublisherId",
"p:DucDeviceModelId",
"p:DucOemPartnerRing",
"p:DucCustomPackageId",
"p:DesiredOsVersion",
"p:DesiredSystemManifestVersion"
],
"_WU_FB": [
"u:BranchReadinessLevel",
"u:DeferQualityUpdatePeriodInDays",
"u:DeferFeatureUpdatePeriodInDays",
"r:PausedFeatureStatus",
"r:PausedQualityStatus",
"u:TargetReleaseVersion",
"r:QUDeadline",
"r:UpdatePreference",
"r:UpdateOfferedDays",
"u:TargetProductVersion"
],
"WU_OS": [
"+_WU_OS_CORE",
"+_WU_FB"
],
"_WU_OS_CORE": [
"+_WU_COMMON",
"+_WU_AV",
"r:AhnLabKeyboard",
"a:Bios",
"r:BlockFeatureUpdates",
"c:CommercialId",
"a:DataVer_RS5",
"r:DisconnectedStandby",
"r:DchuNvidiaGrfxExists",
"r:DchuNvidiaGrfxVen",
"r:DchuIntelGrfxExists",
"r:DchuIntelGrfxVen",
"r:DchuAmdGrfxExists",
"r:DchuAmdGrfxVen",
"c:FirmwareVersion",
"a:Free",
"a:GStatus_RS3",
"a:GStatus_RS4",
"a:GStatus_RS5",
"r:HidOverGattReg",
"r:InstallDate",
"c:IsDeviceRetailDemo",
"c:IsPortableOperatingSystem",
"IsVM",
"c:OEMModelBaseBoard",
"r:OobeSeeker",
"r:OSRollbackBuild",
"r:OSRollbackCount",
"r:OSRollbackDate",
"PhoneTargetingName",
"r:PonchAllow",
"r:PonchBlock",
"c:ProcessorIdentifier",
"r:RecoveredFromBuild",
"r:RecoveredOnDate",
"r:Steam",
"v:TobiiVer",
"v:TrendMicroVer",
"r:UninstallActive",
"l:UpdateManagementGroup",
"a:UpgEx_RS3",
"a:UpgEx_RS4",
"a:UpgEx_RS5",
"a:Version_RS5",
"r:DisableWUfBOfferBlock",
"a:UpgEx_19H1",
"a:SdbVer_19H1",
"a:GStatus_19H1",
"a:GStatus_19H1Setup",
"a:TimestampEpochString_19H1Setup",
"a:GenTelRunTimestamp_19H1",
"a:DataExpDateEpoch_19H1",
"u:EnableWUfBUpgradeGates",
"r:GStatusBlockIDs_All",
"TimestampDelta_19H1Subtract19H1Setup",
"DataExpDateDelta_19H1Subtract19H1Setup",
"a:DataExpDateEpoch_19H1Setup",
"a:TimestampEpochString_19H1",
"r:IsContainerMgrInstalled",
"r:IsWDAGEnabled",
"r:MTPTargetingInfo",
"r:EKB19H2InstallCount",
"r:EKB19H2UnInstallCount",
"r:EKB19H2InstallTimeEpoch",
"r:EKB19H2UnInstallTimeEpoch",
"r:BlockEdgeWithChromiumUpdate",
"r:IsWDATPEnabled",
"r:IsAutopilotRegistered",
"r:EdgeWithChromiumInstallVersion",
"r:EdgeWithChromiumInstallFailureCount",
"r:IsEdgeWithChromiumInstalled",
"r:KioskMode",
"c:IsCloudDomainJoined",
"c:IsDomainJoined",
"p:DSS_Enrolled",
"a:DataExpDateEpoch_20H1",
"a:DataExpDateEpoch_20H1Setup",
"a:GStatus_20H1",
"a:GStatus_20H1Setup",
"a:SdbVer_20H1",
"a:TimestampEpochString_20H1",
"a:TimestampEpochString_20H1Setup",
"DataExpDateDelta_20H1Subtract20H1Setup",
"TimestampDelta_20H1Subtract20H1Setup",
"a:UpgEx_20H1",
"r:AutopilotUpdateInProgress",
"r:UHSEnrolled",
"r:HotPatchEKBInstalled",
"r:LCUVer",
"c:isCommercial",
"c:ActivationChannel",
"c:IsMDMEnrolled",
"c:SCCMClientID",
"r:ChinaTypeApproval_CTA",
"p:DesiredOcpVersion",
"r:UpgradeEligible",
"r:AllowInPlaceUpgrade",
"r:SH_SIPolicyCleanup",
"r:FeatureUpdateDeadline",
"a:DataExpDateEpoch_21H1",
"a:UpgEx_CO21H2",
"a:GStatus_21H1",
"DataExpDateDelta_21H1Subtract20H1Setup",
"TimestampDelta_21H1Subtract20H1Setup",
"a:TimestampEpochString_21H1",
"r:OEMSubModel",
"c:ProcessorModel",
"c:TPMVersion",
"r:StayOnWindows10Timestamp",
"a:GStatus_CO21H2Setup",
"TimestampDelta_CO21H2SubtractCO21H2Setup",
"DataExpDateDelta_CO21H2SubtractCO21H2Setup",
"a:TimestampEpochString_CO21H2Setup",
"a:DataExpDateEpoch_CO21H2Setup",
"a:TimestampEpochString_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:GStatus_CO21H2",
"p:SetPolicyDrivenUpdateSourceForFeatureUpdates",
"r:DchuNvidiaGrfxVenTest",
"a:DataExpDateDelta_21H2Subtract20H1Setup",
"a:TimestampEpochString_21H2",
"a:TimestampDelta_21H2Subtract20H1Setup",
"a:GStatus_21H2",
"a:DataExpDateEpoch_21H2",
"r:DSS_Enrolled_DF",
"r:UpgradeAccepted",
"r:SetupDisplayedEulaVersion",
"c:ProcessorCores",
"c:ProcessorClockSpeed",
"c:TotalPhysicalRAM",
"c:SecureBootCapable",
"c:PrimaryDiskTotalCapacity",
"r:BitDefenderInstalledKey",
"r:BroadcomInstalledKey",
"v:CrowdStrikeInstalledVer",
"r:QihooInstalledKey",
"r:Win11UpgradeAcceptedTimestamp"
],
"_WU_PTI": [
"c:FrontFacingCameraResolution",
"c:RearFacingCameraResolution",
"c:TotalPhysicalRAM",
"c:NFCProximity",
"c:Magnetometer",
"c:Gyroscope",
"c:D3DMaxFeatureLevel",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical"
],
"WU_STORE": [
"+_WU_COMMON",
"r:AppChannels",
"r:AppRMIDs",
"u:BranchReadinessLevel"
]
},
"Required": [
"App",
"AppVer",
"AttrDataVer"
],
"Aliases": {
"AccountFirstChar": "c:MSA_Accounts",
"ChassisTypeId": "c:ChassisType",
"DataExpDateDelta_19H1Subtract19H1Setup":
"a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
"DataExpDateDelta_20H1Subtract20H1Setup":
"a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup",
"DataExpDateDelta_21H1Subtract20H1Setup":
"a:DataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup",
"DataExpDateDelta_CO21H2SubtractCO21H2Setup":
"a:DataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup",
"deviceClass": "t:DeviceFamily",
"deviceId": "t:LocalDeviceID",
"DeviceId": "t:LocalDeviceID",
"expId": "c:FlightIds",
"FlightRing": "f:FlightRing",
"FX_FlightIds": "c:FlightIds",
"IsVM": "a:ISVM",
"locale": "c:OSUILocale",
"ms": "t:IsMsftOwned",
"OEMModel": "c:OEMModelNumber",
"OEMName_Uncleaned": "c:OEMManufacturerName",
"osVer": "t:OSVersionFull",
"OSVersionFull": "t:OSVersionFull",
"PhoneTargetingName": "c:OEMModelName",
"ring": "f:FlightRing",
"sampleId": "t:PopVal",
"sku": "t:OSSkuId",
"TimestampDelta_19H1Subtract19H1Setup":
"a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup",
"TimestampDelta_20H1Subtract20H1Setup":
"a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup",
"TimestampDelta_21H1Subtract20H1Setup":
"a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup",
"TimestampDelta_CO21H2SubtractCO21H2Setup":
"a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup"
},
"Fallback": {
"r:AhnlabInstalledKey": "r:AhnlabInstalledWowKey",
"r:AvastBlackScreen": "r:AvgBlackScreen",
"r:AvastInstalledKey": "r:AvastInstalledWowKey",
"r:AVGInstalledKey": "r:AVGInstalledWowKey",
"r:AviraInstalledKey": "r:AviraInstalledWowKey",
"a:Bios": "a:Bios_RS3",
"a:Bios_RS3": "a:Bios_RS4",
"a:Bios_RS4": "a:Bios_RS5",
"r:BlockFeatureUpdates": "r:BlockWUUpgrades",
"r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
"r:BuildFID": "r:BuildFID_WCOS",
"r:BuildFID_WCOS": "r:BuildFID_WCOS2",
"r:BullguardInstalledKey": "v:BullguardInstalledVer",
"a:DataExpDateEpoch_CO21H2": "r:DataExpDateEpoch_CO21H2RegFb",
"r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
"r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
"r:DchuIntelGrfxDeletePending": "r:DchuIntelGrfxNExists",
"r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
"r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
"r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
"r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
"r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
"p:DSS_Enrolled": "r:DSS_EnrolledReg",
"r:EdgeWithChromiumInstallFailureCount":
"r:EdgeWithChromiumInstallFailureCountWow",
"r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
"u:EnableWUfBUpgradeGates": "r:EnableWUfBUpgradeGatesRS5",
"r:ESETInstalledKey": "r:ESETInstalledWowKey",
"r:ESTSecurityInstalledKey": "r:ESTSecurityInstalledWowKey",
"f:FlightingBranchName": "c:FlightingBranchName",
"a:Free": "a:Free_RS3",
"a:Free_RS3": "a:Free_RS4",
"a:Free_RS4": "a:Free_RS5",
"r:FSecureInstalledKey": "r:FSecureInstalledWowKey",
"a:GStatus_CO21H2": "r:GStatus_CO21H2RegFb",
"HoloLens": "r:WindowsMixedReality",
"r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
"a:ISVM": "a:ISVM_RS3",
"a:ISVM_RS3": "a:ISVM_RS4",
"a:ISVM_RS4": "a:ISVM_RS5",
"r:K7InstalledKey": "r:K7InstalledWowKey",
"r:KasperskyInstalledKey": "r:KasperskyInstalledWowKey",
"r:KingsoftInstalledKey": "r:KingsoftInstalledWowKey",
"r:LenovoInstalledKey": "r:LenovoInstalledWowKey",
"r:MalwarebytesInstalledKey": "r:MalwarebytesInstalledWowKey",
"r:McAfeeInstalledKey": "r:McAfeeInstalledWowKey",
"c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
"r:PandaInstalledKey": "r:PandaInstalledWowKey",
"r:PandaInstalledWowKey": "v:PandaInstalledVer",
"r:PonchAllow": "r:PonchAllowKey",
"r:PonchAllowKey": "r:PonchAllowWow",
"r:PonchAllowWow": "r:PonchAllowWowKey",
"r:QUDeadline": "r:QUDeadlineMDM",
"r:QuickhealInstalledKey1": "r:QuickhealInstalledKey2",
"r:SophosInstalledKey1": "r:SophosInstalledKey2",
"r:SymantecInstalledKey": "r:SymantecInstalledWowKey",
"v:SymantecVer": "v:SymantecVer64",
"u:TargetReleaseVersion": "r:TargetReleaseVersionGP",
"r:TargetReleaseVersionGP": "r:TargetReleaseVersionMDM",
"r:TencentInstalledKey": "r:TencentInstalledWowKey",
"r:ThreatTrackInstalledKey": "r:ThreatTrackInstalledWowKey",
"a:TimestampEpochString_CO21H2": "r:TimestampEpochString_CO21H2RegFb",
"v:TobiiVer": "v:TobiiVerx86",
"v:TobiiVerx86": "v:TobiiVer1x86",
"r:TrendInstalledKey": "r:TrendInstalledWowKey",
"r:TrendInstalledWowKey": "v:TrendInstalledVer",
"a:UpgEx_CO21H2": "r:UpgEx_CO21H2RegFb",
"r:UpgradeAccepted": "r:Win11UpgradeAcceptedWUSeeker",
"r:WebExperience": "r:WebExperienceWow",
"r:WebrootInstalledKey": "r:WebrootInstalledWowKey"
},
"Transform": {
"AccountFirstChar": {
"SubLength": 1
},
"FX_FlightIds": {
"Regex": "FX:[^,]*",
"RegexDelimiter": ","
},
"IsDomainJoined": {
"Ignore": [
"0"
]
},
"IsHybridOrXGpu": {
"Ignore": [
"0"
]
},
"IsMsftOwned": {
"Ignore": [
"0"
]
},
"IsPortableOperatingSystem": {
"Ignore": [
"0"
]
},
"IsTestLab": {
"Ignore": [
"0"
]
},
"IsVM": {
"Ignore": [
"0"
]
},
"OEMModel": {
"SubLength": 100
},
"OEMName_Uncleaned": {
"SubLength": 100
},
"PausedFeatureStatus": {
"Ignore": [
"0"
]
},
"PausedQualityStatus": {
"Ignore": [
"0"
]
},
"SMode": {
"Ignore": [
"0"
]
}
},
"Registry": {
"ActiveHoursEnd": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "ActiveHoursEnd",
"RegValueType": "REG_DWORD"
},
"ActiveHoursStart": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "ActiveHoursStart",
"RegValueType": "REG_DWORD"
},
"AhnlabInstalledKey": {
"FullPath": "SOFTWARE\\Ahnlab",
"IfExists": true
},
"AhnlabInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Ahnlab",
"IfExists": true
},
"AhnLabKeyboard": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
"ValueName": "NbTpMsExist"
},
"AllowInPlaceUpgrade": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "AllowInPlaceUpgrade",
"RegValueType": "REG_DWORD"
},
"AllowUpgradesWithUnsupportedTPMOrCPU": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "AllowUpgradesWithUnsupportedTPMOrCPU",
"RegValueType": "REG_DWORD"
},
"AndroidUserOptinValue": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\",
"ValueName": "OptedIn",
"RegValueType": "REG_DWORD"
},
"AppChannels": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ChannelId",
"EncodingType": "Json"
},
"AppRMIDs": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ReleaseManagementId",
"EncodingType": "Json"
},
"AutopilotUpdateInProgress": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate",
"ValueName": "AutopilotUpdateInProgress",
"RegValueType": "REG_DWORD"
},
"AvastBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AvastInstalledKey": {
"FullPath": "SOFTWARE\\Avast Software\\Avast",
"IfExists": true
},
"AvastInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Avast Software\\Avast",
"IfExists": true
},
"AvastReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AvgBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AVGInstalledKey": {
"FullPath": "SOFTWARE\\AVG\\Antivirus",
"IfExists": true
},
"AVGInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\AVG\\Antivirus",
"IfExists": true
},
"AvgReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AviraInstalledKey": {
"FullPath": "SOFTWARE\\X-AVCSD\\Workstation\\Antivirus",
"IfExists": true
},
"AviraInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus",
"IfExists": true
},
"BitDefenderInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}",
"IfExists": true
},
"BlockEdgeWithChromiumUpdate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "DoNotUpdateToEdgeWithChromium",
"RegValueType": "REG_DWORD"
},
"BlockFeatureUpdates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade",
"ValueName": "BlockFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgrades": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgradesWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BroadcomInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Symantec\\Symantec Endpoint Protection",
"IfExists": true
},
"BuildFID": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS2": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BullguardInstalledKey": {
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard",
"IfExists": true
},
"ChinaTypeApproval_CTA": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess",
"ValueName": "ActivePolicyCode",
"RegValueType": "REG_SZ"
},
"CurrentBranch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "BuildBranch",
"RegValueType": "REG_SZ"
},
"DataExpDateEpoch_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "DataExpDateEpoch",
"RegValueType": "REG_SZ"
},
"DaysSince19H1FUOffer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
"ValueName": "DaysSinceLastOffer",
"RegValueType": "REG_QWORD"
},
"DchuAmdGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"ValueName": "DriverDelete"
},
"DchuAmdGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"IfExists": true
},
"DchuAmdGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"ValueName": "DCHUVen"
},
"DchuAmdGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DriverDelete"
},
"DchuIntelGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"IfExists": true
},
"DchuIntelGrfxNExists": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfxn",
"IfExists": true
},
"DchuIntelGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DriverDelete"
},
"DchuNvidiaGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"IfExists": true
},
"DchuNvidiaGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVenTest": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVenTest",
"RegValueType": "REG_DWORD"
},
"DefaultUserRegion": {
"HKey": "HKEY_USERS",
"FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
"ValueName": "Nation",
"RegValueType": "REG_SZ"
},
"DisableWUfBOfferBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
"ValueName": "DisableWUfBOfferBlock",
"RegValueType": "REG_DWORD"
},
"DisconnectedStandby": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
"ValueName": "EnforceDisconnectedStandby",
"RegValueType": "REG_DWORD"
},
"DriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"DSS_Enrolled_DF": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\WindowsUpdate",
"ValueName": "WUfBDF",
"RegValueType": "REG_DWORD"
},
"DSS_EnrolledReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
"ValueName": "EnableWUfBCloud",
"RegValueType": "REG_DWORD"
},
"DUInternal": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "DynamicUpdateInternalTest",
"RegValueType": "REG_DWORD"
},
"EdgeWithChromiumInstallFailureCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallFailureCountWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EdgeWithChromiumInstallVersionWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EKB19H2InstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Count"
},
"EKB19H2InstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Timestamp"
},
"EKB19H2UnInstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Count"
},
"EKB19H2UnInstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Timestamp"
},
"EnableWUfBUpgradeGatesRS5": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows
NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
"ValueName": "DataRequireGatedScanForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"ESETInstalledKey": {
"FullPath": "SOFTWARE\\ESET\\ESET Security",
"IfExists": true
},
"ESETInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\ESET\\ESET Security",
"IfExists": true
},
"EsetReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
"ValueName": "WindowsCompatibilityLevel",
"RegValueType": "REG_DWORD"
},
"ESTSecurityInstalledKey": {
"FullPath": "SOFTWARE\\ESTsoft",
"IfExists": true
},
"ESTSecurityInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\ESTsoft",
"IfExists": true
},
"FeatureUpdateDeadline": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\",
"ValueName": "ConfigureDeadlineForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"FlightContent": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "ContentType",
"RegValueType": "REG_SZ"
},
"FSecureInstalledKey": {
"FullPath": "SOFTWARE\\F-Secure\\OneClient",
"IfExists": true
},
"FSecureInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\F-Secure\\OneClient",
"IfExists": true
},
"FSRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
"ValueName": "FSRing",
"RegValueType": "REG_SZ"
},
"GamingServicesInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\GamingServices",
"IfExists": true
},
"GridZoneName": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS",
"ValueName": "GridZoneName",
"RegValueType": "REG_SZ"
},
"GStatus_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "GStatus",
"RegValueType": "REG_SZ"
},
"GStatusBlockIDs_All": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
"ValueName": "SdbEntries",
"RegValueType": "REG_SZ"
},
"HidOverGattReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
"ValueName": "Source",
"RegValueType": "REG_SZ"
},
"HotPatchEKBInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64",
"IfExists": true
},
"InstallDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "InstallDate",
"RegValueType": "REG_DWORD"
},
"IntelPlatformId": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"ValueName": "Platform Specific Field 1",
"RegValueType": "REG_DWORD"
},
"IsAutopilotRegistered": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
"ValueName": "ProfileAvailable",
"RegValueType": "REG_DWORD"
},
"IsFlightingEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "IsBuildFlightingEnabled",
"RegValueType": "REG_DWORD"
},
"IsCHCapableBuild": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}",
"IfExists": true
},
"IsCldFltSyncRoots": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*",
"IfExists": true
},
"IsConfigMgrEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState",
"ValueName": "ConfigMgrEnabled",
"RegValueType": "REG_DWORD"
},
"IsContainerMgrInstalled": {
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\Containers\\CmService",
"IfExists": true
},
"IsEdgeWithChromiumInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsEdgeWithChromiumInstalledWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsFeedbackHubSelfhost": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost",
"IfExists": true
},
"IsHybridOrXGpu": {
"FullPath": "SOFTWARE\\Microsoft\\DirectX",
"ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
},
"IsWDAGEnabled": {
"FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
"IfExists": true
},
"IsWDATPEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat
Protection\\Status",
"ValueName": "OnboardingState"
},
"K7InstalledKey": {
"FullPath": "SOFTWARE\\K7 Computing",
"IfExists": true
},
"K7InstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\K7 Computing",
"IfExists": true
},
"KasperskyInstalledKey": {
"FullPath": "SOFTWARE\\KasperskyLab",
"IfExists": true
},
"KasperskyInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\KasperskyLab",
"IfExists": true
},
"KasperskyReg": {
"FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
"ValueName": "UseVtHardware"
},
"KingsoftInstalledKey": {
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet
Security",
"IfExists": true
},
"KingsoftInstalledWowKey": {
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft
Internet Security",
"IfExists": true
},
"KioskMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount",
"ValueName": "ConfigSource",
"RegValueType": "REG_DWORD"
},
"LCUVer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "LCUVer"
},
"LenovoInstalledKey": {
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
"IfExists": true
},
"LenovoInstalledWowKey": {
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
"IfExists": true
},
"MalwarebytesInstalledKey": {
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
"IfExists": true
},
"MalwarebytesInstalledWowKey": {
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
"IfExists": true
},
"McAfeeInstalledKey": {
"FullPath": "SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
"IfExists": true
},
"McAfeeInstalledWowKey": {
"FullPath":
"SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
"IfExists": true
},
"MTPTargetingInfo": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
"ValueName": "TargetRing"
},
"OEMMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM",
"ValueName": "OOBEMode",
"RegValueType": "REG_SZ"
},
"OEMModelBaseBoard": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "BaseBoardProduct",
"RegValueType": "REG_SZ"
},
"OemPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OEMSubModel": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "SystemSKU",
"RegValueType": "REG_SZ"
},
"OobeSeeker": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
"ValueName": "OOBEUpdateStarted"
},
"OSDataDriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OSRollbackBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
"ValueName": "BuildString",
"RegValueType": "REG_SZ"
},
"OSRollbackCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
"ValueName": "Count",
"RegValueType": "REG_DWORD"
},
"OSRollbackDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"PandaInstalledKey": {
"FullPath": "SOFTWARE\\Panda Software\\Setup",
"IfExists": true
},
"PandaInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Panda Software\\Setup",
"IfExists": true
},
"PausedFeatureStatus": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
"ValueName": "PausedFeatureStatus"
},
"PausedQualityStatus": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
"ValueName": "PausedQualityStatus"
},
"PlayFabPartyRelay": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PlayFabPartyRelay",
"IfExists": true
},
"PonchAllow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
"RegValueType": "REG_DWORD"
},
"PonchAllowKey": {
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchAllowWow": {
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
},
"PonchAllowWowKey": {
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
"RegValueType": "REG_DWORD"
},
"PreviewBuildsManagerEnabled": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
"ValueName": "ArePreviewBuildsAllowed"
},
"QihooInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity",
"IfExists": true
},
"QUDeadline": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
"ValueName": "ConfigureDeadlineForQualityUpdates",
"RegValueType": "REG_DWORD"
},
"QUDeadlineMDM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
"ValueName": "ConfigureDeadlineForQualityUpdates",
"RegValueType": "REG_DWORD"
},
"QuickhealInstalledKey1": {
"FullPath": "SYSTEM\\CurrentControlSet\\Servicescatflt",
"IfExists": true
},
"QuickhealInstalledKey2": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App
Paths\\scanner.exe",
"IfExists": true
},
"RecoveredFromBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "LastBuild",
"RegValueType": "REG_DWORD"
},
"RecoveredOnDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"ReleaseType": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\Update\\TargetingInfo",
"ValueName": "ReleaseType",
"RegValueType": "REG_SZ"
},
"SetupDisplayedEulaVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\",
"ValueName": "SetupDisplayedEulaVersion",
"RegValueType": "REG_DWORD"
},
"SH_SIPolicyCleanup": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PPI\\Settings",
"ValueName": "SIPolicyCleanup",
"RegValueType": "REG_DWORD"
},
"SmartActiveHoursState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "SmartActiveHoursState",
"RegValueType": "REG_DWORD"
},
"SophosInstalledKey1": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\SAVService",
"IfExists": true
},
"SophosInstalledKey2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc",
"IfExists": true
},
"StayOnWindows10Timestamp": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "SvOfferDeclined",
"RegValueType": "REG_QWORD"
},
"Steam": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Classes\\Steam",
"ValueName": "",
"RegValueType": "REG_SZ"
},
"StrictHiveSecurityReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows
NT\\CurrentVersion\\ProfileList\\*",
"ValueName": "StrictHiveSecuritySet"
},
"SymantecInstalledKey": {
"FullPath": "SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
"IfExists": true
},
"SymantecInstalledWowKey": {
"FullPath":
"SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
"IfExists": true
},
"TargetReleaseVersionGP": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
"ValueName": "TargetReleaseVersionInfo",
"RegValueType": "REG_SZ"
},
"TargetReleaseVersionMDM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
"ValueName": "TargetReleaseVersion",
"RegValueType": "REG_SZ"
},
"TencentInstalledKey": {
"FullPath": "SOFTWARE\\Tencent\\QQPCMgr",
"IfExists": true
},
"TencentInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr",
"IfExists": true
},
"TencentReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "LoadStartTime"
},
"TencentType": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "Type"
},
"ThreatTrackInstalledKey": {
"FullPath": "SOFTWARE\\SBAMSvc",
"IfExists": true
},
"ThreatTrackInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\SBAMSvc",
"IfExists": true
},
"TimestampEpochString_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "TimestampEpochString",
"RegValueType": "REG_SZ"
},
"TrendInstalledKey": {
"FullPath": "SOFTWARE\\TrendMicro",
"IfExists": true
},
"TrendInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\TrendMicro",
"IfExists": true
},
"UHSEnrolled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "UHSEnrolled",
"RegValueType": "REG_SZ",
"IfExists": true
},
"UninstallActive": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "System\\Setup",
"ValueName": "UninstallActive",
"RegValueType": "REG_DWORD"
},
"UpdateOfferedDays": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\",
"ValueName": "UpToDateDays",
"RegValueType": "REG_DWORD"
},
"UpdatePreference": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
"ValueName": "UpdatePreference",
"RegValueType": "REG_DWORD"
},
"UpgEx_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "UpgEx",
"RegValueType": "REG_SZ"
},
"UpgradeAccepted": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\",
"ValueName": "UpgradeAccepted",
"RegValueType": "REG_DWORD",
"IfExists": true
},
"UpgradeEligible": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "UpgradeEligible",
"RegValueType": "REG_DWORD"
},
"UsoScanMitigation": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator\\Mitigation\\",
"ValueName": "UsoScanNotStartingMitigationCompleted",
"RegValueType": "REG_DWORD",
"IfExists": true
},
"WebExperience": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"WebExperienceWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"WebrootInstalledKey": {
"FullPath": "SOFTWARE\\WRData",
"IfExists": true
},
"WebrootInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\WRData",
"IfExists": true
},
"Win11UpgradeAcceptedTimestamp": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "SvOfferAccepted",
"RegValueType": "REG_QWORD"
},
"Win11UpgradeAcceptedWUSeeker": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "SvOfferAccepted",
"RegValueType": "REG_QWORD",
"IfExists": true
},
"WindowsMixedReality": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
"ValueName": "WdfMajorVersion",
"RegValueType": "REG_DWORD"
},
"WSX_Runtime": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "ExperienceExtensions",
"RegValueType": "REG_SZ"
},
"WSX_Windows_Settings_Account": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.Settings.Account",
"RegValueType": "REG_SZ"
}
},
"FileInfo": {
"AvastVer": {
"Path": "\\system32\\Drivers\\aswVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"AvgVer": {
"Path": "\\system32\\Drivers\\avgVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"BullguardInstalledVer": {
"Path": "\\BullGuard Ltd\\BullGuard\\BullGuard.exe",
"IfExists": true,
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVer": {
"Path":
"\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVerTest": {
"Path":
"\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CrowdStrikeInstalledVer": {
"Path": "drivers\\CrowdStrike\\CSAgent.sys",
"IfExists": true,
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"EsetVer": {
"Path": "\\drivers\\ehdrv.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"GDataInstalledVer": {
"Path": "\\drivers\\MiniIcpt.sys",
"IfExists": true,
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"IsNotepadExePresent": {
"Path": "%windir%\\system32\\notepad.exe",
"IfExists": true
},
"K7InstalledVer": {
"Path": "\\K7 Computing",
"IfExists": true,
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"KasperskyVer": {
"Path": "\\system32\\Drivers\\klhk.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"PandaInstalledVer": {
"Path": "\\Panda Security",
"IfExists": true,
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"SkypeRoomSystem": {
"Path":
"%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
"IfExists": true
},
****** ROFL! Post is too long? Wow.... Cont'd next post. ****************
*******CONT'D********
"SymantecVer": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"SymantecVer64": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"TobiiVer": {
"Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TobiiVer1x86": {
"Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TobiiVerx86": {
"Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TrendInstalledVer": {
"Path": "\\Trend Micro\\Titanium\\plugin\\plugVizor.dll",
"IfExists": true,
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TrendMicroVer": {
"Path": "\\drivers\\TMUMH.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"WuClientVer": {
"Path": "\\system32\\wuaueng.dll",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
}
},
"Licensing": {
"UpdateManagementGroup": {
"Name": "UpdatePolicy-UpdateManagementGroup"
}
},
"UpdatePolicy": {
"BranchReadinessLevel": {
"PolicyEnum": 5,
"Enterprise": true
},
"BranchReadinessLevelSource": {
"PolicyEnum": 5,
"Enterprise": true,
"UseSource": true
},
"DeferFeatureUpdatePeriodInDays": {
"PolicyEnum": 9,
"Enterprise": true
},
"DeferQualityUpdatePeriodInDays": {
"PolicyEnum": 7,
"Enterprise": true
},
"DisableDualScan": {
"PolicyEnum": 42,
"Enterprise": true
},
"EnableWUfBUpgradeGates": {
"PolicyEnum": 51,
"Enterprise": true
},
"TargetProductVersion": {
"PolicyEnum": 53,
"Enterprise": true
},
"TargetReleaseVersion": {
"PolicyEnum": 50,
"Enterprise": true
},
"UpdateServiceUrl": {
"PolicyEnum": 12
}
},
"Policy": {
"DesiredOcpVersion": {
"LocUri":
"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"
},
"DesiredOsVersion": {
"LocUri":
"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"
},
"DesiredSystemManifestVersion": {
"LocUri":
"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"
},
"DSS_Enrolled": {
"Area": "Update",
"Name": "EnableWUfBCloud"
},
"DucCustomPackageId": {
"LocUri":
"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
},
"DucDeviceModelId": {
"LocUri":
"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
},
"DucOemPartnerRing": {
"LocUri":
"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
},
"DucPublisherId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
},
"SetPolicyDrivenUpdateSourceForFeatureUpdates": {
"LocUri":
"./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"
}
},
"WMI": {
"FirstStorageSpaceDeviceId": {
"Query": "SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft
Storage Space Device'",
"Name": "DeviceID",
"Timeout": 2000
}
}
}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributesVerified"="{
"Version": 170,
"SchemaVersion": 1,
"PartA": [
"App",
"AppVer",
"AttrDataVer"
],
"Default": [
"DeviceFamily",
"f:FlightRing",
"t:OSVersionFull"
],
"PartB": {
"ACSOVERRIDE": [
"OSArchitecture",
"c:IsAlwaysOnAlwaysConnectedCapable"
],
"CASSCLIENT": [
"OSVersion",
"c:OSEdition",
"f:FlightRing",
"c:OSUILocale",
"f:FlightingBranchName",
"r:OEMMode"
],
"CDM": [
"ChassisTypeId",
"r:CurrentBranch",
"DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"c:InstallLanguage",
"c:IsDomainJoined",
"t:IsTestLab",
"OEMModel",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:ProcessorIdentifier",
"c:TelemetryLevel",
"t:IsMsftOwned",
"t:WCOSProductId",
"c:OSUILocale",
"c:CommercialId",
"s:MinShellVersion",
"s:MaxShellVersion",
"c:ActivationChannel",
"c:SCCMClientId",
"c:IsCloudDomainJoined",
"r:WebExperience",
"FX_FlightIds",
"AccountFirstChar",
"r:WSX_Windows_Settings_Account",
"r:InstallDate",
"r:WSX_Runtime"
],
"COMPATLOGGER": [
"osVer",
"ring",
"deviceId"
],
"CONTENT_DELIVERY_MANAGER": [
"c:OSEdition",
"t:OSSkuId",
"c:OSUILocale",
"a:UpgEx_CO21H2",
"a:GStatus_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:TimestampEpochString_CO21H2",
"r:AndroidUserOptinValue",
"f:FlightingBranchName",
"f:FlightRing"
],
"CORTANA_GATEKEEPER": [
"r:CurrentBranch",
"f:FlightRing",
"f:IsRetailOS"
],
"CORTANAUWP": [
"c:OSUILocale",
"t:OSVersionFull",
"v:CortanaAppVer"
],
"CORTANAUWPTEST": [
"+CORTANAUWP",
"v:CortanaAppVerTest"
],
"CTAC": [
"+FSS"
],
"DDC": [
"+WU_STORE",
"+_WU_PTI"
],
"DXDB": [
"DeviceFamily",
"f:FlightRing",
"r:IsHybridOrXGpu",
"t:OSVersionFull",
"OSVersion"
],
"EDGE_SERVICEUI": [
"t:LocalDeviceID",
"t:LocalUserID"
],
"FCON": [
"+CDM"
],
"FSS": [
"r:PreviewBuildsManagerEnabled",
"f:BranchReadinessLevelRaw",
"u:BranchReadinessLevelSource",
"r:BuildFID",
"t:DeviceFamily",
"DeviceId",
"c:EnablePreviewBuilds",
"f:FlightingPolicyValue",
"f:IsRetailOS",
"f:ManagePreviewBuilds",
"OSVersionFull",
"t:WCOSProductId",
"r:SmartActiveHoursState",
"r:ActiveHoursStart",
"r:ActiveHoursEnd",
"r:IsCHCapableBuild",
"r:FSRing",
"s:MaxShellVersion",
"s:MinShellVersion",
"c:TPMVersion",
"c:SecureBootCapable",
"c:ProcessorClockSpeed",
"c:ProcessorCores",
"c:TotalPhysicalRAM",
"t:SMode",
"c:SystemVolumeTotalCapacity",
"c:OEMManufacturerName",
"c:OEMModelNumber",
"a:ISVM",
"r:AllowUpgradesWithUnsupportedTPMOrCPU",
"r:IntelPlatformId",
"r:IsConfigMgrEnabled"
],
"FXIRISCLIENT": [
"+IRISCLIENT"
],
"GS": [
"t:OSSkuId",
"t:OSVersionFull",
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"c:FlightIds",
"f:FlightingBranchName",
"f:FlightRing",
"c:IsCloudDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"c:OSUILocale",
"c:IsDomainJoined"
],
"IRISCLIENT": [
"DeviceFamily",
"OSVersion",
"t:OSSkuId",
"OSArchitecture",
"c:TelemetryLevel",
"f:FlightRing",
"f:FlightingBranchName",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical",
"t:IsMsftOwned",
"c:ChassisType",
"c:ProcessorIdentifier",
"OEMModel",
"c:OSUILocale",
"c:OSEdition",
"c:FlightIds",
"r:CurrentBranch",
"t:WCOSProductId",
"c:InstallationType",
"r:InstallDate",
"c:IsCloudDomainJoined",
"c:IsDeviceRetailDemo",
"f:IsRetailOS",
"c:ProcessorClockSpeed",
"c:ProcessorCores",
"c:ProcessorManufacturer",
"c:TotalPhysicalRAM",
"c:D3DMaxFeatureLevel",
"c:IsAlwaysOnAlwaysConnectedCapable",
"t:SMode",
"t:LocalUserID",
"r:AndroidUserOptinValue"
],
"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
"t:OSVersionFull",
"t:IsTestLab",
"f:FlightRing"
],
"MITIGATION": [
"t:DeviceFamily",
"f:FlightRing",
"c:FlightIds",
"c:IsDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"t:IsTestLab",
"IsVM",
"OEMModel",
"c:OSEdition",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"t:SMode",
"f:IsFlightingEnabled",
"c:FirmwareVersion",
"c:TelemetryLevel",
"f:FlightingBranchName",
"r:CurrentBranch",
"OSVersion",
"w:FirstStorageSpaceDeviceId",
"r:IsCldFltSyncRoots",
"c:OSInstallType",
"v:IsNotepadExePresent",
"r:StrictHiveSecurityReg",
"a:GatedBlockId_21H1",
"r:UpdateOfferedDays",
"r:UsoScanMitigation",
"r:GamingServicesInstalledKey"
],
"MLMOD": [
"ChassisTypeId",
"t:DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"f:IsRetailOS",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"OSVersion",
"c:TelemetryLevel",
"r:CurrentBranch",
"t:IsTestLab",
"c:PrimaryDiskType"
],
"MTP": [
"+_WU_OS_CORE"
],
"MUSE": [
"+_WU_FB",
"ChassisTypeId",
"deviceClass",
"deviceId",
"c:FlightIds",
"locale",
"ms",
"os",
"osVer",
"ring",
"sampleId",
"sku",
"r:DaysSince19H1FUOffer",
"u:DisableDualScan",
"u:UpdateServiceUrl",
"c:CommercialId",
"f:FlightingBranchName",
"c:SystemVolumeTotalCapacity",
"c:IsAlwaysOnAlwaysConnectedCapable",
"c:ProcessorCores",
"c:PrimaryDiskType",
"c:TotalPhysicalRAM",
"c:ProcessorClockSpeed",
"c:ProcessorIdentifier",
"c:ProcessorModel",
"c:ActivationChannel",
"c:IsCloudDomainJoined",
"c:isCommercial",
"c:IsDomainJoined",
"c:IsMDMEnrolled",
"c:SCCMClientID",
"r:OEMSubModel",
"c:OEMModelNumber",
"c:OEMManufacturerName",
"r:OobeSeeker",
"r:DefaultUserRegion"
],
"NOISYHAMMER": [
"+WU_OS"
],
"PHS": [
"r:GridZoneName"
],
"SEDIMENTPACK": [
"+WU_OS"
],
"SERVICEEXPERIENCES": [
"f:FlightingBranchName",
"f:FlightRing",
"s:MaxShellVersion",
"s:MinShellVersion",
"t:IsTestLab",
"c:TelemetryLevel",
"t:OSSkuId",
"r:CurrentBranch",
"OSVersion",
"DeviceFamily",
"r:WSX_Windows_Settings_Account",
"c:FlightIds",
"r:WSX_Runtime"
],
"SERVICING_CBS": [
"+WU",
"osVer"
],
"SETUP360": [
"t:OSSkuId",
"f:FlightRing"
],
"STORAGEGROVELER": [
"a:Free",
"c:TelemetryLevel",
"f:FlightRing",
"f:IsFlightingEnabled",
"IsVM",
"t:OSVersionFull"
],
"UTC": [
"+UTC_STATIC",
"osVer",
"locale",
"ring",
"f:PilotRing",
"f:IsRetailOS",
"ms",
"expId",
"t:SMode",
"f:FlightingBranchName",
"c:CommercialId",
"r:IsFeedbackHubSelfhost",
"c:AzureVMType"
],
"UTC_STATIC": [
"os",
"deviceId",
"sampleId",
"deviceClass",
"sku",
"OEMModel",
"OEMName_Uncleaned",
"c:PrimaryDiskType",
"c:ProcessorModel",
"c:TotalPhysicalRAM"
],
"UUS": [
"OSVersion",
"f:FlightRing",
"t:IsTestLab",
"t:OSVersionFull",
"f:FlightingBranchName",
"r:CurrentBranch",
"f:IsFlightingEnabled"
],
"WAASASSESSMENT": [
"+WU_OS"
],
"WAASMEDIC": [
"os",
"osVer",
"ring",
"deviceClass",
"deviceId",
"locale",
"sku",
"c:ActivationChannel",
"c:CommercialId",
"r:CurrentBranch",
"f:FlightingBranchName",
"c:IsCloudDomainJoined",
"c:IsDomainJoined",
"t:IsTestLab",
"OSVersion",
"c:SCCMClientID",
"c:TelemetryLevel"
],
"WOSC": [
"t:DeviceFamily",
"f:FlightRing",
"f:IsFlightingEnabled",
"t:IsMsftOwned",
"t:LocalDeviceID",
"t:OSSkuId",
"c:OSUILocale",
"t:OSVersionFull",
"c:TelemetryLevel",
"r:IsHybridOrXGpu",
"r:PlayFabPartyRelay"
],
"WPSHIFT": [
"+MTP"
],
"WU": [
"+WU_OS",
"r:DUInternal"
],
"_WU_AV": [
"r:AvastReg",
"r:AvastBlackScreen",
"v:AvastVer",
"r:AvgReg",
"v:AvgVer",
"r:EsetReg",
"v:EsetVer",
"r:KasperskyReg",
"v:KasperskyVer",
"v:SymantecVer",
"r:TencentReg",
"r:TencentType",
"r:AhnlabInstalledKey",
"r:AvastInstalledKey",
"r:AVGInstalledKey",
"r:AviraInstalledKey",
"r:BullguardInstalledKey",
"r:ESETInstalledKey",
"r:ESTSecurityInstalledKey",
"r:FSecureInstalledKey",
"v:GDataInstalledVer",
"r:K7InstalledKey",
"r:KasperskyInstalledKey",
"r:KingsoftInstalledKey",
"r:LenovoInstalledKey",
"r:MalwarebytesInstalledKey",
"r:McAfeeInstalledKey",
"r:PandaInstalledKey",
"r:QuickhealInstalledKey1",
"r:SophosInstalledKey1",
"r:SymantecInstalledKey",
"r:TencentInstalledKey",
"r:ThreatTrackInstalledKey",
"r:TrendInstalledKey",
"r:WebrootInstalledKey",
"v:K7InstalledVer"
],
"_WU_COMMON": [
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"r:DriverPartnerRing",
"r:FlightContent",
"f:FlightingBranchName",
"f:FlightRing",
"HoloLens",
"c:InstallationType",
"c:InstallLanguage",
"f:IsFlightingEnabled",
"r:IsFlightingEnabled",
"c:MobileOperatorCommercialized",
"OEMModel",
"OEMName_Uncleaned",
"r:OemPartnerRing",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:OSUILocale",
"c:ProcessorManufacturer",
"r:ReleaseType",
"v:SkypeRoomSystem",
"t:SMode",
"c:TelemetryLevel",
"r:WindowsMixedReality",
"v:WuClientVer",
"p:DucPublisherId",
"p:DucDeviceModelId",
"p:DucOemPartnerRing",
"p:DucCustomPackageId",
"p:DesiredOsVersion",
"p:DesiredSystemManifestVersion"
],
"_WU_FB": [
"u:BranchReadinessLevel",
"u:DeferQualityUpdatePeriodInDays",
"u:DeferFeatureUpdatePeriodInDays",
"r:PausedFeatureStatus",
"r:PausedQualityStatus",
"u:TargetReleaseVersion",
"r:QUDeadline",
"r:UpdatePreference",
"r:UpdateOfferedDays",
"u:TargetProductVersion"
],
"WU_OS": [
"+_WU_OS_CORE",
"+_WU_FB"
],
"_WU_OS_CORE": [
"+_WU_COMMON",
"+_WU_AV",
"r:AhnLabKeyboard",
"a:Bios",
"r:BlockFeatureUpdates",
"c:CommercialId",
"a:DataVer_RS5",
"r:DisconnectedStandby",
"r:DchuNvidiaGrfxExists",
"r:DchuNvidiaGrfxVen",
"r:DchuIntelGrfxExists",
"r:DchuIntelGrfxVen",
"r:DchuAmdGrfxExists",
"r:DchuAmdGrfxVen",
"c:FirmwareVersion",
"a:Free",
"a:GStatus_RS3",
"a:GStatus_RS4",
"a:GStatus_RS5",
"r:HidOverGattReg",
"r:InstallDate",
"c:IsDeviceRetailDemo",
"c:IsPortableOperatingSystem",
"IsVM",
"c:OEMModelBaseBoard",
"r:OobeSeeker",
"r:OSRollbackBuild",
"r:OSRollbackCount",
"r:OSRollbackDate",
"PhoneTargetingName",
"r:PonchAllow",
"r:PonchBlock",
"c:ProcessorIdentifier",
"r:RecoveredFromBuild",
"r:RecoveredOnDate",
"r:Steam",
"v:TobiiVer",
"v:TrendMicroVer",
"r:UninstallActive",
"l:UpdateManagementGroup",
"a:UpgEx_RS3",
"a:UpgEx_RS4",
"a:UpgEx_RS5",
"a:Version_RS5",
"r:DisableWUfBOfferBlock",
"a:UpgEx_19H1",
"a:SdbVer_19H1",
"a:GStatus_19H1",
"a:GStatus_19H1Setup",
"a:TimestampEpochString_19H1Setup",
"a:GenTelRunTimestamp_19H1",
"a:DataExpDateEpoch_19H1",
"u:EnableWUfBUpgradeGates",
"r:GStatusBlockIDs_All",
"TimestampDelta_19H1Subtract19H1Setup",
"DataExpDateDelta_19H1Subtract19H1Setup",
"a:DataExpDateEpoch_19H1Setup",
"a:TimestampEpochString_19H1",
"r:IsContainerMgrInstalled",
"r:IsWDAGEnabled",
"r:MTPTargetingInfo",
"r:EKB19H2InstallCount",
"r:EKB19H2UnInstallCount",
"r:EKB19H2InstallTimeEpoch",
"r:EKB19H2UnInstallTimeEpoch",
"r:BlockEdgeWithChromiumUpdate",
"r:IsWDATPEnabled",
"r:IsAutopilotRegistered",
"r:EdgeWithChromiumInstallVersion",
"r:EdgeWithChromiumInstallFailureCount",
"r:IsEdgeWithChromiumInstalled",
"r:KioskMode",
"c:IsCloudDomainJoined",
"c:IsDomainJoined",
"p:DSS_Enrolled",
"a:DataExpDateEpoch_20H1",
"a:DataExpDateEpoch_20H1Setup",
"a:GStatus_20H1",
"a:GStatus_20H1Setup",
"a:SdbVer_20H1",
"a:TimestampEpochString_20H1",
"a:TimestampEpochString_20H1Setup",
"DataExpDateDelta_20H1Subtract20H1Setup",
"TimestampDelta_20H1Subtract20H1Setup",
"a:UpgEx_20H1",
"r:AutopilotUpdateInProgress",
"r:UHSEnrolled",
"r:HotPatchEKBInstalled",
"r:LCUVer",
"c:isCommercial",
"c:ActivationChannel",
"c:IsMDMEnrolled",
"c:SCCMClientID",
"r:ChinaTypeApproval_CTA",
"p:DesiredOcpVersion",
"r:UpgradeEligible",
"r:AllowInPlaceUpgrade",
"r:SH_SIPolicyCleanup",
"r:FeatureUpdateDeadline",
"a:DataExpDateEpoch_21H1",
"a:UpgEx_CO21H2",
"a:GStatus_21H1",
"DataExpDateDelta_21H1Subtract20H1Setup",
"TimestampDelta_21H1Subtract20H1Setup",
"a:TimestampEpochString_21H1",
"r:OEMSubModel",
"c:ProcessorModel",
"c:TPMVersion",
"r:StayOnWindows10Timestamp",
"a:GStatus_CO21H2Setup",
"TimestampDelta_CO21H2SubtractCO21H2Setup",
"DataExpDateDelta_CO21H2SubtractCO21H2Setup",
"a:TimestampEpochString_CO21H2Setup",
"a:DataExpDateEpoch_CO21H2Setup",
"a:TimestampEpochString_CO21H2",
"a:DataExpDateEpoch_CO21H2",
"a:GStatus_CO21H2",
"p:SetPolicyDrivenUpdateSourceForFeatureUpdates",
"r:DchuNvidiaGrfxVenTest",
"a:DataExpDateDelta_21H2Subtract20H1Setup",
"a:TimestampEpochString_21H2",
"a:TimestampDelta_21H2Subtract20H1Setup",
"a:GStatus_21H2",
"a:DataExpDateEpoch_21H2",
"r:DSS_Enrolled_DF",
"r:UpgradeAccepted",
"r:SetupDisplayedEulaVersion",
"c:ProcessorCores",
"c:ProcessorClockSpeed",
"c:TotalPhysicalRAM",
"c:SecureBootCapable",
"c:PrimaryDiskTotalCapacity",
"r:BitDefenderInstalledKey",
"r:BroadcomInstalledKey",
"v:CrowdStrikeInstalledVer",
"r:QihooInstalledKey",
"r:Win11UpgradeAcceptedTimestamp"
],
"_WU_PTI": [
"c:FrontFacingCameraResolution",
"c:RearFacingCameraResolution",
"c:TotalPhysicalRAM",
"c:NFCProximity",
"c:Magnetometer",
"c:Gyroscope",
"c:D3DMaxFeatureLevel",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical"
],
"WU_STORE": [
"+_WU_COMMON",
"r:AppChannels",
"r:AppRMIDs",
"u:BranchReadinessLevel"
]
},
"Required": [
"App",
"AppVer",
"AttrDataVer"
],
"Aliases": {
"AccountFirstChar": "c:MSA_Accounts",
"ChassisTypeId": "c:ChassisType",
"DataExpDateDelta_19H1Subtract19H1Setup":
"a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
"DataExpDateDelta_20H1Subtract20H1Setup":
"a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup",
"DataExpDateDelta_21H1Subtract20H1Setup":
"a:DataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup",
"DataExpDateDelta_CO21H2SubtractCO21H2Setup":
"a:DataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup",
"deviceClass": "t:DeviceFamily",
"deviceId": "t:LocalDeviceID",
"DeviceId": "t:LocalDeviceID",
"expId": "c:FlightIds",
"FlightRing": "f:FlightRing",
"FX_FlightIds": "c:FlightIds",
"IsVM": "a:ISVM",
"locale": "c:OSUILocale",
"ms": "t:IsMsftOwned",
"OEMModel": "c:OEMModelNumber",
"OEMName_Uncleaned": "c:OEMManufacturerName",
"osVer": "t:OSVersionFull",
"OSVersionFull": "t:OSVersionFull",
"PhoneTargetingName": "c:OEMModelName",
"ring": "f:FlightRing",
"sampleId": "t:PopVal",
"sku": "t:OSSkuId",
"TimestampDelta_19H1Subtract19H1Setup":
"a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup",
"TimestampDelta_20H1Subtract20H1Setup":
"a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup",
"TimestampDelta_21H1Subtract20H1Setup":
"a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup",
"TimestampDelta_CO21H2SubtractCO21H2Setup":
"a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup"
},
"Fallback": {
"r:AhnlabInstalledKey": "r:AhnlabInstalledWowKey",
"r:AvastBlackScreen": "r:AvgBlackScreen",
"r:AvastInstalledKey": "r:AvastInstalledWowKey",
"r:AVGInstalledKey": "r:AVGInstalledWowKey",
"r:AviraInstalledKey": "r:AviraInstalledWowKey",
"a:Bios": "a:Bios_RS3",
"a:Bios_RS3": "a:Bios_RS4",
"a:Bios_RS4": "a:Bios_RS5",
"r:BlockFeatureUpdates": "r:BlockWUUpgrades",
"r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
"r:BuildFID": "r:BuildFID_WCOS",
"r:BuildFID_WCOS": "r:BuildFID_WCOS2",
"r:BullguardInstalledKey": "v:BullguardInstalledVer",
"a:DataExpDateEpoch_CO21H2": "r:DataExpDateEpoch_CO21H2RegFb",
"r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
"r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
"r:DchuIntelGrfxDeletePending": "r:DchuIntelGrfxNExists",
"r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
"r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
"r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
"r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
"r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
"p:DSS_Enrolled": "r:DSS_EnrolledReg",
"r:EdgeWithChromiumInstallFailureCount":
"r:EdgeWithChromiumInstallFailureCountWow",
"r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
"u:EnableWUfBUpgradeGates": "r:EnableWUfBUpgradeGatesRS5",
"r:ESETInstalledKey": "r:ESETInstalledWowKey",
"r:ESTSecurityInstalledKey": "r:ESTSecurityInstalledWowKey",
"f:FlightingBranchName": "c:FlightingBranchName",
"a:Free": "a:Free_RS3",
"a:Free_RS3": "a:Free_RS4",
"a:Free_RS4": "a:Free_RS5",
"r:FSecureInstalledKey": "r:FSecureInstalledWowKey",
"a:GStatus_CO21H2": "r:GStatus_CO21H2RegFb",
"HoloLens": "r:WindowsMixedReality",
"r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
"a:ISVM": "a:ISVM_RS3",
"a:ISVM_RS3": "a:ISVM_RS4",
"a:ISVM_RS4": "a:ISVM_RS5",
"r:K7InstalledKey": "r:K7InstalledWowKey",
"r:KasperskyInstalledKey": "r:KasperskyInstalledWowKey",
"r:KingsoftInstalledKey": "r:KingsoftInstalledWowKey",
"r:LenovoInstalledKey": "r:LenovoInstalledWowKey",
"r:MalwarebytesInstalledKey": "r:MalwarebytesInstalledWowKey",
"r:McAfeeInstalledKey": "r:McAfeeInstalledWowKey",
"c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
"r:PandaInstalledKey": "r:PandaInstalledWowKey",
"r:PandaInstalledWowKey": "v:PandaInstalledVer",
"r:PonchAllow": "r:PonchAllowKey",
"r:PonchAllowKey": "r:PonchAllowWow",
"r:PonchAllowWow": "r:PonchAllowWowKey",
"r:QUDeadline": "r:QUDeadlineMDM",
"r:QuickhealInstalledKey1": "r:QuickhealInstalledKey2",
"r:SophosInstalledKey1": "r:SophosInstalledKey2",
"r:SymantecInstalledKey": "r:SymantecInstalledWowKey",
"v:SymantecVer": "v:SymantecVer64",
"u:TargetReleaseVersion": "r:TargetReleaseVersionGP",
"r:TargetReleaseVersionGP": "r:TargetReleaseVersionMDM",
"r:TencentInstalledKey": "r:TencentInstalledWowKey",
"r:ThreatTrackInstalledKey": "r:ThreatTrackInstalledWowKey",
"a:TimestampEpochString_CO21H2": "r:TimestampEpochString_CO21H2RegFb",
"v:TobiiVer": "v:TobiiVerx86",
"v:TobiiVerx86": "v:TobiiVer1x86",
"r:TrendInstalledKey": "r:TrendInstalledWowKey",
"r:TrendInstalledWowKey": "v:TrendInstalledVer",
"a:UpgEx_CO21H2": "r:UpgEx_CO21H2RegFb",
"r:UpgradeAccepted": "r:Win11UpgradeAcceptedWUSeeker",
"r:WebExperience": "r:WebExperienceWow",
"r:WebrootInstalledKey": "r:WebrootInstalledWowKey"
},
"Transform": {
"AccountFirstChar": {
"SubLength": 1
},
"FX_FlightIds": {
"Regex": "FX:[^,]*",
"RegexDelimiter": ","
},
"IsDomainJoined": {
"Ignore": [
"0"
]
},
"IsHybridOrXGpu": {
"Ignore": [
"0"
]
},
"IsMsftOwned": {
"Ignore": [
"0"
]
},
"IsPortableOperatingSystem": {
"Ignore": [
"0"
]
},
"IsTestLab": {
"Ignore": [
"0"
]
},
"IsVM": {
"Ignore": [
"0"
]
},
"OEMModel": {
"SubLength": 100
},
"OEMName_Uncleaned": {
"SubLength": 100
},
"PausedFeatureStatus": {
"Ignore": [
"0"
]
},
"PausedQualityStatus": {
"Ignore": [
"0"
]
},
"SMode": {
"Ignore": [
"0"
]
}
},
"Registry": {
"ActiveHoursEnd": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "ActiveHoursEnd",
"RegValueType": "REG_DWORD"
},
"ActiveHoursStart": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "ActiveHoursStart",
"RegValueType": "REG_DWORD"
},
"AhnlabInstalledKey": {
"FullPath": "SOFTWARE\\Ahnlab",
"IfExists": true
},
"AhnlabInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Ahnlab",
"IfExists": true
},
"AhnLabKeyboard": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
"ValueName": "NbTpMsExist"
},
"AllowInPlaceUpgrade": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "AllowInPlaceUpgrade",
"RegValueType": "REG_DWORD"
},
"AllowUpgradesWithUnsupportedTPMOrCPU": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "AllowUpgradesWithUnsupportedTPMOrCPU",
"RegValueType": "REG_DWORD"
},
"AndroidUserOptinValue": {
"HKey": "HKEY_CURRENT_USER",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\",
"ValueName": "OptedIn",
"RegValueType": "REG_DWORD"
},
"AppChannels": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ChannelId",
"EncodingType": "Json"
},
"AppRMIDs": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ReleaseManagementId",
"EncodingType": "Json"
},
"AutopilotUpdateInProgress": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate",
"ValueName": "AutopilotUpdateInProgress",
"RegValueType": "REG_DWORD"
},
"AvastBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AvastInstalledKey": {
"FullPath": "SOFTWARE\\Avast Software\\Avast",
"IfExists": true
},
"AvastInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Avast Software\\Avast",
"IfExists": true
},
"AvastReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AvgBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AVGInstalledKey": {
"FullPath": "SOFTWARE\\AVG\\Antivirus",
"IfExists": true
},
"AVGInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\AVG\\Antivirus",
"IfExists": true
},
"AvgReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AviraInstalledKey": {
"FullPath": "SOFTWARE\\X-AVCSD\\Workstation\\Antivirus",
"IfExists": true
},
"AviraInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus",
"IfExists": true
},
"BitDefenderInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}",
"IfExists": true
},
"BlockEdgeWithChromiumUpdate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "DoNotUpdateToEdgeWithChromium",
"RegValueType": "REG_DWORD"
},
"BlockFeatureUpdates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade",
"ValueName": "BlockFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgrades": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgradesWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BroadcomInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Symantec\\Symantec Endpoint Protection",
"IfExists": true
},
"BuildFID": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS2": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BullguardInstalledKey": {
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard",
"IfExists": true
},
"ChinaTypeApproval_CTA": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess",
"ValueName": "ActivePolicyCode",
"RegValueType": "REG_SZ"
},
"CurrentBranch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "BuildBranch",
"RegValueType": "REG_SZ"
},
"DataExpDateEpoch_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "DataExpDateEpoch",
"RegValueType": "REG_SZ"
},
"DaysSince19H1FUOffer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
"ValueName": "DaysSinceLastOffer",
"RegValueType": "REG_QWORD"
},
"DchuAmdGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"ValueName": "DriverDelete"
},
"DchuAmdGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"IfExists": true
},
"DchuAmdGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
"ValueName": "DCHUVen"
},
"DchuAmdGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DriverDelete"
},
"DchuIntelGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"IfExists": true
},
"DchuIntelGrfxNExists": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfxn",
"IfExists": true
},
"DchuIntelGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DriverDelete"
},
"DchuNvidiaGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"IfExists": true
},
"DchuNvidiaGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVenTest": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVenTest",
"RegValueType": "REG_DWORD"
},
"DefaultUserRegion": {
"HKey": "HKEY_USERS",
"FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
"ValueName": "Nation",
"RegValueType": "REG_SZ"
},
"DisableWUfBOfferBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
"ValueName": "DisableWUfBOfferBlock",
"RegValueType": "REG_DWORD"
},
"DisconnectedStandby": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
"ValueName": "EnforceDisconnectedStandby",
"RegValueType": "REG_DWORD"
},
"DriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"DSS_Enrolled_DF": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\WindowsUpdate",
"ValueName": "WUfBDF",
"RegValueType": "REG_DWORD"
},
"DSS_EnrolledReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
"ValueName": "EnableWUfBCloud",
"RegValueType": "REG_DWORD"
},
"DUInternal": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "DynamicUpdateInternalTest",
"RegValueType": "REG_DWORD"
},
"EdgeWithChromiumInstallFailureCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallFailureCountWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EdgeWithChromiumInstallVersionWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EKB19H2InstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Count"
},
"EKB19H2InstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Timestamp"
},
"EKB19H2UnInstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Count"
},
"EKB19H2UnInstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Timestamp"
},
"EnableWUfBUpgradeGatesRS5": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows
NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
"ValueName": "DataRequireGatedScanForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"ESETInstalledKey": {
"FullPath": "SOFTWARE\\ESET\\ESET Security",
"IfExists": true
},
"ESETInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\ESET\\ESET Security",
"IfExists": true
},
"EsetReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
"ValueName": "WindowsCompatibilityLevel",
"RegValueType": "REG_DWORD"
},
"ESTSecurityInstalledKey": {
"FullPath": "SOFTWARE\\ESTsoft",
"IfExists": true
},
"ESTSecurityInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\ESTsoft",
"IfExists": true
},
"FeatureUpdateDeadline": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\",
"ValueName": "ConfigureDeadlineForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"FlightContent": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "ContentType",
"RegValueType": "REG_SZ"
},
"FSecureInstalledKey": {
"FullPath": "SOFTWARE\\F-Secure\\OneClient",
"IfExists": true
},
"FSecureInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\F-Secure\\OneClient",
"IfExists": true
},
"FSRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
"ValueName": "FSRing",
"RegValueType": "REG_SZ"
},
"GamingServicesInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\GamingServices",
"IfExists": true
},
"GridZoneName": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS",
"ValueName": "GridZoneName",
"RegValueType": "REG_SZ"
},
"GStatus_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "GStatus",
"RegValueType": "REG_SZ"
},
"GStatusBlockIDs_All": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
"ValueName": "SdbEntries",
"RegValueType": "REG_SZ"
},
"HidOverGattReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
"ValueName": "Source",
"RegValueType": "REG_SZ"
},
"HotPatchEKBInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64",
"IfExists": true
},
"InstallDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "InstallDate",
"RegValueType": "REG_DWORD"
},
"IntelPlatformId": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"ValueName": "Platform Specific Field 1",
"RegValueType": "REG_DWORD"
},
"IsAutopilotRegistered": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
"ValueName": "ProfileAvailable",
"RegValueType": "REG_DWORD"
},
"IsFlightingEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "IsBuildFlightingEnabled",
"RegValueType": "REG_DWORD"
},
"IsCHCapableBuild": {
"HKey": "HKEY_CLASSES_ROOT",
"FullPath": "CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}",
"IfExists": true
},
"IsCldFltSyncRoots": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*",
"IfExists": true
},
"IsConfigMgrEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState",
"ValueName": "ConfigMgrEnabled",
"RegValueType": "REG_DWORD"
},
"IsContainerMgrInstalled": {
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\Containers\\CmService",
"IfExists": true
},
"IsEdgeWithChromiumInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsEdgeWithChromiumInstalledWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsFeedbackHubSelfhost": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost",
"IfExists": true
},
"IsHybridOrXGpu": {
"FullPath": "SOFTWARE\\Microsoft\\DirectX",
"ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
},
"IsWDAGEnabled": {
"FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
"IfExists": true
},
"IsWDATPEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat
Protection\\Status",
"ValueName": "OnboardingState"
},
"K7InstalledKey": {
"FullPath": "SOFTWARE\\K7 Computing",
"IfExists": true
},
"K7InstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\K7 Computing",
"IfExists": true
},
"KasperskyInstalledKey": {
"FullPath": "SOFTWARE\\KasperskyLab",
"IfExists": true
},
"KasperskyInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\KasperskyLab",
"IfExists": true
},
"KasperskyReg": {
"FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
"ValueName": "UseVtHardware"
},
"KingsoftInstalledKey": {
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet
Security",
"IfExists": true
},
"KingsoftInstalledWowKey": {
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft
Internet Security",
"IfExists": true
},
"KioskMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount",
"ValueName": "ConfigSource",
"RegValueType": "REG_DWORD"
},
"LCUVer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "LCUVer"
},
"LenovoInstalledKey": {
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
"IfExists": true
},
"LenovoInstalledWowKey": {
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
"IfExists": true
},
"MalwarebytesInstalledKey": {
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
"IfExists": true
},
"MalwarebytesInstalledWowKey": {
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
"IfExists": true
},
"McAfeeInstalledKey": {
"FullPath": "SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
"IfExists": true
},
"McAfeeInstalledWowKey": {
"FullPath":
"SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
"IfExists": true
},
"MTPTargetingInfo": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
"ValueName": "TargetRing"
},
"OEMMode": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM",
"ValueName": "OOBEMode",
"RegValueType": "REG_SZ"
},
"OEMModelBaseBoard": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "BaseBoardProduct",
"RegValueType": "REG_SZ"
},
"OemPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OEMSubModel": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "SystemSKU",
"RegValueType": "REG_SZ"
},
"OobeSeeker": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
"ValueName": "OOBEUpdateStarted"
},
"OSDataDriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OSRollbackBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
"ValueName": "BuildString",
"RegValueType": "REG_SZ"
},
"OSRollbackCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
"ValueName": "Count",
"RegValueType": "REG_DWORD"
},
"OSRollbackDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"PandaInstalledKey": {
"FullPath": "SOFTWARE\\Panda Software\\Setup",
"IfExists": true
},
"PandaInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Panda Software\\Setup",
"IfExists": true
},
"PausedFeatureStatus": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
"ValueName": "PausedFeatureStatus"
},
"PausedQualityStatus": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
"ValueName": "PausedQualityStatus"
},
"PlayFabPartyRelay": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PlayFabPartyRelay",
"IfExists": true
},
"PonchAllow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
"RegValueType": "REG_DWORD"
},
"PonchAllowKey": {
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchAllowWow": {
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
},
"PonchAllowWowKey": {
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
"RegValueType": "REG_DWORD"
},
"PreviewBuildsManagerEnabled": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
"ValueName": "ArePreviewBuildsAllowed"
},
"QihooInstalledKey": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity",
"IfExists": true
},
"QUDeadline": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
"ValueName": "ConfigureDeadlineForQualityUpdates",
"RegValueType": "REG_DWORD"
},
"QUDeadlineMDM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
"ValueName": "ConfigureDeadlineForQualityUpdates",
"RegValueType": "REG_DWORD"
},
"QuickhealInstalledKey1": {
"FullPath": "SYSTEM\\CurrentControlSet\\Servicescatflt",
"IfExists": true
},
"QuickhealInstalledKey2": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App
Paths\\scanner.exe",
"IfExists": true
},
"RecoveredFromBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "LastBuild",
"RegValueType": "REG_DWORD"
},
"RecoveredOnDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"ReleaseType": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\Update\\TargetingInfo",
"ValueName": "ReleaseType",
"RegValueType": "REG_SZ"
},
"SetupDisplayedEulaVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\",
"ValueName": "SetupDisplayedEulaVersion",
"RegValueType": "REG_DWORD"
},
"SH_SIPolicyCleanup": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PPI\\Settings",
"ValueName": "SIPolicyCleanup",
"RegValueType": "REG_DWORD"
},
"SmartActiveHoursState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "SmartActiveHoursState",
"RegValueType": "REG_DWORD"
},
"SophosInstalledKey1": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\SAVService",
"IfExists": true
},
"SophosInstalledKey2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc",
"IfExists": true
},
"StayOnWindows10Timestamp": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "SvOfferDeclined",
"RegValueType": "REG_QWORD"
},
"Steam": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Classes\\Steam",
"ValueName": "",
"RegValueType": "REG_SZ"
},
"StrictHiveSecurityReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows
NT\\CurrentVersion\\ProfileList\\*",
"ValueName": "StrictHiveSecuritySet"
},
"SymantecInstalledKey": {
"FullPath": "SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
"IfExists": true
},
"SymantecInstalledWowKey": {
"FullPath":
"SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
"IfExists": true
},
"TargetReleaseVersionGP": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
"ValueName": "TargetReleaseVersionInfo",
"RegValueType": "REG_SZ"
},
"TargetReleaseVersionMDM": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
"ValueName": "TargetReleaseVersion",
"RegValueType": "REG_SZ"
},
"TencentInstalledKey": {
"FullPath": "SOFTWARE\\Tencent\\QQPCMgr",
"IfExists": true
},
"TencentInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr",
"IfExists": true
},
"TencentReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "LoadStartTime"
},
"TencentType": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "Type"
},
"ThreatTrackInstalledKey": {
"FullPath": "SOFTWARE\\SBAMSvc",
"IfExists": true
},
"ThreatTrackInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\SBAMSvc",
"IfExists": true
},
"TimestampEpochString_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "TimestampEpochString",
"RegValueType": "REG_SZ"
},
"TrendInstalledKey": {
"FullPath": "SOFTWARE\\TrendMicro",
"IfExists": true
},
"TrendInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\TrendMicro",
"IfExists": true
},
"UHSEnrolled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "UHSEnrolled",
"RegValueType": "REG_SZ",
"IfExists": true
},
"UninstallActive": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "System\\Setup",
"ValueName": "UninstallActive",
"RegValueType": "REG_DWORD"
},
"UpdateOfferedDays": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\",
"ValueName": "UpToDateDays",
"RegValueType": "REG_DWORD"
},
"UpdatePreference": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
"ValueName": "UpdatePreference",
"RegValueType": "REG_DWORD"
},
"UpgEx_CO21H2RegFb": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
"ValueName": "UpgEx",
"RegValueType": "REG_SZ"
},
"UpgradeAccepted": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\",
"ValueName": "UpgradeAccepted",
"RegValueType": "REG_DWORD",
"IfExists": true
},
"UpgradeEligible": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion",
"ValueName": "UpgradeEligible",
"RegValueType": "REG_DWORD"
},
"UsoScanMitigation": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator\\Mitigation\\",
"ValueName": "UsoScanNotStartingMitigationCompleted",
"RegValueType": "REG_DWORD",
"IfExists": true
},
"WebExperience": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"WebExperienceWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"WebrootInstalledKey": {
"FullPath": "SOFTWARE\\WRData",
"IfExists": true
},
"WebrootInstalledWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\WRData",
"IfExists": true
},
"Win11UpgradeAcceptedTimestamp": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "SvOfferAccepted",
"RegValueType": "REG_QWORD"
},
"Win11UpgradeAcceptedWUSeeker": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "SvOfferAccepted",
"RegValueType": "REG_QWORD",
"IfExists": true
},
"WindowsMixedReality": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows
NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
"ValueName": "WdfMajorVersion",
"RegValueType": "REG_DWORD"
},
"WSX_Runtime": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "ExperienceExtensions",
"RegValueType": "REG_SZ"
},
"WSX_Windows_Settings_Account": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath":
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
"ValueName": "Windows.Settings.Account",
"RegValueType": "REG_SZ"
}
},
"FileInfo": {
"AvastVer": {
"Path": "\\system32\\Drivers\\aswVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"AvgVer": {
"Path": "\\system32\\Drivers\\avgVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"BullguardInstalledVer": {
"Path": "\\BullGuard Ltd\\BullGuard\\BullGuard.exe",
"IfExists": true,
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVer": {
"Path":
"\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVerTest": {
"Path":
"\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CrowdStrikeInstalledVer": {
"Path": "drivers\\CrowdStrike\\CSAgent.sys",
"IfExists": true,
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"EsetVer": {
"Path": "\\drivers\\ehdrv.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"GDataInstalledVer": {
"Path": "\\drivers\\MiniIcpt.sys",
"IfExists": true,
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"IsNotepadExePresent": {
"Path": "%windir%\\system32\\notepad.exe",
"IfExists": true
},
"K7InstalledVer": {
"Path": "\\K7 Computing",
"IfExists": true,
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"KasperskyVer": {
"Path": "\\system32\\Drivers\\klhk.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"PandaInstalledVer": {
"Path": "\\Panda Security",
"IfExists": true,
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"SkypeRoomSystem": {
"Path":
"%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
"IfExists": true
},
"SymantecVer": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"SymantecVer64": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"TobiiVer": {
"Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TobiiVer1x86": {
"Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TobiiVerx86": {
"Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TrendInstalledVer": {
"Path": "\\Trend Micro\\Titanium\\plugin\\plugVizor.dll",
"IfExists": true,
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TrendMicroVer": {
"Path": "\\drivers\\TMUMH.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"WuClientVer": {
"Path": "\\system32\\wuaueng.dll",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
}
},
"Licensing": {
"UpdateManagementGroup": {
"Name": "UpdatePolicy-UpdateManagementGroup"
}
},
"UpdatePolicy": {
"BranchReadinessLevel": {
"PolicyEnum": 5,
"Enterprise": true
},
"BranchReadinessLevelSource": {
"PolicyEnum": 5,
"Enterprise": true,
"UseSource": true
},
"DeferFeatureUpdatePeriodInDays": {
"PolicyEnum": 9,
"Enterprise": true
},
"DeferQualityUpdatePeriodInDays": {
"PolicyEnum": 7,
"Enterprise": true
},
"DisableDualScan": {
"PolicyEnum": 42,
"Enterprise": true
},
"EnableWUfBUpgradeGates": {
"PolicyEnum": 51,
"Enterprise": true
},
"TargetProductVersion": {
"PolicyEnum": 53,
"Enterprise": true
},
"TargetReleaseVersion": {
"PolicyEnum": 50,
"Enterprise": true
},
"UpdateServiceUrl": {
"PolicyEnum": 12
}
},
"Policy": {
"DesiredOcpVersion": {
"LocUri":
"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"
},
"DesiredOsVersion": {
"LocUri":
"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"
},
"DesiredSystemManifestVersion": {
"LocUri":
"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"
},
"DSS_Enrolled": {
"Area": "Update",
"Name": "EnableWUfBCloud"
},
"DucCustomPackageId": {
"LocUri":
"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
},
"DucDeviceModelId": {
"LocUri":
"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
},
"DucOemPartnerRing": {
"LocUri":
"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
},
"DucPublisherId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
},
"SetPolicyDrivenUpdateSourceForFeatureUpdates": {
"LocUri":
"./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"
}
},
"WMI": {
"FirstStorageSpaceDeviceId": {
"Query": "SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft
Storage Space Device'",
"Name": "DeviceID",
"Timeout": 2000
}
}
}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys]
"Source"="%SystemRoot%\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\McAfeeIntegrationDriver.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverInfFiles\oem16.inf]
""="mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0"
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverInfFiles\oem16.inf]
"Active"="mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0"
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0610_WIN10_Inst\Driver\APOptimize\McAfee
Central]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0610_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0611_WIN10_Inst\Driver\APOptimize\McAfee
Central]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0611_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group10_WIN10_Inst\Driver\APOptimize\McAfee
Central]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group10_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group2_WIN10_Inst\Driver\APOptimize\McAfee
Central]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group2_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group3_WIN10_Inst\Driver\APOptimize\McAfee
Central]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group3_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group6_WIN10_Inst\Driver\APOptimize\McAfee
Central]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group6_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group7_WIN10_Inst\Driver\APOptimize\McAfee
Central]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group7_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group8_WIN10_Inst\Driver\APOptimize\McAfee
Central]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group8_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group9_WIN10_Inst\Driver\APOptimize\McAfee
Central]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group9_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0]
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0]
"Provider"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0]
"InfName"="mcafeeintegrationextension.inf"
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0]
"OemPath"="c:\swwork\swbuild\mcafeesmode\x64\mcintextention"
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0]
"Catalog"="McAfeeIntegrationExtension.cat"
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\Strings]
"osswitchdriver.devicedesc"="mcafeeintegrationservice"
[HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\Strings]
"manufacturername"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\5A894077.McAfeeSecurity_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
"Path"="C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\AppxMetadata\AppxBundleManifest.xml"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
"Path"="C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\AppxMetadata\AppxBundleManifest.xml"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
"Path"="C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\AppxMetadata\AppxBundleManifest.xml"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
"Path"="C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\AppxMetadata\AppxBundleManifest.xml"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Bundle\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Resource\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy]
"BundleFullName"="5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Classes\{78a1c341-4539-11d3-b88d-00c04fad5171}]
"ROOT\MCAFEESWITCH\0000"=""
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\HID\ELAN0628&Col01\4&1aec6194&0&0000\Driver\APOptimize\McAfee
Central]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\HID\ELAN0628&Col01\4&1aec6194&0&0000\Driver\APOptimize\McAfee
LiveSafe]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\ROOT\EXTENSION\0000]
"DriverInfName"="mcafeeintegrationdriver.inf"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\ROOT\MCAFEESWITCH]
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\ROOT\MCAFEESWITCH\0000]
"DriverInfName"="mcafeeintegrationdriver.inf"
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Enum\ROOT\MCAFEESWITCH]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0001\APOptimize\McAfee
Central]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0001\APOptimize\McAfee
LiveSafe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}]
"Class"="McAfeeSwitch"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}]
"ClassDesc"="@oem0.inf,%ClassName%;McAfeeSwitch"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0000]
"DriverDesc"="McAfeeIntegrationDriver Device"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0000]
"ProviderName"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0000]
"InfSection"="McAfeeIntegrationDriver_Device.NT"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0001]
"DriverDesc"="McAfeeIntegrationDriver Device"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0001]
"ProviderName"="McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0001]
"InfSection"="McAfeeIntegrationDriver_Device.NT"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\BaseContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}]
"ROOT\MCAFEESWITCH\0000"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\EXTENSION\0000]
"Service"="McAfeeIntegrationDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\EXTENSION\0000]
"DeviceDesc"="@oem0.inf,%mcafeeintegrationdriver.devicedesc%;McAfeeIntegrationDriver
Device"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\EXTENSION\0000]
"Mfg"="@oem0.inf,%manufacturername%;McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH\0000]
"Service"="McAfeeIntegrationDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH\0000]
"DeviceDesc"="@oem0.inf,%mcafeeintegrationdriver.devicedesc%;McAfeeIntegrationDriver
Device"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH\0000]
"Mfg"="@oem0.inf,%manufacturername%;McAfee"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver]
"ImagePath"="\SystemRoot\System32\drivers\McAfeeIntegrationDriver.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver]
"DisplayName"="@oem0.inf,%McAfeeIntegrationDriver.SVCDESC%;McAfeeIntegrationDriver
Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver\Enum]
"1"="ROOT\MCAFEESWITCH\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice]
"ImagePath"="%SystemRoot%\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\mcafeeintegrationservice.exe
-service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice]
"DisplayName"="@oem16.inf,%ServiceDisplayName%;mcafeeintegrationservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice]
"Description"="@oem16.inf,%OSSwitchService.SVCDESC%;mcafeeintegrationservice"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram
Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri]
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram
Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri\1d8304f8f0f682\a37dfe62]
"@{C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\resources.pri?
ms-resource:///resources/DisplayName}"="McAfee® Personal Security"
[HKEY_USERS\S-1-5-21-3491684324-3942835478-4158577442-1001\Software\Microsoft\UserData\UninstallTimes]
"5A894077.McAfeeSecurity_wafk5atnkzcwy"="0x79E156FB6F30D801"
====== End of Search ======
* Back to top
--------------------------------------------------------------------------------
#13 JSNTGRVR
JSntgRvr
Malware Fighter
*
* Malware Response Team
* 15,114 posts
* OFFLINE
* Gender:Male
* Location:Puerto Rico
* Local time:08:59 AM
Posted 17 March 2022 - 05:02 PM
Lets remove McAfee entries:
* Highlight the entire content of the quote box below.
Quote
> Start::
> SystemRestore: On
> CreateRestorePoint:
> CloseProcesses:
> C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\McAfeeIntegrationExtension.cat
>
> C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\mcafeeintegrationextension.inf
>
> C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\mcafeeintegrationservice.exe
>
> C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\McAfeeIntegrationDriver.cat
>
> C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\mcafeeintegrationdriver.inf
>
> C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\mcafeeintegrationdriver.PNF
>
> C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\McAfeeIntegrationDriver.sys
>
> C:\Windows\System32\drivers\McAfeeIntegrationDriver.sys
>
> C:\Users\fabfi\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\125\5A894077_McAfeeSecurity_wafk5atnkzcwy!App
>
> C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
> Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\mcafee_wa_crypto_learn.js
>
> C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
> Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_brand.svg
>
> C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
> Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_logo.svg
>
> C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
> Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_slogan_white.svg
>
> C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
> Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_webadvisor_logo.svg
>
> C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
> Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\white_mcafee_icon.svg
>
> C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
> Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\settings\mcafee-shield-pattern.svg
>
> C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
> Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\crypto\mcafee-white.png
>
> C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
> Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\advanced_protection_signals\mcafee-logo.svg
>
> C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
> Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\html\mcafee_wa_crypto_learn.html
>
> C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
> Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\css\mcafee_wa_crypto_learn.css
>
> C:\Recovery\OEM\scripts\RESET_POST\McAfeePBR.cmd
>
> C:\Recovery\OEM\scripts\FACTORY_POST\McAfeePBR.cmd
>
> C:\ProgramData\mcafeeintegrationservice.log
>
> C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.39.0_neutral_split.scale-100_wafk5atnkzcwy.xml
>
> C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy.xml
>
> C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy.xml
>
> C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy.xml
>
> C:\Program
> Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.dll
>
> C:\Program
> Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
>
> C:\Program
> Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\McAfee.UWP.ResourceStreamer.winmd
>
> C:\Program
> Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
>
> C:\Program
> Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Assets\Offline\mcafee-logo.png
>
> 2022-03-04 20:59 - 2022-03-04 20:59 _____
> C:\Windows\System32\Tasks_Migrated\McAfee
> 2022-03-05 00:44 - 2022-03-05 00:44 _____ C:\Windows\System32\Tasks\McAfee
> 2022-03-04 23:16 - 2022-03-05 17:54 _____
> C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538
> 2022-03-04 23:16 - 2022-03-04 23:16 _____
> C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0
> 2022-03-04 22:01 - 2022-03-04 22:01 ____A C:\Recovery\OEM\McAfeeSMode
> 2022-03-04 20:59 - 2022-03-04 20:59 _____ C:\ProgramData\McAfee
> 2022-03-04 20:59 - 2022-03-04 20:59 _____
> C:\ProgramData\mcafeeintegrationservice
> 2022-03-04 21:45 - 2022-03-04 21:45 _____
> C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.39.0_neutral_split.scale-100_wafk5atnkzcwy
> 2022-03-05 00:08 - 2022-03-05 04:04 _____
> C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
> 2022-03-05 00:08 - 2022-03-05 00:08 _____
> C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> 2022-03-05 00:08 - 2022-03-05 04:04 _____
> C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
> 2022-03-04 22:01 - 2022-03-04 20:59 _____ C:\Program Files\McAfeeOSDetection
> 2022-03-05 00:08 - 2022-03-05 00:08 _____ C:\Program
> Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
> 2022-03-05 00:08 - 2022-03-05 00:08 _____ C:\Program
> Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> 2022-03-05 00:08 - 2022-03-05 00:08 _____ C:\Program
> Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
> 2022-03-04 21:33 - 2022-03-04 21:45 _____ C:\Program
> Files\WindowsApps\DeletedAllUserPackages\5A894077.McAfeeSecurity_2.1.39.0_neutral_split.scale-100_wafk5atnkzcwy
> 2022-03-04 20:59 - 2022-03-04 20:59 _____ C:\Program Files\Common Files\McAfee
> DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\appsync\shell\open\command|""
> DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
> Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy|Path
> DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
> Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
> DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
> Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy|Path
> DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\DAD|jobname
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\McAfeeOSDetection\SwitchTasks\StubInstaller|TaskTrigger
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4b|Executable
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4b|Entrypoint
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4c|Executable
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4d|Executable
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\7a|ApplicationUserModelId
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\7a|Executable
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\7a|Entrypoint
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\147|ApplicationUserModelId
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\147|_IndexKeys
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\106|PackageFullName
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\106|InstalledLocation
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\106|_IndexKeys
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\107|PackageFullName
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\107|InstalledLocation
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\107|_IndexKeys
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\108|PackageFullName
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\108|InstalledLocation
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\108|_IndexKeys
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\2d|PackageFamilyName
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\2d|_IndexKeys
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\OSRollbackPackages|5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\OSRollbackPackages|5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\OSRollbackPackages|5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys|Source
> DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}|Path
> DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}|Author
> DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}|Description
> DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}|URI
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings|TargetingAttributes
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings|TargetingAttributesVerified
> DeleteValue:
> HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys|Source
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverInfFiles\oem16.inf|""
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverInfFiles\oem16.inf|Active
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0|Provider
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0|InfName
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0|OemPath
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0|Catalog
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\Strings|osswitchdriver.devicedesc
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\Strings|manufacturername
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy|BundleFullName
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Classes\{78a1c341-4539-11d3-b88d-00c04fad5171}|ROOT\MCAFEESWITCH\0000
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\ROOT\EXTENSION\0000|DriverInfName
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\ROOT\MCAFEESWITCH\0000|DriverInfName
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}|Class
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}|ClassDesc
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0000|DriverDesc
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0000|ProviderName
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0000|InfSection
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0001|DriverDesc
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0001|ProviderName
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0001|InfSection
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\BaseContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}|ROOT\MCAFEESWITCH\0000
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\EXTENSION\0000|Service
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\EXTENSION\0000|DeviceDesc
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\EXTENSION\0000|Mfg
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH\0000|Service
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH\0000|DeviceDesc
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH\0000|Mfg
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver|ImagePath
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver|DisplayName
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver\Enum|1
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice|ImagePath
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice|DisplayName
> DeleteValue:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice|Description
> DeleteValue: HKEY_USERS\.DEFAULT\Software\Classes\Local
> Settings\MrtCache\C:%5CProgram
> Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri\1d8304f8f0f682\a37dfe62|@{C:\Program
> Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\resources.pri?
> ms-resource:///resources/DisplayName}
> DeleteValue:
> HKEY_USERS\S-1-5-21-3491684324-3942835478-4158577442-1001\Software\Microsoft\UserData\UninstallTimes|5A894077.McAfeeSecurity_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\1^5A894077.McAfeeSecurity_wafk5atnkzcwy!App
> DeleteKey:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\5A894077.McAfeeSecurity_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.39.0_neutral_~_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys
> DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee
> DeleteKey:
> HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0610_WIN10_Inst\Driver\APOptimize\McAfee
> Central
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0610_WIN10_Inst\Driver\APOptimize\McAfee
> LiveSafe
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0611_WIN10_Inst\Driver\APOptimize\McAfee
> Central
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0611_WIN10_Inst\Driver\APOptimize\McAfee
> LiveSafe
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group10_WIN10_Inst\Driver\APOptimize\McAfee
> Central
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group10_WIN10_Inst\Driver\APOptimize\McAfee
> LiveSafe
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group2_WIN10_Inst\Driver\APOptimize\McAfee
> Central
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group2_WIN10_Inst\Driver\APOptimize\McAfee
> LiveSafe
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group3_WIN10_Inst\Driver\APOptimize\McAfee
> Central
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group3_WIN10_Inst\Driver\APOptimize\McAfee
> LiveSafe
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group6_WIN10_Inst\Driver\APOptimize\McAfee
> Central
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group6_WIN10_Inst\Driver\APOptimize\McAfee
> LiveSafe
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group7_WIN10_Inst\Driver\APOptimize\McAfee
> Central
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group7_WIN10_Inst\Driver\APOptimize\McAfee
> LiveSafe
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group8_WIN10_Inst\Driver\APOptimize\McAfee
> Central
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group8_WIN10_Inst\Driver\APOptimize\McAfee
> LiveSafe
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group9_WIN10_Inst\Driver\APOptimize\McAfee
> Central
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group9_WIN10_Inst\Driver\APOptimize\McAfee
> LiveSafe
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\5A894077.McAfeeSecurity_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Bundle\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Resource\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\HID\ELAN0628&Col01\4&1aec6194&0&0000\Driver\APOptimize\McAfee
> Central
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\HID\ELAN0628&Col01\4&1aec6194&0&0000\Driver\APOptimize\McAfee
> LiveSafe
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\ROOT\MCAFEESWITCH
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Enum\ROOT\MCAFEESWITCH
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0001\APOptimize\McAfee
> Central
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0001\APOptimize\McAfee
> LiveSafe
> DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver
> DeleteKey:
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice
> DeleteKey: HKEY_USERS\.DEFAULT\Software\Classes\Local
> Settings\MrtCache\C:%5CProgram
> Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri
>
> End::
* Right click on the highlighted text and select Copy.
* Start FRST (FRST64) with Administrator privileges
* Press the Fix button. FRST will process the lines copied above from the
clipboard.
* When finished, a log file (Fixlog.txt) will pop up and saved in the same
location the tool was ran from.
Please copy and paste its contents in your next reply.
No request for help throughout private messaging will be attended.
Unactive logs for mor more than four (4) days will be closed
* Back to top
--------------------------------------------------------------------------------
#14 JSNTGRVR
JSntgRvr
Malware Fighter
*
* Malware Response Team
* 15,114 posts
* OFFLINE
* Gender:Male
* Location:Puerto Rico
* Local time:08:59 AM
Posted 17 March 2022 - 05:15 PM
Quote
> As to the settings for MS Edge in the Firewall, I click Allow a program
> through...... and that shows
>
> NO check box beside MS Edge, and under Private, there is a check in the box,
> but not under Public
>
> Clicking the Network Types under Details, both options are greyed out, but the
> Private is checked.
>
>
>
>
>
> Under Monitoring>Firewall> MS Edge has 2 entries and both are marked with the
> Red "not allowed/blocked" Circle.
>
> Under Profile, both are Private, Under Action, both are Blocked. Under
> Override, both are No. Under Direction, both are Inbound.
>
>
I have none of this under Edge.
No request for help throughout private messaging will be attended.
Unactive logs for mor more than four (4) days will be closed
* Back to top
--------------------------------------------------------------------------------
#15 DELUSIONZ
Delusionz
* Topic Starter
*
* Members
* 43 posts
* OFFLINE
* Gender:Female
* Location:Texas
* Local time:07:59 AM
Posted 18 March 2022 - 05:54 PM
Fix result of Farbar Recovery Scan Tool (x64) Version: 13-03-2022
Ran by fabfi (18-03-2022 17:29:46) Run:2
Running from C:\Users\fabfi\Desktop
Loaded Profiles: fabfi
Boot Mode: Normal
==============================================
fixlist content:
*****************
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\McAfeeIntegrationExtension.cat
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\mcafeeintegrationextension.inf
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\mcafeeintegrationservice.exe
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\McAfeeIntegrationDriver.cat
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\mcafeeintegrationdriver.inf
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\mcafeeintegrationdriver.PNF
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\McAfeeIntegrationDriver.sys
C:\Windows\System32\drivers\McAfeeIntegrationDriver.sys
C:\Users\fabfi\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\125\5A894077_McAfeeSecurity_wafk5atnkzcwy!App
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\mcafee_wa_crypto_learn.js
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_brand.svg
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_logo.svg
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_slogan_white.svg
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_webadvisor_logo.svg
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\white_mcafee_icon.svg
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\settings\mcafee-shield-pattern.svg
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\crypto\mcafee-white.png
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\advanced_protection_signals\mcafee-logo.svg
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\html\mcafee_wa_crypto_learn.html
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\css\mcafee_wa_crypto_learn.css
C:\Recovery\OEM\scripts\RESET_POST\McAfeePBR.cmd
C:\Recovery\OEM\scripts\FACTORY_POST\McAfeePBR.cmd
C:\ProgramData\mcafeeintegrationservice.log
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.39.0_neutral_split.scale-100_wafk5atnkzcwy.xml
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy.xml
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy.xml
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy.xml
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.dll
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\McAfee.UWP.ResourceStreamer.winmd
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Assets\Offline\mcafee-logo.png
2022-03-04 20:59 - 2022-03-04 20:59 _____
C:\Windows\System32\Tasks_Migrated\McAfee
2022-03-05 00:44 - 2022-03-05 00:44 _____ C:\Windows\System32\Tasks\McAfee
2022-03-04 23:16 - 2022-03-05 17:54 _____
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538
2022-03-04 23:16 - 2022-03-04 23:16 _____
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0
2022-03-04 22:01 - 2022-03-04 22:01 ____A C:\Recovery\OEM\McAfeeSMode
2022-03-04 20:59 - 2022-03-04 20:59 _____ C:\ProgramData\McAfee
2022-03-04 20:59 - 2022-03-04 20:59 _____
C:\ProgramData\mcafeeintegrationservice
2022-03-04 21:45 - 2022-03-04 21:45 _____
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.39.0_neutral_split.scale-100_wafk5atnkzcwy
2022-03-05 00:08 - 2022-03-05 04:04 _____
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
2022-03-05 00:08 - 2022-03-05 00:08 _____
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
2022-03-05 00:08 - 2022-03-05 04:04 _____
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
2022-03-04 22:01 - 2022-03-04 20:59 _____ C:\Program Files\McAfeeOSDetection
2022-03-05 00:08 - 2022-03-05 00:08 _____ C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
2022-03-05 00:08 - 2022-03-05 00:08 _____ C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
2022-03-05 00:08 - 2022-03-05 00:08 _____ C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
2022-03-04 21:33 - 2022-03-04 21:45 _____ C:\Program
Files\WindowsApps\DeletedAllUserPackages\5A894077.McAfeeSecurity_2.1.39.0_neutral_split.scale-100_wafk5atnkzcwy
2022-03-04 20:59 - 2022-03-04 20:59 _____ C:\Program Files\Common Files\McAfee
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\appsync\shell\open\command|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy|Path
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy|Path
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\DAD|jobname
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\McAfeeOSDetection\SwitchTasks\StubInstaller|TaskTrigger
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4b|Executable
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4b|Entrypoint
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4c|Executable
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4d|Executable
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\7a|ApplicationUserModelId
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\7a|Executable
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\7a|Entrypoint
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\147|ApplicationUserModelId
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\147|_IndexKeys
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\106|PackageFullName
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\106|InstalledLocation
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\106|_IndexKeys
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\107|PackageFullName
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\107|InstalledLocation
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\107|_IndexKeys
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\108|PackageFullName
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\108|InstalledLocation
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\108|_IndexKeys
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\2d|PackageFamilyName
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\2d|_IndexKeys
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\OSRollbackPackages|5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\OSRollbackPackages|5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\OSRollbackPackages|5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys|Source
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}|Path
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}|Author
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}|Description
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}|URI
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings|TargetingAttributes
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings|TargetingAttributesVerified
DeleteValue:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys|Source
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverInfFiles\oem16.inf|""
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverInfFiles\oem16.inf|Active
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0|Provider
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0|InfName
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0|OemPath
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0|Catalog
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\Strings|osswitchdriver.devicedesc
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\Strings|manufacturername
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy|Path
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy|BundleFullName
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Classes\{78a1c341-4539-11d3-b88d-00c04fad5171}|ROOT\MCAFEESWITCH\0000
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\ROOT\EXTENSION\0000|DriverInfName
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\ROOT\MCAFEESWITCH\0000|DriverInfName
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}|Class
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}|ClassDesc
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0000|DriverDesc
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0000|ProviderName
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0000|InfSection
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0001|DriverDesc
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0001|ProviderName
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0001|InfSection
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\BaseContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}|ROOT\MCAFEESWITCH\0000
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\EXTENSION\0000|Service
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\EXTENSION\0000|DeviceDesc
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\EXTENSION\0000|Mfg
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH\0000|Service
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH\0000|DeviceDesc
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH\0000|Mfg
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver|ImagePath
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver|DisplayName
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver\Enum|1
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice|ImagePath
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice|DisplayName
DeleteValue:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice|Description
DeleteValue: HKEY_USERS\.DEFAULT\Software\Classes\Local
Settings\MrtCache\C:%5CProgram
Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri\1d8304f8f0f682\a37dfe62|@{C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\resources.pri?
ms-resource:///resources/DisplayName}
DeleteValue:
HKEY_USERS\S-1-5-21-3491684324-3942835478-4158577442-1001\Software\Microsoft\UserData\UninstallTimes|5A894077.McAfeeSecurity_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\1^5A894077.McAfeeSecurity_wafk5atnkzcwy!App
DeleteKey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\5A894077.McAfeeSecurity_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.39.0_neutral_~_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee
DeleteKey:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0610_WIN10_Inst\Driver\APOptimize\McAfee
Central
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0610_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0611_WIN10_Inst\Driver\APOptimize\McAfee
Central
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0611_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group10_WIN10_Inst\Driver\APOptimize\McAfee
Central
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group10_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group2_WIN10_Inst\Driver\APOptimize\McAfee
Central
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group2_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group3_WIN10_Inst\Driver\APOptimize\McAfee
Central
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group3_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group6_WIN10_Inst\Driver\APOptimize\McAfee
Central
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group6_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group7_WIN10_Inst\Driver\APOptimize\McAfee
Central
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group7_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group8_WIN10_Inst\Driver\APOptimize\McAfee
Central
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group8_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group9_WIN10_Inst\Driver\APOptimize\McAfee
Central
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group9_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\5A894077.McAfeeSecurity_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Bundle\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Resource\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\HID\ELAN0628&Col01\4&1aec6194&0&0000\Driver\APOptimize\McAfee
Central
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\HID\ELAN0628&Col01\4&1aec6194&0&0000\Driver\APOptimize\McAfee
LiveSafe
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\ROOT\MCAFEESWITCH
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Enum\ROOT\MCAFEESWITCH
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0001\APOptimize\McAfee
Central
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0001\APOptimize\McAfee
LiveSafe
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver
DeleteKey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice
DeleteKey: HKEY_USERS\.DEFAULT\Software\Classes\Local
Settings\MrtCache\C:%5CProgram
Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri
*****************
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\McAfeeIntegrationExtension.cat
=> moved successfully
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\mcafeeintegrationextension.inf
=> moved successfully
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\mcafeeintegrationservice.exe
=> moved successfully
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\McAfeeIntegrationDriver.cat
=> moved successfully
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\mcafeeintegrationdriver.inf
=> moved successfully
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\mcafeeintegrationdriver.PNF
=> moved successfully
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538\McAfeeIntegrationDriver.sys
=> moved successfully
C:\Windows\System32\drivers\McAfeeIntegrationDriver.sys => moved successfully
C:\Users\fabfi\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\125\5A894077_McAfeeSecurity_wafk5atnkzcwy!App
=> moved successfully
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\mcafee_wa_crypto_learn.js
=> moved successfully
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_brand.svg
=> moved successfully
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_logo.svg
=> moved successfully
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_slogan_white.svg
=> moved successfully
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\mcafee_webadvisor_logo.svg
=> moved successfully
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\web_advisor\white_mcafee_icon.svg
=> moved successfully
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\settings\mcafee-shield-pattern.svg
=> moved successfully
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\crypto\mcafee-white.png
=> moved successfully
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\images\advanced_protection_signals\mcafee-logo.svg
=> moved successfully
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\html\mcafee_wa_crypto_learn.html
=> moved successfully
C:\Users\fabfi\AppData\Local\Microsoft\Edge\User
Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd\8.1.0.2126_0\css\mcafee_wa_crypto_learn.css
=> moved successfully
C:\Recovery\OEM\scripts\RESET_POST\McAfeePBR.cmd => moved successfully
C:\Recovery\OEM\scripts\FACTORY_POST\McAfeePBR.cmd => moved successfully
C:\ProgramData\mcafeeintegrationservice.log => moved successfully
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.39.0_neutral_split.scale-100_wafk5atnkzcwy.xml
=> moved successfully
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy.xml
=> moved successfully
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy.xml
=> moved successfully
C:\ProgramData\Microsoft\Windows\AppRepository\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy.xml
=> moved successfully
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.dll
=> moved successfully
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
=> moved successfully
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\McAfee.UWP.ResourceStreamer.winmd
=> moved successfully
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
=> moved successfully
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Assets\Offline\mcafee-logo.png
=> moved successfully
C:\Windows\System32\Tasks_Migrated\McAfee => moved successfully
C:\Windows\System32\Tasks\McAfee => moved successfully
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationdriver.inf_amd64_fad10d9ca5708538
=> moved successfully
C:\Windows\System32\DriverStore\FileRepository\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0
=> moved successfully
C:\Recovery\OEM\McAfeeSMode => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\ProgramData\mcafeeintegrationservice => moved successfully
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.39.0_neutral_split.scale-100_wafk5atnkzcwy
=> moved successfully
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
=> moved successfully
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
=> moved successfully
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
=> moved successfully
C:\Program Files\McAfeeOSDetection => moved successfully
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
=> moved successfully
C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy =>
moved successfully
C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
=> moved successfully
C:\Program
Files\WindowsApps\DeletedAllUserPackages\5A894077.McAfeeSecurity_2.1.39.0_neutral_split.scale-100_wafk5atnkzcwy
=> moved successfully
C:\Program Files\Common Files\McAfee => moved successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\appsync\shell\open\command\\" => removed
successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy\\Path"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\\Path"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\\Path"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\McAfee.com\DAD\\jobname" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\McAfeeOSDetection\SwitchTasks\StubInstaller\\TaskTrigger"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4b\\Executable"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4b\\Entrypoint"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4c\\Executable"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Activation\Data\4d\\Executable"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\7a\\ApplicationUserModelId"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\7a\\Executable"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Application\Data\7a\\Entrypoint"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\147\\ApplicationUserModelId"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Data\147\\_IndexKeys"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\106\\PackageFullName"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\106\\InstalledLocation"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\106\\_IndexKeys"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\107\\PackageFullName"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\107\\InstalledLocation"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\107\\_IndexKeys"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\108\\PackageFullName"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\108\\InstalledLocation"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Data\108\\_IndexKeys"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\2d\\PackageFamilyName"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Data\2d\\_IndexKeys"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\\Path"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\OSRollbackPackages\\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy"
=> not found
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\OSRollbackPackages\\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy"
=> not found
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\OSRollbackPackages\\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy"
=> not found
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys\\Source"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}\\Path"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}\\Author"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}\\Description"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DB8A333-18D2-4520-ACD7-8B53D84E366B}\\URI"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings\\TargetingAttributes"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings\\TargetingAttributesVerified"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys\\Source"
=> not found
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverInfFiles\oem16.inf => Access
Denied
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverInfFiles\oem16.inf => Access
Denied
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0
=> Access Denied
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0
=> Access Denied
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0
=> Access Denied
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0
=> Access Denied
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\Strings
=> Access Denied
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0\Strings
=> Access Denied
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\\Path"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\\Path"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\\Path"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\\Path"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\\BundleFullName"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Classes\{78a1c341-4539-11d3-b88d-00c04fad5171}\\ROOT\MCAFEESWITCH\0000"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\ROOT\EXTENSION\0000\\DriverInfName"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\ROOT\MCAFEESWITCH\0000\\DriverInfName"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\\Class"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\\ClassDesc"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0000\\DriverDesc"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0000\\ProviderName"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0000\\InfSection"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0001\\DriverDesc"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0001\\ProviderName"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{78a1c341-4539-11d3-b88d-00c04fad5171}\0001\\InfSection"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\BaseContainers\{00000000-0000-0000-FFFF-FFFFFFFFFFFF}\\ROOT\MCAFEESWITCH\0000"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\EXTENSION\0000\\Service"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\EXTENSION\0000\\DeviceDesc"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\EXTENSION\0000\\Mfg" =>
removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH\0000\\Service"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH\0000\\DeviceDesc"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH\0000\\Mfg"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver\\ImagePath"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver\\DisplayName"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver\Enum\\1"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice\\ImagePath"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice\\DisplayName"
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice\\Description"
=> removed successfully
"HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram
Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri\1d8304f8f0f682\a37dfe62\\@{C:\Program
Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\resources.pri?
ms-resource:///resources/DisplayName}" => removed successfully
"HKEY_USERS\S-1-5-21-3491684324-3942835478-4158577442-1001\Software\Microsoft\UserData\UninstallTimes\\5A894077.McAfeeSecurity_wafk5atnkzcwy"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\1^5A894077.McAfeeSecurity_wafk5atnkzcwy!App"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\Package\Index\PackageFullName\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy"
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\5A894077.McAfeeSecurity_wafk5atnkzcwy"
=> removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.39.0_neutral_~_wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys
=> removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/McAfeeIntegrationDriver.sys"
=> not found
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0610_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0610_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0611_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0611_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group10_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group10_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group2_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group2_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group3_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group3_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group6_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group6_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group7_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group7_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group8_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group8_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group9_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group9_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0
=> could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\5A894077.McAfeeSecurity_wafk5atnkzcwy
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\Applications\5A894077.McAfeeSecurity_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy"
=> not found
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Applications\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-18\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
=> removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy"
=> not found
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\BundleManifestInfo\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy"
=> not found
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Bundle\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Resource\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-3491684324-3942835478-4158577442-1001\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.68.0_neutral_split.scale-125_wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.68.0_neutral_~_wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\HID\ELAN0628&Col01\4&1aec6194&0&0000\Driver\APOptimize\McAfee
Central => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\HID\ELAN0628&Col01\4&1aec6194&0&0000\Driver\APOptimize\McAfee
LiveSafe => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Control\DeviceMigration\Devices\ROOT\MCAFEESWITCH
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\PnP\CurrentControlSet\Enum\ROOT\MCAFEESWITCH
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0001\APOptimize\McAfee
Central => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}\0001\APOptimize\McAfee
LiveSafe => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ROOT\MCAFEESWITCH" => removed
successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfeeIntegrationDriver"
=> removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mcafeeintegrationservice =>
removed successfully
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram
Files%5CWindowsApps%5C5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy%5Cresources.pri
=> removed successfully
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-03-2022
17:36:16)
Result of scheduled keys to remove after reboot:
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0610_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0610_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0611_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_0611_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group10_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group10_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group2_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group2_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group3_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group3_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group6_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group6_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group7_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group7_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group8_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group8_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group9_WIN10_Inst\Driver\APOptimize\McAfee
Central => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\etd.inf_amd64_dc1036f707c1569f\Configurations\ETD_HID_Group9_WIN10_Inst\Driver\APOptimize\McAfee
LiveSafe => could not remove. Access Denied.
HKEY_LOCAL_MACHINE\SYSTEM\DriverDatabase\DriverPackages\mcafeeintegrationextension.inf_amd64_fa47767680f6bbc0
=> could not remove. Access Denied.
==== End of Fixlog 17:36:17 ====
* Back to top
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
* Page 1 of 5
* 1
* 2
* 3
* Next
* »
Back to Virus, Trojan, Spyware, and Malware Removal Help
*
*
*
*
*
*
*
*
*
*
0 USER(S) ARE READING THIS TOPIC
0 members, 0 guests, 0 anonymous users
Reply to quoted posts Clear
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
4. Privacy Policy
5. Rules ·
*
* Help
Advertise | About Us | Terms of Use | Privacy Policy | Sitemap
| Chat | RSS Feeds | Contact Us Tech Support Forums | Virus
Removal Guides | Downloads | Tutorials | The Computer Glossary |
Uninstall List | Startups | The File Database
© 2004-2022 All Rights Reserved Bleeping Computer LLC .
Site Changelog
Community Forum Software by IP.Board
SIGN IN
* Use Twitter
* Need an account? Register now!
* Username
* Forum Password
I've forgotten my password
* Remember me
This is not recommended for shared computers
* Sign in anonymously
Don't add me to the active users list
* Privacy Policy
JUMP TO PAGE
JUMP TO PAGE