Strange Things On Desktop After Speaking With Amazon

I'm posting in the public help forum because I'm not even sure if I have malware, I'm totally confused. I don't know if the scans you want run are applicable, or if I should do something else.

I had a strange run in with Amazon, and don't know what to think. I know there are a lot of Amazon scams out there, and after this incident things appeared on my desktop from amazon that I did not put there my self. I don't know if I'm over reacting, I don't know what's going on. I have a Windows 10 computer, and use Firefox as my browser. I don't know how much of this story is applicable to the problem, so I'll just start at the beginning:

A couple days ago, I received an item I ordered from Amazon, but they sent the wrong style (not what I ordered). I went to send it back, calling the customer service number I always use for Amazon (1-866-216-1072) and the representative told me to send them my photo id in order to be refunded. This set off alarm bells: I've had this amazon account since the early '90s, and have never sent in my id. I hung up, called again, this representative repeated the same thing. I explained how this does not make sense, I am not comfortable with this, how can sending my ID help them fix a problem they caused. They would not explain themselves, and maintained that I must send in my id. I tried chatting on the Amazon website, same response. These were all foreign call center people, I asked to speak with an American supervisor, and was refused.

I did some looking online, and it seems most people believe this to be a scam by some rogue Indian Amazon employees who take people's id's and are able to steal their identities, using their id and their payment method. I didn't know what to think of this, as I called what I knew to be a legitimate amazon number and went to amazon to find the chat. But, what good will an id do them, other than to feed their ai facial recognition? They can't prove I am the person who opened the account in the 90s, as they didn't ask for my id at the start. Can't one also open an amazon account under the name Humpty Dumpty? If so, would Amazon refuse a refund unless Humpty Dumpty provided his ID? It feels like an invasion of privacy to me, as this is not standard online shopping policy (at least not for Walmart or Target) and they would refund to my original payment method, so the money could not go to a scammer.

Anyway, I don't need your expert geek help in assessing Amazon's business practices, but thoughts on whether or not this sounds like a scam (or could somehow not really be Amazon) are welcome. Here is where I need your help:

Yesterday, I was browsing through Walmart's policies, to see if Amazon's were really out of the ordinary. I found a place on Walmart I wanted to screenshot, so I did, and when I went to save it to my folder where I dump stuff like this, I found a strange Amazon folder I did not make, and a strange Amazon shortcut I did not make. A screenshot of the shortcuts I found is attached. I'm afraid to open the one that looks like a web browser link. I opened the folder and found lots of crazy stuff, along with what looks like things I had in my Amazon cart that I was just browsing through. I also attached a couple of screenshots of what was in the Amazon folder, I have more if you need them as the folder was very full.

So, I freaked out a little bit. I didn't do this (can one do something like this by accident? If so, let me know. I admit I'm accident prone, but it seems to me that to do this I would have some how had to download the Amazon cart and all it's components onto my desktop and put them in my folder, which seems like a very involved and difficult accident to make). Was Amazon scamming me, and somehow in doing the "validate your account" email, did I let them on my computer? I did some research, and tried to follow the steps to look on the Event Viewer to see if someone else accessed my computer during the time that these files were made, and as far as I can tell it doesn't look like anyone did. I tried to go through my task manager and see if anything looked unusual to me, and (aside from the fact that it ALL looks unusual to me) I didn't see anything strange that particularly stood out. I searched a few things that seemed odd, and they turned out to be a normal part of windows. When I go to the task manager, and look under User, it seems to only be me, but these shortcuts were made two days ago, so I guess if someone was on there they could be gone now.

I'm not sure what else to do from here. I'm hoping somehow I accidentally did whatever was done with this amazon folder and shortcut, but don't think I did. I'm not sure what to do to ensure everything is safe on this computer to continue online banking etc.

Following are FRST logs, that's all I've done so far. I want to clear my cookies, history, etc and run an Avast scan, but wasn't sure if getting rid of all that would remove something in my history that would help me figure out what happened. If I delete these amazon files on my computer and empty my trash bin, will they be completely gone or should I check my hard drive somehow? Please tell me next steps, or if I am insane and worried about something I accidentally did myself.

Thanks!

 

Here are my Frst logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2024
Ran by User (administrator) on LAPTOP-1755NSUL (LENOVO 81DE) (16-09-2024 17:32:22)
Running from C:\Users\User\Desktop\FRST64.exe
Loaded Profiles: User
Platform: Microsoft Windows 10 Home Version 22H2 19045.4894 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Computer, Inc.) [File not signed] C:\Program Files (x86)\QuickTime\qttask.exe
(Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastUI.exe <4>
(C:\Program Files\Avast Software\Avast\AvastSvc.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswEngSrv.exe
(ETDCtrl.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDTouch.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrlHelper.exe
(explorer.exe ->) (20E7E2C9-A2A9-4A02-BB29-6FCFB9E042BB -> Lenovo(beijing) Limited) C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.46.0_x64__5grkq8ppsgwt4\VFS\ProgramFilesX64\Lenovo\LenovoUtility\utility.exe
(explorer.exe ->) (F.lux Software LLC -> f.lux Software LLC) C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswidsagent.exe
(services.exe ->) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
(services.exe ->) (Avast Software s.r.o. -> Gen Digital Inc.) C:\Program Files\Avast Software\Avast\AvastSvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(services.exe ->) (Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrB.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\IntelCpHeciSvc.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_7c484f80872e1cd8\jhi_service.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_120314e52c04567c\RstMwService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18390912 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [427304 2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [98304 2019-09-16] (Apple Computer, Inc.) [File not signed]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Run: [f.lux] => C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe [1528952 2024-01-17] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267928 2021-10-13] (Valve -> Valve Corporation)
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Policies\Explorer: [NoLogOff] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2019-09-16]
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) [File not signed]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {8E42FD95-95C2-4895-BBBD-E207D9250084} - System32\Tasks\Avast Software\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [5173032 2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
Task: {2D079743-8060-490B-92E1-BCB1AE9C0789} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2144664 2023-08-01] (Avast Software s.r.o. -> Avast Software)
Task: {586FE4FE-6957-416E-8D06-EAA00293F635} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-14] (HP Inc. -> HP Inc.)
Task: {8CD36375-BA6D-4BAB-B5E9-39984CF6868B} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [35464 2021-02-14] (HP Inc. -> HP Inc.)
Task: {00F2EA6E-B0AF-478A-AF2C-45EE6DAF1A0C} - System32\Tasks\IObit StpSale (One-Time) => "C:\Program Files (x86)\IObit\Smart Defrag\pub\Stpsale.exe" -> C:\Program Files (x86)\IObit\Smart Defrag\pub\\/stp
Task: {19DCA661-18B7-4311-B46F-C783E6928E6D} - System32\Tasks\IObit SumSale2024 (One-Time) => "C:\Program Files (x86)\IObit\Smart Defrag\pub\sumsale.exe" -> C:\Program Files (x86)\IObit\Smart Defrag\pub\\/rpop
Task: {921E2E1C-15D1-4929-B3D7-023C72139098} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {94607245-E93A-4C80-B692-B97E8FB3E1F8} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {14C87044-63B7-4671-AC72-40CE4F278118} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {07E8C8F6-27B9-4414-857C-23C2701B93A3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\39898a6c-abd8-4872-a91c-66fadac41753 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {B9F45627-5FE3-43C4-A2EF-2E4D55B7626B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3ef7a0bb-f57c-4da8-9d67-893cecaf32b9 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {26CB748C-6555-4F40-A766-5A42817BD2FF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\599328e5-c945-48db-a739-3fd7be1211bd => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {05FFBD61-BC24-475F-8A4C-2A43E0AC4FEA} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6bc79892-85fa-4f02-bef1-ef3d6d576ae1 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {6624974B-4805-4FAB-AFE0-ADE8DE5FBAA2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\dbb061ce-8b7b-44b2-a9c7-f6131d751331 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {9A63893B-3426-45E4-BAA6-B6FD6034D957} - System32\Tasks\LenovoUtility Task => C:\Windows\explorer.exe [5786440 2024-09-11] (Microsoft Windows -> Microsoft Corporation)
Task: {DC960A03-262D-4F7B-8FDE-6B9AEB012E67} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-09-03] (Mozilla Corporation -> Mozilla Foundation)
Task: {23E7A971-068D-403E-B6FE-9DDE17D2FE59} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
Task: {3F4CFC6C-8E54-44F5-8143-C2AC6299CB93} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {39BF1E4F-231F-43D9-8EF6-DFF98CE38665} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7130D55B-51E0-41F7-BD7C-6B11495C631F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506176 2019-05-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {8A298AA7-86DD-497C-84D4-99D68F5BEF68} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {E1EEF567-250D-4149-9E97-6FB05956879F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {B45A18E2-87D9-44EB-9CF9-BDFC93B6FEDA} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [3721576 2024-04-09] (IObit CO., LTD -> IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{5f488a56-4358-42ad-8336-f7518937ab4f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\144545458453A4372414: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\144545458453A4372414: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\144545458453A43724142366E674: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\144545458453A43724142366E674: [DhcpDomain] attlocal.net
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\75F6C6667616E676: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ce22c376-f9b5-493e-8f14-317ed9b99177}\75F6C6667616E676: [DhcpDomain] attlocal.net

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2024-09-15]
Edge Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-27]
Edge Extension: (Edge relevant text changes) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (uBlock Origin) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-08-07]

FireFox:
========
FF DefaultProfile: h7vtrih6.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default [2024-09-16]
FF DownloadDir: C:\Users\User\Desktop
FF Homepage: Mozilla\Firefox\Profiles\h7vtrih6.default -> www.duckduckgo.com
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2024-07-30]
FF Extension: (uBlock Origin) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h7vtrih6.default\Extensions\uBlock0@raymondhill.net.xpi [2024-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2020-12-08]
CHR Extension: (Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-08]
CHR Extension: (Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-08]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-08]
CHR Extension: (Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-08]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-09-08]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-08]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [7248680 2024-09-11] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [771880 2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [1217832 2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-05-30] (Avast Software s.r.o. -> AVAST Software)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [784512 2019-06-23] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [284808 2021-02-14] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-11] (Malwarebytes Inc. -> Malwarebytes)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [66872 2019-05-26] (Even Balance, Inc. -> )
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [107832 2019-05-26] (Even Balance, Inc. -> )
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2021-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2021-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [20536 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [229832 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [381400 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [293944 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [84536 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [27744 2024-08-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Gen Digital Inc.)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [28616 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [273456 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [549968 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [97736 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [69176 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [949816 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [1198648 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [203832 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [306744 2024-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Gen Digital Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-09-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2024-03-22] (IObit Information Technology -> IObit)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows ® Win 7 DDK provider)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2018-07-13] (Windscribe Limited -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-02-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [429296 2021-02-09] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [70896 2021-02-09] (Microsoft Windows -> Microsoft Corporation)
U1 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-09-16 17:32 - 2024-09-16 17:36 - 000023223 _____ C:\Users\User\Desktop\FRST.txt
2024-09-16 17:30 - 2024-09-16 17:30 - 002397696 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2024-09-14 23:55 - 2024-09-14 23:55 - 000000000 ____D C:\Users\User\AppData\Roaming\com.playtinum.Halloween-Jigsaw
2024-09-14 23:52 - 2024-09-14 23:52 - 000002196 _____ C:\Users\Public\Desktop\Play Halloween Jigsaw Puzzle Stash.lnk
2024-09-14 23:52 - 2024-09-14 23:52 - 000001248 _____ C:\Users\Public\Desktop\More Great Games.lnk
2024-09-14 23:52 - 2024-09-14 23:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Halloween Jigsaw Puzzle Stash
2024-09-14 23:52 - 2024-09-14 23:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halloween Jigsaw Puzzle Stash
2024-09-14 23:52 - 2024-09-14 23:52 - 000000000 ____D C:\Program Files (x86)\Halloween Jigsaw Puzzle Stash
2024-09-13 16:54 - 2024-09-13 16:54 - 000013444 _____ C:\Users\User\Desktop\handyforms.odt
2024-09-12 16:03 - 2024-09-12 16:03 - 000000353 _____ C:\Users\User\Desktop\Jojo Siwa Hair Bows in Hair Accessories - Walmart.com.url
2024-09-12 16:02 - 2024-09-12 16:02 - 000000353 _____ C:\Users\User\Desktop\Packed Party Hair Tools & Accessories in Hair Accessories - Walmart.com.url
2024-09-12 16:01 - 2024-09-12 16:01 - 000000353 _____ C:\Users\User\Desktop\Scrunchies in Hair Accessories - Walmart.com.url
2024-09-12 16:01 - 2024-09-12 16:01 - 000000353 _____ C:\Users\User\Desktop\Head Wraps in Hair Accessories - Walmart.com.url
2024-09-12 16:01 - 2024-09-12 16:01 - 000000353 _____ C:\Users\User\Desktop\Hair Bows in Hair Accessories - Walmart.com.url
2024-09-12 16:00 - 2024-09-12 16:00 - 000000353 _____ C:\Users\User\Desktop\Headbands in Hair Accessories - Walmart.com.url
2024-09-12 16:00 - 2024-09-12 16:00 - 000000353 _____ C:\Users\User\Desktop\Clip In Extensions in Hair Accessories - Walmart.com.url
2024-09-12 15:59 - 2024-09-12 15:59 - 000000353 _____ C:\Users\User\Desktop\Hair Ties in Hair Accessories - Walmart.com.url
2024-09-12 15:59 - 2024-09-12 15:59 - 000000353 _____ C:\Users\User\Desktop\Hair Clips in Hair Accessories - Walmart.com.url
2024-09-12 15:59 - 2024-09-12 15:59 - 000000353 _____ C:\Users\User\Desktop\Barrettes in Hair Accessories - Walmart.com.url
2024-09-11 09:47 - 2024-09-11 09:45 - 000315176 _____ (Gen Digital Inc.) C:\WINDOWS\system32\aswBoot.exe
2024-09-10 22:47 - 2024-09-10 22:47 - 000000000 ___HD C:\$WinREAgent
2024-09-08 13:44 - 2024-09-08 13:44 - 000000299 _____ C:\Users\User\Desktop\Final Meeting Agenda_June 2024_6-24_v2.xlsx - agenda-2024-06-26-28-508.pdf.url
2024-09-06 15:14 - 2024-09-06 15:14 - 000000240 _____ C:\Users\User\Desktop\Masks - HALOLIFE.url
2024-09-03 09:42 - 2024-09-03 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-09-03 09:37 - 2024-09-10 14:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-09-01 00:43 - 2024-09-01 00:43 - 000000000 ____D C:\Users\User\AppData\Roaming\JetFun
2024-08-31 01:25 - 2024-08-31 01:25 - 000000242 _____ C:\Users\User\Desktop\RMV Workforce Corp.url
2024-08-28 19:21 - 2024-08-28 19:21 - 000000271 _____ C:\Users\User\Desktop\West Nile Virus_ Symptoms, Treatment & Prevention.url
2024-08-26 16:06 - 2024-08-26 16:06 - 000000242 _____ C:\Users\User\Desktop\A Website For Property Management And Multi-Family Housing.url
2024-08-26 16:02 - 2024-08-26 16:02 - 000000260 _____ C:\Users\User\Desktop\Tools For Maintenance Technicians That Can Make You Easy Money.url
2024-08-26 14:53 - 2024-08-26 14:53 - 000000331 _____ C:\Users\User\Desktop\Woodford Adjustable Rod with Pressure Relief Valve to Prevent Bursting (10-Piece) RK-ADJ-PRV - The Home Depot.url
2024-08-26 14:53 - 2024-08-26 14:53 - 000000243 _____ C:\Users\User\Desktop\RK-ADJ-PRV Upgrade the Model 14, 16, 17, 19, 22 and V22 to PRV 4-in to – Eagle Mountain.url
2024-08-26 14:28 - 2024-08-26 14:28 - 000000271 _____ C:\Users\User\Desktop\Woodford Model 17 Freezeless Faucet.url
2024-08-26 13:56 - 2024-08-26 13:56 - 000000234 _____ C:\Users\User\Desktop\Your Shopping Cart – woodfordfaucet.url

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-09-16 17:35 - 2021-02-19 16:46 - 000000000 ____D C:\FRST
2024-09-16 17:09 - 2019-12-07 04:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-09-16 16:58 - 2022-12-28 17:04 - 000000000 ____D C:\Users\User\Desktop\pics for returns
2024-09-16 16:07 - 2020-09-28 08:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-09-16 15:34 - 2019-12-07 04:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-09-16 15:34 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-09-16 13:44 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-09-16 13:44 - 2019-12-07 04:13 - 000000000 ____D C:\WINDOWS\INF
2024-09-16 00:21 - 2024-07-29 17:42 - 000002738 _____ C:\WINDOWS\system32\Tasks\IObit SumSale2024 (One-Time)
2024-09-16 00:21 - 2024-03-12 22:08 - 000002728 _____ C:\WINDOWS\system32\Tasks\IObit StpSale (One-Time)
2024-09-16 00:21 - 2024-01-11 20:43 - 000002442 _____ C:\WINDOWS\system32\Tasks\SmartDefrag_Update
2024-09-16 00:21 - 2020-09-28 09:14 - 000003492 _____ C:\WINDOWS\system32\Tasks\LenovoUtility Task
2024-09-16 00:21 - 2020-09-28 09:14 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-09-16 00:21 - 2020-09-28 09:14 - 000003240 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-09-16 00:21 - 2020-09-28 09:14 - 000002764 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task v2
2024-09-16 00:21 - 2020-09-28 09:14 - 000002352 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON
2024-09-16 00:21 - 2020-09-28 09:14 - 000002306 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_Dolby
2024-09-16 00:21 - 2020-09-28 09:14 - 000002302 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2024-09-16 00:21 - 2018-11-23 18:49 - 000000000 ____D C:\ProgramData\TEMP
2024-09-15 23:51 - 2021-02-09 20:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2024-09-15 19:27 - 2018-11-22 11:36 - 000000000 __SHD C:\Users\User\IntelGraphicsProfiles
2024-09-15 19:26 - 2018-11-22 13:39 - 000000000 ____D C:\ProgramData\AVAST Software
2024-09-15 19:25 - 2020-09-28 09:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-09-15 19:25 - 2020-09-28 08:42 - 000008192 ___SH C:\DumpStack.log.tmp
2024-09-15 19:25 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-09-15 19:24 - 2019-12-07 04:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-09-14 23:52 - 2018-11-23 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2024-09-14 12:51 - 2021-12-16 16:43 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-09-14 12:08 - 2020-06-23 14:55 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-09-13 14:48 - 2018-11-22 15:54 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2024-09-12 08:23 - 2020-09-28 09:04 - 000840602 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-09-11 12:09 - 2021-05-30 17:00 - 000000000 ____D C:\Users\User\AppData\Local\Avast Software
2024-09-11 11:09 - 2024-06-10 16:56 - 000456288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-09-11 11:02 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-09-11 11:01 - 2019-12-07 04:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-09-11 11:01 - 2019-12-07 04:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-09-11 10:57 - 2019-12-07 04:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-09-11 10:32 - 2020-09-28 08:46 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-09-11 09:49 - 2021-02-09 20:52 - 000949816 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2024-09-11 09:49 - 2021-02-09 20:52 - 000381400 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2024-09-11 09:47 - 2019-12-07 04:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-09-11 09:46 - 2021-02-09 20:52 - 001198648 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswSP.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000549968 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000306744 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswVmm.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000293944 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000273456 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000097736 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000084536 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000069176 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2024-09-11 09:46 - 2021-02-09 20:52 - 000028616 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswKbd.sys
2024-09-11 09:45 - 2021-02-09 20:52 - 000229832 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArPot.sys
2024-09-11 09:45 - 2021-02-09 20:52 - 000020536 _____ (Gen Digital Inc.) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2024-09-10 14:42 - 2018-11-22 13:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-09-10 14:36 - 2018-11-22 13:37 - 199688632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-09-10 14:17 - 2018-11-22 14:03 - 000000000 ____D C:\ProgramData\Packages
2024-09-10 14:17 - 2018-11-22 11:36 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2024-09-10 14:09 - 2018-11-22 13:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-09-07 22:23 - 2024-07-20 10:16 - 000000258 _____ C:\Users\User\Desktop\Respiratory Illnesses Data Channel _ Respiratory Illnesses _ CDC.url
2024-09-03 09:42 - 2018-11-22 13:27 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

==================== Files in the root of some directories ========

2019-06-23 17:48 - 2019-06-23 17:48 - 000001536 _____ () C:\Users\User\AppData\Local\GfxMetrics.cfg
2019-06-23 17:48 - 2019-06-23 17:48 - 000206336 _____ () C:\Users\User\AppData\Local\GfxMetrics.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

I'm getting nervous about leaving this on my computer, so I am going to delete the Amazon shortcuts I did not make, empty my recycle bin, clear my cookies/cache/history, and run a virus scan. Please let me know what else you think I should do.

 

I kept trying to post the Addition log, and it said wouldn't because of too many characters. So here's half of it:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024
Ran by User (16-09-2024 17:42:08)
Running from C:\Users\User\Desktop
Microsoft Windows 10 Home Version 22H2 19045.4894 (X64) (2020-09-28 14:15:16)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-4161042128-27025238-194098315-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4161042128-27025238-194098315-503 - Limited - Disabled)
Guest (S-1-5-21-4161042128-27025238-194098315-501 - Limited - Disabled)
User (S-1-5-21-4161042128-27025238-194098315-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-4161042128-27025238-194098315-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Spybot - Search and Destroy (Disabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Out of date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader 7.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 24.8.6127 - Avast Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.5.0.0 - )
Curse at Twilight: Thief of Souls (HKLM-x32\...\BFG-Curse at Twilight - Thief of Souls) (Version: - )
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
Dolby Audio X2 Windows APP (HKLM\...\{4A02DCED-C2B0-4DD3-87BD-7D8E68D6AF3C}) (Version: 0.8.6.75 - Dolby Laboratories, Inc.) Hidden
f.lux (HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\Flux) (Version: 4.131 - f.lux Software LLC)
Fishdom - Spooky Splash (HKLM-x32\...\BFG-Fishdom - Spooky Splash) (Version: - )
Fishdom (HKLM-x32\...\BFG-Fishdom) (Version: - )
Halloween Jigsaw Puzzle Stash (HKLM-x32\...\BFG-Halloween Jigsaw Puzzle Stash) (Version: - )
Hotel (HKLM-x32\...\BFG-Hotel) (Version: - )
Infected: The Twin Vaccine (HKLM-x32\...\BFG-Infected - The Twin Vaccine) (Version: - )
Intel® Chipset Device Software (HKLM\...\{7FB35D08-C75C-4A18-B593-1D7C3E8970AD}) (Version: 10.1.1.45 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{125B62DE-4575-4D4D-982F-AB6F9E913B54}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1052 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{DF4E2424-348F-4227-9096-8EA478DFAB4E}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® Management Engine Driver (HKLM\...\{258E992F-46AD-45FB-B83B-0CE0EC6FC549}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
LibreOffice 7.1.5.2 (HKLM\...\{4F0D0C39-A2CD-4908-AA4C-A1CC9BDCD71A}) (Version: 7.1.5.2 - The Document Foundation)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 128.0.2739.79 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 128.0.2739.79 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{8B4DBB94-B69B-4C4F-AADD-C10CFB220F1F}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{56C76A75-BF3A-41E9-96D6-929E058DD38F}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24215 (HKLM\...\{EF1EC6A9-17DE-3DA9-B040-686A1E8A8B04}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24215 (HKLM\...\{50A2BC33-C9CD-3BF1-A8FF-53C10A0B183C}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215 (HKLM-x32\...\{69BCE4AC-9572-3271-A2FB-9423BDA36A43}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215 (HKLM-x32\...\{BBF2AC74-720C-3CB3-8291-5E34039232FA}) (Version: 14.0.24215 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 130.0 (x64 en-US)) (Version: 130.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.6.1 - Mozilla)
NAPS2 6.1.2 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version: - Ben Olden-Cooligan)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Respondus LockDown Browser 2 (HKLM-x32\...\{BBC7F69B-7A94-41E9-8A4B-B55A8D06431F}) (Version: 2.00.0000 - Respondus)
Smart Defrag 9 (HKLM-x32\...\Smart Defrag_is1) (Version: 9.4.0.342 - IObit)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-3) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-4) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\ZoomUMX) (Version: 5.17.10 (33775) - Zoom Video Communications, Inc.)

Packages:
=========

HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_122.2.834.0_x64__v10z8vjag6ke6 [2021-02-14] (HP Inc.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.9.183.0_x86__k1h2ywk1493x8 [2018-06-17] (LENOVO INC.)
LenovoUtility -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_3.0.46.0_x64__5grkq8ppsgwt4 [2018-11-22] (LENOVO INC) [Startup Task]
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad]
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-09-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-23] (Microsoft Corporation)
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-23] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-23] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16030.11001.20108.0_x86__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
MPEG-2 Video Extension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.12831.0_x64__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.26.12153.0_x64__8wekyb3d8bbwe [2018-11-22] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2019-12-07] (Skype)
VitalSource Bookshelf -> C:\Program Files\WindowsApps\VitalSourceTechnologiesIn.VitalSourceBookshelf_9.3.11.0_x64__wasrd15zsyawm [2020-08-24] (VitalSource Technologies Inc)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\FileCoAuth.exe => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2024-03-22] (IObit Information Technology -> IObit)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki127199.inf_amd64_36402df9d3632dc5\igfxDTCM.dll [2018-03-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2024-09-11] (Avast Software s.r.o. -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-26] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2024-03-22] (IObit Information Technology -> IObit)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Ed in a Box 2.4\DEB Website.lnk -> hxxp://www.driveredinabox.com
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Ed in a Box 2.4\Report Error.lnk -> hxxp://www.driveredinabox.com/support/index.ph

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:00AFE22A [456]
AlternateDataStreams: C:\ProgramData\TEMP:0125B9F7 [246]
AlternateDataStreams: C:\ProgramData\TEMP:021703B2 [232]
AlternateDataStreams: C:\ProgramData\TEMP:07C99568 [211]
AlternateDataStreams: C:\ProgramData\TEMP:0E8117B1 [221]
AlternateDataStreams: C:\ProgramData\TEMP:0FF28C38 [255]
AlternateDataStreams: C:\ProgramData\TEMP:145E3D35 [249]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2E9900EE [215]
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68 [213]
AlternateDataStreams: C:\ProgramData\TEMP:31C9BA96 [233]
AlternateDataStreams: C:\ProgramData\TEMP:3407CC28 [257]
AlternateDataStreams: C:\ProgramData\TEMP:3B4DA230 [222]
AlternateDataStreams: C:\ProgramData\TEMP:408A104E [244]
AlternateDataStreams: C:\ProgramData\TEMP:410A2E9A [232]
AlternateDataStreams: C:\ProgramData\TEMP:4329D25A [237]
AlternateDataStreams: C:\ProgramData\TEMP:507C1BA0 [242]
AlternateDataStreams: C:\ProgramData\TEMP:51E66512 [227]
AlternateDataStreams: C:\ProgramData\TEMP:52886450 [229]
AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48 [222]
AlternateDataStreams: C:\ProgramData\TEMP:5C0CABC7 [237]
AlternateDataStreams: C:\ProgramData\TEMP:5E9EE2DE [227]
AlternateDataStreams: C:\ProgramData\TEMP:60E755E6 [249]
AlternateDataStreams: C:\ProgramData\TEMP:6FD26134 [207]
AlternateDataStreams: C:\ProgramData\TEMP:717F51DE [229]
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB [228]
AlternateDataStreams: C:\ProgramData\TEMP:87E3D720 [248]
AlternateDataStreams: C:\ProgramData\TEMP:887F3A41 [226]
AlternateDataStreams: C:\ProgramData\TEMP:88A44CC1 [240]
AlternateDataStreams: C:\ProgramData\TEMP:8C232F4D [233]
AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB [464]
AlternateDataStreams: C:\ProgramData\TEMP:9DB344BB [235]
AlternateDataStreams: C:\ProgramData\TEMP:A4CDE823 [238]
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67 [240]
AlternateDataStreams: C:\ProgramData\TEMP:C16218C3 [148]
AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1 [246]
AlternateDataStreams: C:\ProgramData\TEMP:C7D35E8C [247]
AlternateDataStreams: C:\ProgramData\TEMP5151683 [233]
AlternateDataStreams: C:\ProgramData\TEMP5F4DEBF [257]
AlternateDataStreams: C:\ProgramData\TEMPCB8068C [247]
AlternateDataStreams: C:\ProgramData\TEMP:E402E439 [250]
AlternateDataStreams: C:\ProgramData\TEMP:ECFD9449 [436]
AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC [238]
AlternateDataStreams: C:\ProgramData\TEMP:EE445D7C [248]
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D [229]
AlternateDataStreams: C:\ProgramData\TEMP:F19A4790 [231]
AlternateDataStreams: C:\ProgramData\TEMP:FBE06E1D [466]

 

And here's the rest:

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

HKU\S-1-5-21-4161042128-27025238-194098315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4161042128-27025238-194098315-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-4161042128-27025238-194098315-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-4161042128-27025238-194098315-1001 -> DefaultScope {DC664FD2-F673-4866-B722-5372B6511B33} URL =
SearchScopes: HKU\S-1-5-21-4161042128-27025238-194098315-1001 -> {DC664FD2-F673-4866-B722-5372B6511B33} URL =
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.

IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\123simsen.com -> www.123simsen.com

There are 7940 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-11-29 18:57 - 2024-06-10 11:27 - 000454626 ____R C:\WINDOWS\system32\drivers\etc\hosts
104.129.18.2 us-central-016.staticnetcontent.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 15604 more lines.


==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4161042128-27025238-194098315-1001\Control Panel\Desktop\\Wallpaper -> c:\users\mariah\appdata\roaming\mozilla\firefox\desktop background.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Qualcomm Atheros QCA9377 Wireless Network Adapter -> Qcamain10x64.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-4161042128-27025238-194098315-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{156723D8-E0D2-45BC-8F99-7235682D219E}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2C76ED30-C25B-4C42-B753-DCF7B6724405}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{3BA09F13-4EF6-4D98-BC32-F93C8FDBE180}C:\program files (x86)\respondus\lockdown browser\lockdownbrowser.exe] => (Allow) C:\program files (x86)\respondus\lockdown browser\lockdownbrowser.exe (Respondus, Inc. -> )
FirewallRules: [TCP Query User{7DC9AC5D-1503-487B-8CB9-E4853CDF15A9}C:\program files (x86)\respondus\lockdown browser\lockdownbrowser.exe] => (Allow) C:\program files (x86)\respondus\lockdown browser\lockdownbrowser.exe (Respondus, Inc. -> )
FirewallRules: [{9E874C3E-29D7-4825-965B-0E643C1BE226}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D46FC6F8-E5CA-40A1-9C47-2CE534415A05}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FAFE5243-D959-4CB9-928B-1A024702687B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5A4E17E0-8BFC-4585-BC09-015E0D1DDCED}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{82A48892-3554-4D15-891D-92457F4AF409}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{8C67835F-CAA6-4063-83D3-1E48A51F1624}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{5180858E-BF8D-4DD6-93CA-84E2540D1E69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Barrow Hill\Barrow Hill.exe (Macromedia, Inc.) [File not signed]
FirewallRules: [{49719C84-5817-4668-A95A-DA8438364CE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Barrow Hill\Barrow Hill.exe (Macromedia, Inc.) [File not signed]
FirewallRules: [{5E264F81-EF6D-42EE-BF49-C66AD7853037}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{14ADC9EC-F919-4865-8BED-9E2ECDC61F9D}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{EFF7194F-CC11-4B8D-A3AE-E53B5C6DECD3}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F83DAFE8-69F7-49D0-8E87-EAFC9DDEC073}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A20D8879-D92D-4203-90E2-B541FF9F03C0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{8C585ADC-9819-4A8C-870F-C889791B0C5B}C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe] => (Block) C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe => No File
FirewallRules: [UDP Query User{C0ED26EC-9BB5-4D12-BFFE-24385C9E58FC}C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe] => (Block) C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe => No File
FirewallRules: [{31EB38E0-7557-424B-A5F0-8E22350CE856}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{C455D791-F662-4635-AFAA-AC5DA00AD146}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> Gen Digital Inc.)
FirewallRules: [{BFE3F978-7398-4C9E-8212-03E5D5FAB49E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Restore Points =========================

30-08-2024 10:18:59 Scheduled Checkpoint
10-09-2024 14:43:19 Windows Modules Installer
11-09-2024 08:45:32 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (09/16/2024 05:40:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x2e98
Faulting application start time: 0x01db08896e126b5f
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: fb16bf39-2ceb-4fdf-96ac-8c7353a2eff5
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 03:50:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0xc8c
Faulting application start time: 0x01db087a101f5568
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 8f9567ec-0b5b-4bd2-ad2a-128df637d32c
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 03:44:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: explorerframe.dll_unloaded, version: 10.0.19041.4842, time stamp: 0xf39685de
Exception code: 0xc0000005
Fault offset: 0x001660b6
Faulting process id: 0x58c
Faulting application start time: 0x01db0878aa7e7238
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: explorerframe.dll
Report Id: 983b3afd-3f78-4cd9-bcce-b325771d9f6a
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 03:40:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x58c
Faulting application start time: 0x01db0878aa7e7238
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 9c93b72a-8fe7-4a42-a42d-84ad4e2821db
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 03:32:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: explorerframe.dll_unloaded, version: 10.0.19041.4842, time stamp: 0xf39685de
Exception code: 0xc0000005
Fault offset: 0x001660b6
Faulting process id: 0x8d0
Faulting application start time: 0x01db0874799a1224
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: explorerframe.dll
Report Id: e1214d07-87c7-4331-9157-768253098764
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 03:10:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x8d0
Faulting application start time: 0x01db0874799a1224
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 77a73837-0898-44eb-b938-e29c598ef28c
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 03:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: explorerframe.dll_unloaded, version: 10.0.19041.4842, time stamp: 0xf39685de
Exception code: 0xc0000005
Fault offset: 0x001660b6
Faulting process id: 0x2efc
Faulting application start time: 0x01db0870a3344d9d
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: explorerframe.dll
Report Id: 44eaeb66-15be-44f7-9f88-86146698bacd
Faulting package full name:
Faulting package-relative application ID:

Error: (09/16/2024 02:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Faulting module name: SDUpdate.exe, version: 2.8.68.100, time stamp: 0x5ea5e0d1
Exception code: 0xc0000005
Fault offset: 0x00005c92
Faulting process id: 0x2efc
Faulting application start time: 0x01db0870a3344d9d
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Report Id: 0cada336-487c-4b83-a00d-b93a108ab41b
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (09/16/2024 01:35:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtkAudioService service.

Error: (09/15/2024 07:25:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/15/2024 01:08:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMS service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/15/2024 01:03:31 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.

Error: (09/15/2024 12:59:28 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.

Error: (09/15/2024 12:55:25 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.

Error: (09/15/2024 12:51:23 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.

Error: (09/15/2024 12:46:58 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {752073A1-23F2-4396-85F0-8FDB879ED0ED} timed out waiting for the service TrustedInstaller to stop.


Windows Defender:
================
Date: 2021-02-11 14:27:38
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-10 14:57:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-10 14:01:36
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-09 23:16:08
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-09 22:03:28
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan
Event[0]:

Date: 2024-06-12 10:00:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.413.253.0
Previous security intelligence Version: 1.379.525.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.24050.5
Previous Engine Version: 1.1.19800.4
Error code: 0x80004004
Error description: Operation aborted

Date: 2024-06-12 10:00:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.413.253.0
Previous security intelligence Version: 1.379.525.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.24050.5
Previous Engine Version: 1.1.19800.4
Error code: 0x80004004
Error description: Operation aborted

Date: 2024-06-12 10:00:25
Description:
Microsoft Defender Antivirus has encountered an error trying to update the engine.
New Engine Version: 1.1.24050.5
Previous Engine Version: 1.1.19800.4
Error Code: 0x80004004
Error description: Operation aborted

Date: 2024-05-15 12:32:10
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.411.154.0
Previous security intelligence Version: 1.379.525.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 1.1.24040.1
Previous Engine Version: 1.1.19800.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Date: 2024-05-15 12:32:10
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.411.154.0
Previous security intelligence Version: 1.379.525.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 1.1.24040.1
Previous Engine Version: 1.1.19800.4
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

CodeIntegrity:
===============
Date: 2024-09-16 17:44:42
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO 8TCN61WW 05/19/2021
Motherboard: LENOVO LNVNB161216
Processor: Intel® Core™ i3-8130U CPU @ 2.20GHz
Percentage of memory in use: 83%
Total physical RAM: 4005.22 MB
Available physical RAM: 659.74 MB
Total Virtual: 7205.22 MB
Available Virtual: 2792.28 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.27 GB) (Free:860.55 GB) (Model: ST1000LM035-1RK172) NTFS

\\?\Volume{65961297-bb8f-4dc0-b48d-610e36976871}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.35 GB) NTFS
\\?\Volume{58b07d5c-9037-4c4f-8447-1c8ba7f8e41f}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EC695FFA)

Partition: GPT.

==================== End of Addition.txt =======================





Thanks again

 

Hi Gary, and thank you for your patience with me. The reply you want next will be coming soon, I haven't started working on your requests yet, I need to tell you some things first.

While waiting for responses, I got a little anxious. I'd posted about this issue on a different geek site, and had no response for 3 days now (guess I'll be sticking with Major Geeks from now on). I do online banking, and was worried that the longer I waited the worse the problem would get (if someone was messing with my computer)

So, I deleted the magically appearing shortcuts last night, cleared my recycle bin, and started running scans. (because I deleted them, I don't think I can get you the file path names, right? They were downloaded into a folder on my desktop, if that helps at all)

I ran an Avast free full system scan, and last night the scan errored or something and could not complete. So, I restarted my computer, finished the scan (it completed normally this time) and found nothing. In my scan history, by the scan that could not finish, there is a ghost icon with a yellow exclamation point (I don't know what this means, but the following scan completed okay, so I guess it's okay?)

This morning, I ran malwarebytes, and found nothing. I ran spybot, and found nothing. Now a spybot rootkit scan is running, and once it is done (should be any minute now) I'll start working on your requests.

Just curious, can you explain what the steps you want me to take will accomplish?

Can you also let me know if you think I should be freaking out so, or if this is not so huge of a disaster?

Thanks for your help!

 

Thanks for explaining.

So, obviously, there's no file path to show you.

I removed QuickTime, Smart Defrag 9, and Spybot.

Here's the log (I only see one log this time, is there supposed to just be one?):

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024
Ran by User (18-09-2024 17:54:26) Run:1
Running from C:\Users\User\Desktop
Loaded Profiles: User
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Folder: C:\Users\User\AppData\Roaming\JetFun
2024-09-01 00:43 - 2024-09-01 00:43 - 000000000 ____D C:\Users\User\AppData\Roaming\JetFun
2024-09-16 00:21 - 2018-11-23 18:49 - 000000000 ____D C:\ProgramData\TEMP
Task: {23E7A971-068D-403E-B6FE-9DDE17D2FE59} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\18.192.0920.0015\FileCoAuth.exe => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [{82A48892-3554-4D15-891D-92457F4AF409}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{8C67835F-CAA6-4063-83D3-1E48A51F1624}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{8C585ADC-9819-4A8C-870F-C889791B0C5B}C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe] => (Block) C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe => No File
FirewallRules: [UDP Query User{C0ED26EC-9BB5-4D12-BFFE-24385C9E58FC}C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe] => (Block) C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe => No File
U1 aswbdisk; no ImagePath
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
AlternateDataStreams: C:\ProgramData\TEMP:00AFE22A [456]
AlternateDataStreams: C:\ProgramData\TEMP:0125B9F7 [246]
AlternateDataStreams: C:\ProgramData\TEMP:021703B2 [232]
AlternateDataStreams: C:\ProgramData\TEMP:07C99568 [211]
AlternateDataStreams: C:\ProgramData\TEMP:0E8117B1 [221]
AlternateDataStreams: C:\ProgramData\TEMP:0FF28C38 [255]
AlternateDataStreams: C:\ProgramData\TEMP:145E3D35 [249]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2E9900EE [215]
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68 [213]
AlternateDataStreams: C:\ProgramData\TEMP:31C9BA96 [233]
AlternateDataStreams: C:\ProgramData\TEMP:3407CC28 [257]
AlternateDataStreams: C:\ProgramData\TEMP:3B4DA230 [222]
AlternateDataStreams: C:\ProgramData\TEMP:408A104E [244]
AlternateDataStreams: C:\ProgramData\TEMP:410A2E9A [232]
AlternateDataStreams: C:\ProgramData\TEMP:4329D25A [237]
AlternateDataStreams: C:\ProgramData\TEMP:507C1BA0 [242]
AlternateDataStreams: C:\ProgramData\TEMP:51E66512 [227]
AlternateDataStreams: C:\ProgramData\TEMP:52886450 [229]
AlternateDataStreams: C:\ProgramData\TEMP:5BC73C48 [222]
AlternateDataStreams: C:\ProgramData\TEMP:5C0CABC7 [237]
AlternateDataStreams: C:\ProgramData\TEMP:5E9EE2DE [227]
AlternateDataStreams: C:\ProgramData\TEMP:60E755E6 [249]
AlternateDataStreams: C:\ProgramData\TEMP:6FD26134 [207]
AlternateDataStreams: C:\ProgramData\TEMP:717F51DE [229]
AlternateDataStreams: C:\ProgramData\TEMP:7A2101AB [228]
AlternateDataStreams: C:\ProgramData\TEMP:87E3D720 [248]
AlternateDataStreams: C:\ProgramData\TEMP:887F3A41 [226]
AlternateDataStreams: C:\ProgramData\TEMP:88A44CC1 [240]
AlternateDataStreams: C:\ProgramData\TEMP:8C232F4D [233]
AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB [464]
AlternateDataStreams: C:\ProgramData\TEMP:9DB344BB [235]
AlternateDataStreams: C:\ProgramData\TEMP:A4CDE823 [238]
AlternateDataStreams: C:\ProgramData\TEMP:A6E01F67 [240]
AlternateDataStreams: C:\ProgramData\TEMP:C16218C3 [148]
AlternateDataStreams: C:\ProgramData\TEMP:C605E0E1 [246]
AlternateDataStreams: C:\ProgramData\TEMP:C7D35E8C [247]
AlternateDataStreams: C:\ProgramData\TEMP5151683 [233]
AlternateDataStreams: C:\ProgramData\TEMP5F4DEBF [257]
AlternateDataStreams: C:\ProgramData\TEMPCB8068C [247]
AlternateDataStreams: C:\ProgramData\TEMP:E402E439 [250]
AlternateDataStreams: C:\ProgramData\TEMP:ECFD9449 [436]
AlternateDataStreams: C:\ProgramData\TEMP:EE2DD6CC [238]
AlternateDataStreams: C:\ProgramData\TEMP:EE445D7C [248]
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D [229]
AlternateDataStreams: C:\ProgramData\TEMP:F19A4790 [231]
AlternateDataStreams: C:\ProgramData\TEMP:FBE06E1D [466]
SearchScopes: HKU\S-1-5-21-4161042128-27025238-194098315-1001 -> DefaultScope {DC664FD2-F673-4866-B722-5372B6511B33} URL =
SearchScopes: HKU\S-1-5-21-4161042128-27025238-194098315-1001 -> {DC664FD2-F673-4866-B722-5372B6511B33} URL =
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
*****************

Restore point was successfully created.
Processes closed successfully.

========================= Folder: C:\Users\User\AppData\Roaming\JetFun ========================

2024-09-01 00:43 - 2024-09-01 00:44 - 000000000 ____D [00000000000000000000000000000000] C:\Users\User\AppData\Roaming\JetFun\Cruel_Collections__The_Any_Wish_Hotel
2024-09-01 00:43 - 2024-09-05 00:20 - 000000175 ____A [67FFB4A730380B5D64FCBA1A942C8465] () C:\Users\User\AppData\Roaming\JetFun\Cruel_Collections__The_Any_Wish_Hotel\awh_config.ini
2024-09-01 00:44 - 2024-09-05 00:21 - 000300310 ____A [CD9918966D105BCA074B773B010E5EDA] () C:\Users\User\AppData\Roaming\JetFun\Cruel_Collections__The_Any_Wish_Hotel\save000.sav
2024-09-01 00:43 - 2024-09-05 00:15 - 000058469 ____A [8AA268C97AEFE7B59A38EB0A03597BCB] () C:\Users\User\AppData\Roaming\JetFun\Cruel_Collections__The_Any_Wish_Hotel\save010.sav

====== End of Folder: ======


"C:\Users\User\AppData\Roaming\JetFun" Folder move:

C:\Users\User\AppData\Roaming\JetFun => moved successfully

"C:\ProgramData\TEMP" Folder move:

C:\ProgramData\TEMP => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23E7A971-068D-403E-B6FE-9DDE17D2FE59}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23E7A971-068D-403E-B6FE-9DDE17D2FE59}" => removed successfully
C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task v2" => removed successfully
HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKU\S-1-5-21-4161042128-27025238-194098315-1001_Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82A48892-3554-4D15-891D-92457F4AF409}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8C67835F-CAA6-4063-83D3-1E48A51F1624}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8C585ADC-9819-4A8C-870F-C889791B0C5B}C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C0ED26EC-9BB5-4D12-BFFE-24385C9E58FC}C:\users\User\appdata\local\programs\opera\78.0.4093.112\opera.exe" => removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected
"HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}" => removed successfully
"C:\ProgramData\TEMP" => ":00AFE22A" ADS not found.
"C:\ProgramData\TEMP" => ":0125B9F7" ADS not found.
"C:\ProgramData\TEMP" => ":021703B2" ADS not found.
"C:\ProgramData\TEMP" => ":07C99568" ADS not found.
"C:\ProgramData\TEMP" => ":0E8117B1" ADS not found.
"C:\ProgramData\TEMP" => ":0FF28C38" ADS not found.
"C:\ProgramData\TEMP" => ":145E3D35" ADS not found.
"C:\ProgramData\TEMP" => ":2CB9631F" ADS not found.
"C:\ProgramData\TEMP" => ":2E9900EE" ADS not found.
"C:\ProgramData\TEMP" => ":2F141B68" ADS not found.
"C:\ProgramData\TEMP" => ":31C9BA96" ADS not found.
"C:\ProgramData\TEMP" => ":3407CC28" ADS not found.
"C:\ProgramData\TEMP" => ":3B4DA230" ADS not found.
"C:\ProgramData\TEMP" => ":408A104E" ADS not found.
"C:\ProgramData\TEMP" => ":410A2E9A" ADS not found.
"C:\ProgramData\TEMP" => ":4329D25A" ADS not found.
"C:\ProgramData\TEMP" => ":507C1BA0" ADS not found.
"C:\ProgramData\TEMP" => ":51E66512" ADS not found.
"C:\ProgramData\TEMP" => ":52886450" ADS not found.
"C:\ProgramData\TEMP" => ":5BC73C48" ADS not found.
"C:\ProgramData\TEMP" => ":5C0CABC7" ADS not found.
"C:\ProgramData\TEMP" => ":5E9EE2DE" ADS not found.
"C:\ProgramData\TEMP" => ":60E755E6" ADS not found.
"C:\ProgramData\TEMP" => ":6FD26134" ADS not found.
"C:\ProgramData\TEMP" => ":717F51DE" ADS not found.
"C:\ProgramData\TEMP" => ":7A2101AB" ADS not found.
"C:\ProgramData\TEMP" => ":87E3D720" ADS not found.
"C:\ProgramData\TEMP" => ":887F3A41" ADS not found.
"C:\ProgramData\TEMP" => ":88A44CC1" ADS not found.
"C:\ProgramData\TEMP" => ":8C232F4D" ADS not found.
"C:\ProgramData\TEMP" => ":922DA2DB" ADS not found.
"C:\ProgramData\TEMP" => ":9DB344BB" ADS not found.
"C:\ProgramData\TEMP" => ":A4CDE823" ADS not found.
"C:\ProgramData\TEMP" => ":A6E01F67" ADS not found.
"C:\ProgramData\TEMP" => ":C16218C3" ADS not found.
"C:\ProgramData\TEMP" => ":C605E0E1" ADS not found.
"C:\ProgramData\TEMP" => ":C7D35E8C" ADS not found.
"C:\ProgramData\TEMP" => "5151683" ADS not found.
"C:\ProgramData\TEMP" => "5F4DEBF" ADS not found.
"C:\ProgramData\TEMP" => "CB8068C" ADS not found.
"C:\ProgramData\TEMP" => ":E402E439" ADS not found.
"C:\ProgramData\TEMP" => ":ECFD9449" ADS not found.
"C:\ProgramData\TEMP" => ":EE2DD6CC" ADS not found.
"C:\ProgramData\TEMP" => ":EE445D7C" ADS not found.
"C:\ProgramData\TEMP" => ":F1175E1D" ADS not found.
"C:\ProgramData\TEMP" => ":F19A4790" ADS not found.
"C:\ProgramData\TEMP" => ":FBE06E1D" ADS not found.
"HKU\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC664FD2-F673-4866-B722-5372B6511B33} => removed successfully

========= sfc /scannow =========



Beginning system scan. This process will take some time.



Beginning verification phase of system scan.


Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 4% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 16% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 28% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 32% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 44% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 56% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 84% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.


Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.



========= End of CMD: =========


========= DISM /Online /Cleanup-Image /CheckHealth =========


Deployment Image Servicing and Management tool
Version: 10.0.19041.3636

Image Version: 10.0.19045.4894

No component store corruption detected.
The operation completed successfully.


========= End of CMD: =========


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 18-09-2024 19:03:56)


Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\aswbdisk => could not remove, key could be protected

==== End of Fixlog 19:04:31 ====

Thanks!

 

Yes, I recognize Cruel Collections, it's a game I bought.

Here's the search log:

Farbar Recovery Scan Tool (x64) Version: 16-09-2024
Ran by User (18-09-2024 21:40:16)
Running from C:\Users\User\Desktop
Boot Mode: Normal

================== Search Files: "11+zeBoqC-L.js;31bJewCvY-L.js" =============


====== End of Search ======

What is this? What were we searching for?

Thanks again for all your help.

 

Here is the log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024
Ran by User (19-09-2024 08:35:19) Run:2
Running from C:\Users\User\Desktop
Loaded Profiles: User
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
RestoreQuarantine: C:\FRST\Quarantine\C\Users\User\AppData\Roaming\JetFun
End::
*****************

RestoreQuarantine: C:\FRST\Quarantine\C\Users\User\AppData\Roaming\JetFun=> Restoring from Quarantine completed.

==== End of Fixlog 08:35:21 ====

 

Here is the sophos report, it seemed to just find some cookies and coupon bars I didn't know I know I had (I hate how everything sneaks something on your computer these days):

Code:

Sophos Scan & Clean
www.sophos.com

   Computer name . . . . : LAPTOP-1755NSUL
   Windows . . . . . . . : 10.0.0.19045.X64/4
   User name . . . . . . : LAPTOP-1755NSUL\User
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2024-09-19 08:50:33
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 18m 33s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 3

   Objects scanned . . . : 2,687,184
   Files scanned . . . . : 60,682
   Remnants scanned  . . : 901,664 files / 1,724,838 keys

Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net

 

Do you think it's safe enough to do online banking on this computer now?

I also wonder about glitches in Avast. I've used Avast for years, but lately when I try to update the virus definitions, the green bar moves as if it's trying to, then it doesn't update and I am unable to click the update button. If I close Avast and attempt to update again multiple times, eventually it works, so I've been ignoring the problem. However, in running scans while waiting for help during this weird Amazon incident, on two different computers the Avast full system scan didn't finish normally. Instead of showing "No malware found" it just showed a blank screen (on the avast scan window). If I go to Protection, then Virus scans, under Full system scan there is a full green bar that says 100%, but if I click it, it takes me back to the blank Avast window. I restarted both computers, and under the scan history it shows that the scan completed but there is a ghost icon with a yellow exclamation point next to it. I've never seen this ghost thing before, it's not by any other scans in my history. I ran the scan again on both computers, and on this one we've been working on it completed normally, but on the other computer the same problem occurred again. I posted on the avast forum, and am awaiting a response...

Also while working with you (and avast freaking out on my other computer) I was reminded that I've had an Amazon shortcut on my other computer that I am unable to delete. I don't remember putting that shortcut there, but this happened several months ago and I wondered if a family member did it. I tried to delete it, and it wouldn't let me. I researched the problem a little and found no helpful information about shortcuts you can't delete, but life was a mess at the time, and since the shortcut wasn't bothering me as long as I wasn't trying to bother it, I forgot about it. It didn't appear following any sort of concerning incident with Amazon, and I don't use that computer as often for banking, so I figured it wasn't a big deal. After all this, I'm wondering if it is a bigger deal than I thought. Also, since I can't delete that one, obviously it's still there. I wonder if you want to take a look at that computer and see if you can learn anything you haven't been able to learn on this one? (and perhaps help me delete it and make sure that computer is safe as well?)

So, I guess my questions are:
Would you feel safe if you were me to use this computer normally now?
Do you have thoughts about Avast acting up?
Can I pick your brain and get some advice regarding my other computer when we are done with this one, and if so do you want to do this before or after the clean up and final instructions you want to post?

Thank you really very much for all your help. I always say I'm going to learn more about this stuff, and never seem to find the time.

 

Thanks. I will completely uninstall and reinstall avast, as I know not what else to use.

While you're waiting on me to complete these steps, is there something you like better than Avast that you would suggest? Maybe I could check it out and switch in the future, sometimes I find Avast irritating.

 

:O Oh my! This makes me feel less stupid, though. I greatly appreciate your help.

 

Okay, Avast is uninstalled, and here is the search log. It's a serious log! I guess some things were found. I can't get it all in one post, so here's the first part:

Farbar Recovery Scan Tool (x64) Version: 16-09-2024
Ran by User (19-09-2024 14:04:05)
Running from C:\Users\User\Desktop
Boot Mode: Normal

================== Search Files: "SearchAll: Avast;Avira" =============

File:
========
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.cat
[2020-09-27 10:19][2020-09-27 10:19] 000007456 _____ () DE67AC8142C10EB12E8AE6C6CDBAF799 [File is digitally signed]

C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.manifest
[2020-09-27 10:19][2020-09-27 10:19] 000024123 _____ () 47437B704B6D56328C347347462CD02D [File not signed]

C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.cat
[2020-09-27 10:23][2020-09-27 10:23] 000007457 _____ () 2A9DFB92BD6DECA69672261DFB9E044D [File is digitally signed]

C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.manifest
[2020-09-27 10:23][2020-09-27 10:23] 000001231 _____ () A77C3C57546E0E66394A1DD29129052B [File not signed]

C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.cat
[2020-09-27 10:27][2020-09-27 10:27] 000007456 _____ () EAC8D7698558B21A1A533C6A567C06BD [File is digitally signed]

C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.manifest
[2020-09-27 10:27][2020-09-27 10:27] 000000754 _____ () F6ED6E08D09EBE10597CB2966F6C394E [File not signed]

C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.cat
[2020-09-27 10:27][2020-09-27 10:27] 000007457 _____ () 777DD2D0BC92B002B9236B6F4F61CB05 [File is digitally signed]

C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.manifest
[2020-09-27 10:27][2020-09-27 10:27] 000000754 _____ () 44D5DDB1B2C027176887E75382F29D55 [File not signed]

C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.cat
[2020-09-27 10:28][2020-09-27 10:28] 000007457 _____ () F7BAEFE116151719499F97B4D7A29BC5 [File is digitally signed]

C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.manifest
[2020-09-27 10:28][2020-09-27 10:28] 000023610 _____ () FF9B36754303E435AFFABAB5168718B4 [File not signed]

C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.cat
[2020-09-27 10:29][2020-09-27 10:29] 000007457 _____ () B021FBE34930277301DEEC14CDD9E3FE [File is digitally signed]

C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.manifest
[2020-09-27 10:29][2020-09-27 10:29] 000001227 _____ () 955669576F50AF3D88281103865D3A1D [File not signed]

C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.cat
[2020-09-27 10:29][2020-09-27 10:29] 000007457 _____ () F8999365A25BB341C55C70CB32DF2D46 [File is digitally signed]

C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.manifest
[2020-09-27 10:29][2020-09-27 10:29] 000000750 _____ () 709C8063694781F6371E817243F0EB0F [File not signed]

C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.cat
[2020-09-27 10:29][2020-09-27 10:30] 000007456 _____ () DFB0071CF316CD33F04392304A02A289 [File is digitally signed]

C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.manifest
[2020-09-27 10:30][2020-09-27 10:30] 000000750 _____ () 8D1CB478D2A7A6AFAE2C38C6524EDA4B [File not signed]

C:\Windows\System32\Tasks_Migrated\Avast Emergency Update
[2019-08-14 12:05][2020-09-28 07:38] 000004264 _____ () B3002875685F11D4EB8B7A11DBA33CCA [File not signed]

C:\Users\User\Desktop\scans etc\Avast Free Antivirus.lnk
[2022-11-17 21:28][2022-11-17 21:28] 000002043 _____ () C6862058B74D93BA391FD8676929DC03 [File not signed]

C:\Users\User\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\avast! Antivirus
[2021-04-30 16:50][2021-04-30 16:50] 000037014 _____ () 3212927E3EDF091342487F5EBB045245 [File not signed]

C:\ProgramData\Intel\ShaderCache\AvastUI_0
[2020-09-28 09:25][2020-09-28 09:25] 000000000 _____ () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\ProgramData\Intel\ShaderCache\AvastUI_1
[2020-09-28 09:25][2020-09-28 09:25] 000000000 _____ () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\ProgramData\Intel\ShaderCache\AvastUI_2
[2020-09-28 09:25][2020-09-28 09:25] 000000000 _____ () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\ProgramData\AVAST Software\Subscriptions\license.avastlic
[2018-11-22 16:02][2024-09-17 15:57] 000000981 _____ () 36A899307B8492144E21FF4774AF3474 [File not signed]

C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16030.11001.20108.0_x86__8wekyb3d8bbwe\Office16\1060\DataServices\+NovaPovezavaStrežnikaSQL.odc
[2018-06-17 05:33][2018-06-17 05:34] 000000196 _____ () 149E8C684B9EA9887DD2E7E596E7187C [File not signed]

C:\Program Files\LibreOffice\share\config\soffice.cfg\cui\ui\javastartparametersdialog.ui
[2021-07-17 15:04][2021-07-17 15:04] 000015786 _____ () F16A462931A4358E72D40F7D0C458A57 [File not signed]


Folder:
========
2020-09-27 10:19 - 2020-09-27 10:19 _____ C:\Windows\WinSxS\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5
2020-09-27 10:23 - 2020-09-27 10:23 _____ C:\Windows\WinSxS\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128
2020-09-27 10:28 - 2020-09-27 10:28 _____ C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb
2020-09-27 10:29 - 2020-09-27 10:29 _____ C:\Windows\WinSxS\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e
2019-08-14 12:05 - 2020-09-25 22:18 _____ C:\Windows\System32\Tasks_Migrated\Avast Software
2024-09-19 13:55 - 2024-09-19 13:55 _____ C:\Users\User\AppData\Roaming\Avast Software
2024-09-19 13:55 - 2024-09-19 13:55 _____ C:\Users\User\AppData\Roaming\Avast Software\Avast
2024-02-11 19:10 - 2024-02-11 19:10 _____ C:\Users\User\AppData\Local\Temp\_avast_
2018-11-22 13:39 - 2024-09-19 13:57 _____ C:\ProgramData\AVAST Software
2021-02-09 20:55 - 2021-02-10 11:07 _____ C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RNRYCGU\Avast
2021-02-09 21:26 - 2021-02-09 21:26 _____ C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RML15VM\Avast Antivirus
2021-02-09 21:26 - 2021-02-09 21:26 _____ C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RML15VM\Avast Antivirus with BCU
2021-02-09 21:26 - 2021-02-09 21:26 _____ C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RML15VM\Avast Driver Updater
2018-11-22 13:39 - 2024-09-19 13:52 _____ C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RA5WDIU\Avast

Registry:
========

===================== Search result for "Avast" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"AvastUI.exe"="0x020000000000000000000000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-2007.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-downloads.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-hq.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\download-avast.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\www.avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\telecharger-avast.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5"="0x41766173742E56433134302E4352542C2043756C747572653D6E65757472616C2C20547970653D77696E33322C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D616D643634"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128"="0x41766173742E56433134302E4D46432C2043756C747572653D6E65757472616C2C20547970653D77696E33322C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D616D643634"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f"="0x506F6C6963792E31342E302E41766173742E56433134302E4352542C2043756C747572653D6E65757472616C2C20547970653D77696E33322D706F6C6963792C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D616D643634"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862"="0x506F6C6963792E31342E302E41766173742E56433134302E4D46432C2043756C747572653D6E65757472616C2C20547970653D77696E33322D706F6C6963792C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D616D643634"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb"="0x41766173742E56433134302E4352542C2043756C747572653D6E65757472616C2C20547970653D77696E33322C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D783836"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e"="0x41766173742E56433134302E4D46432C2043756C747572653D6E65757472616C2C20547970653D77696E33322C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D783836"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235"="0x506F6C6963792E31342E302E41766173742E56433134302E4352542C2043756C747572653D6E65757472616C2C20547970653D77696E33322D706F6C6963792C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D783836"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies]
"x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168"="0x506F6C6963792E31342E302E41766173742E56433134302E4D46432C2043756C747572653D6E65757472616C2C20547970653D77696E33322D706F6C6963792C2056657273696F6E3D31342E302E32383132372E302C205075626C69634B6579546F6B656E3D666363393965653631393365626263612C2050726F636573736F724172636869746563747572653D783836"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.mfc_fcc99ee6193ebbca_none_018be6966dc83925]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_eea141d5921f913b]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributes"="{"Version":383,"SchemaVersion":1,"PartA":["App","AppVer","AttrDataVer"],"Default":["DeviceFamily","f:FlightRing","t:OSVersionFull"],"PartB":{"ACSOVERRIDE":["OSArchitecture","c:IsAlwaysOnAlwaysConnectedCapable"],"APPTARGETEDFEATUREDB":["c:FlightingBranchName","f:FlightRing","t:OSVersionFull","DeviceFamily"],"CASSCLIENT":["OSVersion","c:OSEdition","f:FlightRing","c:OSUILocale","f:FlightingBranchName","r:OEMMode"],"CDM":["ChassisTypeId","r:CurrentBranch","DeviceFamily","f:FlightingBranchName","f:FlightRing","c:InstallLanguage","c:IsDomainJoined","t:IsTestLab","OEMModel","OSArchitecture","OSVersion","t:OSSkuId","crocessorIdentifier","c:TelemetryLevel","t:IsMsftOwned","t:WCOSProductId","c:OSUILocale","c:CommercialId","c:ActivationChannel","c:SCCMClientId","c:IsCloudDomainJoined","r:WebExperience","c:FlightIds","AccountFirstChar","r:WSX_Windows_Settings_Account","r:InstallDate","r:WSX_Runtime","refaultUserRegion","a:GatedFeature_NI22H2","r:WSX_Windows_Shell_Start","a:GatedFeature_CU23H2","r:ExpStates","n:MVVersion","r:CIOptin","crocessorCores","c:TotalPhysicalRAM","r:TestRN","u:UpdateServiceUrl","u:WUfBClientManaged","r:UUSVersion","DL_OSVersion","r:ExpPkgs","u:AllowOptionalContent","n:IsMicrosoftAAD","q:WidgetsAppVer","c:IsDeviceRetailDemo","r:IsFSOverlay","a:SdbVer_NI22H2","r:EdgeStableVersion","r:Migrated_GatedFeature_NI22H2Setup","a:SdbVer_21H2","a:GatedFeature_21H2","r:UtcDataHandlingPolicies","v:SkypeRoomSystem","r:BypassNRO","c:IsVirtualDevice"],"CDM_OS":["+CDM","c:FlightIds"],"COMPATLOGGER":["osVer","ring","deviceId"],"CONTENT_DELIVERY_MANAGER":["c:OSEdition","t:OSSkuId","c:OSUILocale","a:UpgEx_CO21H2","a:GStatus_CO21H2","aataExpDateEpoch_CO21H2","a:TimestampEpochString_CO21H2","r:AndroidUserOptinValue","f:FlightingBranchName","f:FlightRing","r:CurrentBranch","procm","r:NPUEnabledDevice","MX_FlightIds","r:KnownFoldersBackupStatus","c:IsDomainJoined","iepe","iste","drgng","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentPromptAllowed","aipc","ram","prccn","prccs","prcmf"],"CORTANA_GATEKEEPER":["r:CurrentBranch","f:FlightRing","f:IsRetailOS"],"CORTANAUWP":["c:OSUILocale","t:OSVersionFull","v:CortanaAppVer"],"CORTANAUWPTEST":["+CORTANAUWP","v:CortanaAppVerTest"],"CTAC":["+FSS"],"DDC":["+WU_STORE","+_WU_PTI"],"DXDB":["DeviceFamily","f:FlightRing","r:IsHybridOrXGpu","t:OSVersionFull","OSVersion"],"EDGE_SERVICEUI":["t:LocalDeviceID","t:LocalUserID"],"FCON":["+CDM"],"FSS":["rreviewBuildsManagerEnabled","f:BranchReadinessLevelRaw","u:BranchReadinessLevelSource","r:BuildFID","teviceFamily","DeviceId","c:EnablePreviewBuilds","f:FlightingPolicyValue","f:IsRetailOS","f:ManagePreviewBuilds","OSVersionFull","t:WCOSProductId","r:SmartActiveHoursState","r:ActiveHoursStart","r:ActiveHoursEnd","r:IsCHCapableBuild","r:FSRing","s:MaxShellVersion","s:MinShellVersion","c:TPMVersion","c:SecureBootCapable","crocessorClockSpeed","crocessorCores","c:TotalPhysicalRAM","t:SMode","c:SystemVolumeTotalCapacity","c:OEMManufacturerName","c:OEMModelNumber","a:ISVM","r:AllowUpgradesWithUnsupportedTPMOrCPU","r:IntelPlatformId","r:IsConfigMgrEnabled","f:IsFlightingEnabled","reviceInfoGatherSuccessful","c:IsVirtualDevice","r:OemPartnerRing","c:FlightingBranchName","a:UpgEx_CO21H2","a:UpgEx_NI22H2","a:UpgEx_GE24H2"],"FXIRISCLIENT":["+IRISCLIENT"],"GS":["t:OSSkuId","t:OSVersionFull","r:CurrentBranch","refaultUserRegion","DeviceFamily","c:FlightIds","f:FlightingBranchName","f:FlightRing","c:IsCloudDomainJoined","t:IsMsftOwned","f:IsRetailOS","c:OSUILocale","c:IsDomainJoined"],"IRISCLIENT":["+IRISCLIENTBASE","c:FlightIds"],"IRISCLIENTBASE":["DeviceFamily","OSVersion","t:OSSkuId","OSArchitecture","c:TelemetryLevel","f:FlightRing","f:FlightingBranchName","OEMModel","c:OSUILocale","c:OSEdition","r:CurrentBranch","t:WCOSProductId","c:InstallationType","r:InstallDate","c:IsDeviceRetailDemo","f:IsRetailOS","prccs","prccn","prcmf","ram","c3DMaxFeatureLevel","c:IsAlwaysOnAlwaysConnectedCapable","t:SMode","t:LocalUserID","r:AndroidUserOptinValue","procm","MX_FlightIds","a:UpgEx_CO21H2","r:KnownFoldersBackupStatus","c:OEMModelSystemFamily","OEMName_Uncleaned","r:IsSpotlightEnabledInOEMTheme","r:IsSpotlightThemeEnabledByOEM","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed","iepe","iste","drgng","aipc","oemname","smbiosdm"],"IRISCLIENTV2":["+IRISCLIENTBASE","IX_FlightIds"],"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE":["t:OSVersionFull","t:IsTestLab","f:FlightRing"],"MITIGATION":["teviceFamily","f:FlightRing","c:FlightIds","c:IsDomainJoined","t:IsMsftOwned","f:IsRetailOS","t:IsTestLab","IsVM","OEMModel","c:OSEdition","t:OSSkuId","t:OSVersionFull","c:OSUILocale","t:SMode","f:IsFlightingEnabled","c:FirmwareVersion","c:TelemetryLevel","f:FlightingBranchName","r:CurrentBranch","OSVersion","w:FirstStorageSpaceDeviceId","r:IsCldFltSyncRoots","c:OSInstallType","v:IsNotepadExePresent","r:StrictHiveSecurityReg","a:GatedBlockId_21H1","r:UpdateOfferedDays","r:UsoScanMitigation","r:GamingServicesInstalledKey","v:FileExistsMscoreeDll","w:NetFx3State","r:WCFHTTPActivationNotificationState","w:WCFHTTPActivationState","r:WCFNonHTTPActivationNotificationState","w:WCFNonHTTPActivationState","rotNetMissingComponentsTroubleshooterSuccess","r:IIS_ASPNET","w:IIS_ASPNET_WMI","r:IIS_NetFxExtensibility","w:IIS_NetFxExtensibility_WMI","r:WAS_NetFxEnvironment","w:WAS_NetFxEnvironment_WMI","v:XamlCbsActivationStore","v:XamlCbsActivationStoreArm64","v:OnnxruntimeVer","w:ElanFingerprintDriverVersion","r:AADBrokerPluginNotRegistered","r:TenantId","r:IppPrinterBadDefaultPdc","r:FlightingOptOutState","r:CloudFilesFilter","rSAKyoceraMissingDEH","rSATATriumphMissingDEH","rSAXeroxMissingDEH","wSAKyoceraInstalledName","wSATATriumphInstalledName","w:XeroxPsaInstalledName","vmdHpControlPackageEnUs","vmdHpControlPackageMultiloc","vmdHpControlPackageTr"],"MLMOD":["ChassisTypeId","teviceFamily","f:FlightingBranchName","f:FlightRing","f:IsRetailOS","t:OSSkuId","t:OSVersionFull","c:OSUILocale","OSVersion","c:TelemetryLevel","r:CurrentBranch","t:IsTestLab","crimaryDiskType","FX_FlightIds"],"MTP":["+_WU_OS_CORE"],"MUSE":["+_WU_FB","ChassisTypeId","deviceClass","deviceId","c:FlightIds","locale","ms","os","osVer","ring","sampleId","sku","raysSince19H1FUOffer","uisableDualScan","u:UpdateServiceUrl","c:CommercialId","f:FlightingBranchName","c:SystemVolumeTotalCapacity","c:IsAlwaysOnAlwaysConnectedCapable","crocessorCores","crimaryDiskType","c:TotalPhysicalRAM","crocessorClockSpeed","crocessorIdentifier","crocessorModel","c:ActivationChannel","c:IsCloudDomainJoined","c:isCommercial","c:IsDomainJoined","c:IsMDMEnrolled","c:SCCMClientID","r:OEMSubModel","c:OEMModelNumber","c:OEMManufacturerName","r:OobeSeeker","refaultUserRegion"],"NARRATORNNV":["+WU_STORE"],"NOISYHAMMER":["+WU_OS"],"PHS":["r:GridZoneName","OEMModel","c:OEMManufacturerName","c:OSUILocale","r:OEMSubModel","DeviceFamily"],"RULESENGINE":["c:OSEdition","t:OSSkuId","c:OSUILocale","a:UpgEx_CO21H2","a:GStatus_CO21H2","aataExpDateEpoch_CO21H2","a:TimestampEpochString_CO21H2","r:AndroidUserOptinValue","f:FlightingBranchName","f:FlightRing","r:CurrentBranch","crocessorModel","r:NPUEnabledDevice","MX_FlightIds","r:KnownFoldersBackupStatus","c:IsDomainJoined","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed"],"RUXIM":["c:ActivationChannel","f:FlightRing","r:InstallDate","f:IsFlightingEnabled","a:ISVM","OEMModel","OSArchitecture","t:OSSkuId","c:SCCMClientID","r:SetupDisplayedEulaVersion","r:KioskMode","r:OobeSeeker","r:UninstallActive","c:OEMManufacturerName","r:OEMSubModel","c:OSUILocale"],"SEDIMENTPACK":["+WU_OS"],"SERVICEEXPERIENCES":["f:FlightingBranchName","f:FlightRing","s:MaxShellVersion","s:MinShellVersion","t:IsTestLab","c:TelemetryLevel","t:OSSkuId","r:CurrentBranch","OSVersion","DeviceFamily","r:WSX_Windows_Settings_Account","c:FlightIds","r:WSX_Runtime","r:WSX_Windows_Shell_Start","r:WSX_Windows_AppSample","r:WSX_Windows_AccountControl"],"SERVICING_CBS":["+WU","osVer"],"SETUP360":["t:OSSkuId","f:FlightRing"],"SMARTOPTOUT":["+CDM"],"STORAGEGROVELER":["a:Free","c:TelemetryLevel","f:FlightRing","f:IsFlightingEnabled","IsVM","t:OSVersionFull"],"UTC":["+UTC_STATIC","osVer","locale","ring","filotRing","f:IsRetailOS","ms","expId","t:SMode","f:FlightingBranchName","c:CommercialId","r:IsFeedbackHubSelfhost","c:AzureVMType","t:IsTestLab","c:TelemetryLevel","c:IsVirtualDevice","r:IsProcessorMode","r:UtcDataHandlingPolicies"],"UTC_STATIC":["os","deviceId","sampleId","deviceClass","sku","OEMModel","OEMName_Uncleaned","crimaryDiskType","crocessorModel","c:TotalPhysicalRAM"],"UUS":["OSVersion","f:FlightRing","t:IsTestLab","t:OSVersionFull","f:FlightingBranchName","r:CurrentBranch","f:IsFlightingEnabled"],"WAASASSESSMENT":["+WU_OS"],"WAASMEDIC":["os","osVer","ring","deviceClass","deviceId","locale","sku","c:ActivationChannel","c:CommercialId","r:CurrentBranch","f:FlightingBranchName","c:IsCloudDomainJoined","c:IsDomainJoined","t:IsTestLab","OSVersion","c:SCCMClientID","c:TelemetryLevel","r:FlightingOptOutState"],"WOSC":["teviceFamily","f:FlightRing","f:IsFlightingEnabled","t:IsMsftOwned","t:LocalDeviceID","t:OSSkuId","c:OSUILocale","t:OSVersionFull","c:TelemetryLevel","r:IsHybridOrXGpu","rlayFabPartyRelay","OSVersion","n:IsMicrosoftAAD","r:WOSCEndpointsSupported"],"WPSHIFT":["+MTP"],"WU":["+WU_OS","rUInternal"],"_WU_AV":["r:AvastReg","r:AvastBlackScreen","v:AvastVer","r:AvgReg","v:AvgVer","r:EsetReg","v:EsetVer","r:KasperskyReg","v:KasperskyVer","v:SymantecVer","r:TencentReg","r:TencentType","r:AhnlabInstalledKey","r:AvastInstalledKey","r:AVGInstalledKey","r:AviraInstalledKey","r:BullguardInstalledKey","r:ESETInstalledKey","r:ESTSecurityInstalledKey","r:FSecureInstalledKey","v:GDataInstalledVer","r:K7InstalledKey","r:KasperskyInstalledKey","r:KingsoftInstalledKey","r:LenovoInstalledKey","r:MalwarebytesInstalledKey","r:McAfeeInstalledKey","randaInstalledKey","r:QuickhealInstalledKey1","r:SophosInstalledKey1","r:SymantecInstalledKey","r:TencentInstalledKey","r:ThreatTrackInstalledKey","r:TrendInstalledKey","r:WebrootInstalledKey","v:K7InstalledVer"],"_WU_COMMON":

 

And the next part:

["r:CurrentBranch","refaultUserRegion","DeviceFamily","rriverPartnerRing","r:FlightContent","f:FlightingBranchName","f:FlightRing","HoloLens","c:InstallationType","c:InstallLanguage","f:IsFlightingEnabled","r:IsFlightingEnabled","c:MobileOperatorCommercialized","OEMModel","OEMName_Uncleaned","r:OemPartnerRing","OSArchitecture","OSVersion","t:OSSkuId","c:OSUILocale","crocessorManufacturer","r:ReleaseType","v:SkypeRoomSystem","t:SMode","c:TelemetryLevel","r:WindowsMixedReality","v:WuClientVer","pucPublisherId","pucDeviceModelId","pucOemPartnerRing","pucCustomPackageId","pesiredOsVersion","pesiredSystemManifestVersion","r:TenantId"],"_WU_FB":["u:BranchReadinessLevel","ueferQualityUpdatePeriodInDays","ueferFeatureUpdatePeriodInDays","rausedFeatureStatus","rausedQualityStatus","u:TargetReleaseVersion","r:QUDeadline","r:UpdatePreference","r:UpdateOfferedDays","u:TargetProductVersion","DSS_Enrolled","r:NonSecurityUpdate","u:AdminOptedIntoRebootlessUpdates"],"WU_OS":["+_WU_OS_CORE","+_WU_FB"],"_WU_OS_CORE":["+_WU_COMMON","+_WU_AV","r:AhnLabKeyboard","a:Bios","r:BlockFeatureUpdates","c:CommercialId","aataVer_RS5","risconnectedStandby","rchuNvidiaGrfxExists","rchuNvidiaGrfxVen","rchuIntelGrfxExists","rchuIntelGrfxVen","rchuAmdGrfxExists","rchuAmdGrfxVen","c:FirmwareVersion","a:Free","a:GStatus_RS3","a:GStatus_RS4","a:GStatus_RS5","r:HidOverGattReg","r:InstallDate","c:IsDeviceRetailDemo","c:IsPortableOperatingSystem","IsVM","c:OEMModelBaseBoard","r:OobeSeeker","r:OSRollbackBuild","r:OSRollbackCount","r:OSRollbackDate","PhoneTargetingName","ronchAllow","ronchBlock","crocessorIdentifier","r:RecoveredFromBuild","r:RecoveredOnDate","r:Steam","v:TobiiVer","v:TrendMicroVer","r:UninstallActive","l:UpdateManagementGroup","a:UpgEx_RS3","a:UpgEx_RS4","a:UpgEx_RS5","a:Version_RS5","risableWUfBOfferBlock","a:UpgEx_19H1","a:SdbVer_19H1","a:GStatus_19H1","a:GStatus_19H1Setup","a:TimestampEpochString_19H1Setup","a:GenTelRunTimestamp_19H1","aataExpDateEpoch_19H1","u:EnableWUfBUpgradeGates","r:GStatusBlockIDs_All","TimestampDelta_19H1Subtract19H1Setup","DataExpDateDelta_19H1Subtract19H1Setup","aataExpDateEpoch_19H1Setup","a:TimestampEpochString_19H1","r:IsContainerMgrInstalled","r:IsWDAGEnabled","r:MTPTargetingInfo","r:EKB19H2InstallCount","r:EKB19H2UnInstallCount","r:EKB19H2InstallTimeEpoch","r:EKB19H2UnInstallTimeEpoch","r:BlockEdgeWithChromiumUpdate","r:IsWDATPEnabled","r:IsAutopilotRegistered","r:EdgeWithChromiumInstallVersion","r:EdgeWithChromiumInstallFailureCount","r:IsEdgeWithChromiumInstalled","r:KioskMode","c:IsCloudDomainJoined","c:IsDomainJoined","aataExpDateEpoch_20H1","aataExpDateEpoch_20H1Setup","a:GStatus_20H1","a:GStatus_20H1Setup","a:SdbVer_20H1","a:TimestampEpochString_20H1","a:TimestampEpochString_20H1Setup","DataExpDateDelta_20H1Subtract20H1Setup","TimestampDelta_20H1Subtract20H1Setup","a:UpgEx_20H1","r:AutopilotUpdateInProgress","r:UHSEnrolled","r:HotPatchEKBInstalled","r:LCUVer","c:isCommercial","c:ActivationChannel","c:IsMDMEnrolled","c:SCCMClientID","r:ChinaTypeApproval_CTA","pesiredOcpVersion","r:UpgradeEligible","r:AllowInPlaceUpgrade","r:SH_SIPolicyCleanup","r:FeatureUpdateDeadline","aataExpDateEpoch_21H1","a:UpgEx_CO21H2","a:GStatus_21H1","DataExpDateDelta_21H1Subtract20H1Setup","TimestampDelta_21H1Subtract20H1Setup","a:TimestampEpochString_21H1","r:OEMSubModel","crocessorModel","c:TPMVersion","r:StayOnWindows10Timestamp","a:GStatus_CO21H2Setup","TimestampDelta_CO21H2SubtractCO21H2Setup","DataExpDateDelta_CO21H2SubtractCO21H2Setup","a:TimestampEpochString_CO21H2Setup","aataExpDateEpoch_CO21H2Setup","a:TimestampEpochString_CO21H2","aataExpDateEpoch_CO21H2","a:GStatus_CO21H2","p:SetPolicyDrivenUpdateSourceForFeatureUpdates","rchuNvidiaGrfxVenTest","aataExpDateDelta_21H2Subtract20H1Setup","a:TimestampEpochString_21H2","a:TimestampDelta_21H2Subtract20H1Setup","a:GStatus_21H2","aataExpDateEpoch_21H2","rSS_Enrolled_DF","r:UpgradeAccepted","r:SetupDisplayedEulaVersion","crocessorCores","crocessorClockSpeed","c:TotalPhysicalRAM","c:SecureBootCapable","crimaryDiskTotalCapacity","r:BitDefenderInstalledKey","r:BroadcomInstalledKey","v:CrowdStrikeInstalledVer","r:QihooInstalledKey","r:Win11UpgradeAcceptedTimestamp","a:UpgEx_NI22H2","r:OobeNdupAcceptedTarget","r:OobeNdupFU22621CommitChoice","aataExpDateEpoch_NI22H2","a:GStatus_NI22H2","a:GStatus_NI22H2Setup","a:TimestampEpochString_NI22H2Setup","TimestampDelta_NI22H2SubtractNI22H2Setup","DataExpDateDelta_NI22H2SubtractNI22H2Setup","aataExpDateEpoch_NI22H2Setup","a:TimestampEpochString_NI22H2","r:IsVbsEnabled","r:FODRetryPending","r:UserInPlaceUpgrade","v:HidparseDriversVer","v:HidparseSystem32Ver","v:HidparseSystem32Ver1","r:CIOptin","r:FlightingOptOutState","p:WSUSconfigured_csp","a:UpgEx_NI22H2Setup","a:UpgEx_CO21H2Setup","u:WUfBClientManaged","u:UpdateServiceUrl","u:AllowOptionalContent","FX_FlightIds","DL_OSVersion","r:ExpPkgs","r:UUSVersion","c:FlightIds","r:OobeNdupFUTarget","a:GStatus_NI23H2","aataExpDateEpoch_NI23H2","a:TimestampEpochString_NI23H2","DataExpDateDelta_NI23H2SubtractNI22H2Setup","TimestampDelta_NI23H2SubtractNI22H2Setup","r:LaunchUserOOBE","r:RobloxPlayer","r:RobloxStudio","c:VBSState","r:ARCHotpatchAttached_State","r:MDEWSLPluginReleaseRing","r:SystemGuard_Enabled","u:AdminOptedIntoRebootlessUpdates","r:LaunchOobeInEndUserSession","r:MDE4WSLPluginReleaseRing","r:AdminOptedIntoRebootlessUpdates_Server","r:IsRemoteDesktopSessionHost","a:UpgEx_GE24H2","s:IsA9CapablePC","a:UpgEx_GE24H2Setup","rroductType"],"_WU_PTI":["c:FrontFacingCameraResolution","c:RearFacingCameraResolution","c:TotalPhysicalRAM","c:NFCProximity","c:Magnetometer","c:Gyroscope","c3DMaxFeatureLevel","c:InternalPrimaryDisplayResolutionHorizontal","c:InternalPrimaryDisplayResolutionVetical"],"WU_STORE":["+_WU_COMMON","r:AppChannels","r:AppRMIDs","u:BranchReadinessLevel"]},"Required":["App","AppVer","AttrDataVer"],"Aliases":{"AccountFirstChar":"c:MSA_Accounts","aipc":"s:IsA9CapablePC","ChassisTypeId":"c:ChassisType","CX_FlightIds":"c:CX_FlightIds","DataExpDateDelta_19H1Subtract19H1Setup":"aataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup","DataExpDateDelta_20H1Subtract20H1Setup":"aataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup","DataExpDateDelta_21H1Subtract20H1Setup":"aataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup","DataExpDateDelta_CO21H2SubtractCO21H2Setup":"aataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup","DataExpDateDelta_NI22H2SubtractNI22H2Setup":"aataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup","DataExpDateDelta_NI23H2SubtractNI22H2Setup":"aataExpDateEpoch_NI23H2_Subtract_DataExpDateEpoch_NI22H2Setup","deviceClass":"DeviceFamily","deviceId":"t:LocalDeviceID","DeviceId":"t:LocalDeviceID","DL_OSVersion2":"DL_OSVersion","drgng":"rurableDeviceRegionGeo","DSS_Enrolled":"rSS_Enrolled_State","EdgeStableVersion":"r:EdgeStableVersion","expId":"c:FlightIds","FlightRing":"f:FlightRing","FX_FlightIds":"c:FlightIds","iepe":"g:IsCampaignEdgePromotionEnabled","iste":"g:IsCampaignSegmentTargetingEnabled","IsVM":"a:ISVM","IX_FlightIds":"c:FlightIds","locale":"c:OSUILocale","ms":"t:IsMsftOwned","MX_FlightIds":"c:FlightIds","OEMModel":"c:OEMModelNumber","oemname":"r:SystemManufacturer","OEMName_Uncleaned":"c:OEMManufacturerName","osVer":"t:OSVersionFull","OSVersionFull":"t:OSVersionFull","PhoneTargetingName":"c:OEMModelName","prccn":"crocessorCores","prccs":"crocessorClockSpeed","prcmf":"crocessorManufacturer","procm":"crocessorModel","ram":"c:TotalPhysicalRAM","ring":"f:FlightRing","sampleId":"topVal","sku":"t:OSSkuId","smbiosdm":"r:SystemProductName","TimestampDelta_19H1Subtract19H1Setup":"a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup","TimestampDelta_20H1Subtract20H1Setup":"a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup","TimestampDelta_21H1Subtract20H1Setup":"a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup","TimestampDelta_CO21H2SubtractCO21H2Setup":"a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup","TimestampDelta_NI22H2SubtractNI22H2Setup":"a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup","TimestampDelta_NI23H2SubtractNI22H2Setup":"a:TimestampEpochString_NI23H2_Subtract_TimestampEpochString_NI22H2Setup"},"Fallback":{"r:AhnlabInstalledKey":"r:AhnlabInstalledWowKey","r:AvastBlackScreen":"r:AvgBlackScreen","r:AvastInstalledKey":"r:AvastInstalledWowKey","r:AVGInstalledKey":"r:AVGInstalledWowKey","r:AviraInstalledKey":"r:AviraInstalledWowKey","a:Bios":"a:Bios_RS3","a:Bios_RS3":"a:Bios_RS4","a:Bios_RS4":"a:Bios_RS5","r:BlockFeatureUpdates":"r:BlockWUUpgrades","r:BlockWUUpgrades":"r:BlockWUUpgradesWow","r:BuildFID":"r:BuildFID_WCOS","r:BuildFID_WCOS":"r:BuildFID_WCOS2","r:BullguardInstalledKey":"v:BullguardInstalledVer","aataExpDateEpoch_CO21H2":"rataExpDateEpoch_CO21H2RegFb","rchuAmdGrfxVen":"rchuAmdGrfxVen2","rchuAmdGrfxVen2":"rchuAmdGrfxDeletePending","rchuIntelGrfxDeletePending":"rchuIntelGrfxNExists","rchuIntelGrfxVen":"rchuIntelGrfxVen2","rchuIntelGrfxVen2":"rchuIntelGrfxDeletePending","rchuNvidiaGrfxVen":"rchuNvidiaGrfxVen2","rchuNvidiaGrfxVen2":"rchuNvidiaGrfxDeletePending","DL_OSVersion":"OSVersion","rriverPartnerRing":"r:OSDataDriverPartnerRing","r:EdgeStableOPV_Native":"r:EdgeStablePV_Native","r:EdgeStablePV_WOW6432":"r:EdgeStableOPV_Native","r:EdgeStableVersion":"r:EdgeStablePV_WOW6432","r:EdgeWithChromiumInstallFailureCount":"r:EdgeWithChromiumInstallFailureCountWow","r:EdgeWithChromiumInstallVersion":"r:EdgeWithChromiumInstallVersionWow","u:EnableWUfBUpgradeGates":"r:EnableWUfBUpgradeGatesRS5","r:ESETInstalledKey":"r:ESETInstalledWowKey","r:ESTSecurityInstalledKey":"r:ESTSecurityInstalledWowKey","f:FlightingBranchName":"c:FlightingBranchName","a:Free":"a:Free_RS3","a:Free_RS3":"a:Free_RS4","a:Free_RS4":"a:Free_RS5","r:FSecureInstalledKey":"r:FSecureInstalledWowKey","a:GatedFeature_NI22H2":"r:Migrated_GatedFeature_NI22H2Setup","a:GStatus_CO21H2":"r:GStatus_CO21H2RegFb","HoloLens":"r:WindowsMixedReality","r:IsEdgeWithChromiumInstalled":"r:IsEdgeWithChromiumInstalledWow","a:ISVM":"a:ISVM_RS3","a:ISVM_RS3":"a:ISVM_RS4","a:ISVM_RS4":"a:ISVM_RS5","r:K7InstalledKey":"r:K7InstalledWowKey","r:KasperskyInstalledKey":"r:KasperskyInstalledWowKey","r:KingsoftInstalledKey":"r:KingsoftInstalledWowKey","r:LenovoInstalledKey":"r:LenovoInstalledWowKey","r:MalwarebytesInstalledKey":"r:MalwarebytesInstalledWowKey","r:McAfeeInstalledKey":"r:McAfeeInstalledWowKey","r:Migrated_GatedFeature_NI22H2Setup":"r:Migrated_GatedFeature_NI22H2","c:OEMModelBaseBoard":"r:OEMModelBaseBoard","randaInstalledKey":"randaInstalledWowKey","randaInstalledWowKey":"vandaInstalledVer","ronchAllow":"ronchAllowKey","ronchAllowKey":"ronchAllowWow","ronchAllowWow":"ronchAllowWowKey","r:QUDeadline":"r:QUDeadlineMDM","r:QuickhealInstalledKey1":"r:QuickhealInstalledKey2","r:SophosInstalledKey1":"r:SophosInstalledKey2","r:SymantecInstalledKey":"r:SymantecInstalledWowKey","v:SymantecVer":"v:SymantecVer64","u:TargetReleaseVersion":"r:TargetReleaseVersionGP","r:TargetReleaseVersionGP":"r:TargetReleaseVersionMDM","r:TencentInstalledKey":"r:TencentInstalledWowKey","r:ThreatTrackInstalledKey":"r:ThreatTrackInstalledWowKey","a:TimestampEpochString_CO21H2":"r:TimestampEpochString_CO21H2RegFb","v:TobiiVer":"v:TobiiVerx86","v:TobiiVerx86":"v:TobiiVer1x86","r:TrendInstalledKey":"r:TrendInstalledWowKey","r:TrendInstalledWowKey":"v:TrendInstalledVer","a:UpgEx_CO21H2":"r:UpgEx_CO21H2RegFb","r:UpgradeAccepted":"r:Win11UpgradeAcceptedWUSeeker","r:WebExperience":"r:WebExperienceWow","r:WebrootInstalledKey":"r:WebrootInstalledWowKey"},"Transform":{"AccountFirstChar":{"SubLength":1},"CX_FlightIds":{"Regex":"CX:[^,]*","RegexDelimiter":","},"FlightingOptOutState":{"Ignore":["0"]},"FX_FlightIds":{"Regex":"FX:[^,]*","RegexDelimiter":","},"IppPrinterBadDefaultPdc":{"Contains":"V4_No_ChangeID_Present"},"aipc":{"Ignore":["0"]},"IsDomainJoined":{"Ignore":["0"]},"IsHybridOrXGpu":{"Ignore":["0"]},"IsMsftOwned":{"Ignore":["0"]},"IsPortableOperatingSystem":{"Ignore":["0"]},"IsRemoteDesktopSessionHost":{"Contains":"ServerRdsh"},"IsTestLab":{"Ignore":["0"]},"IsVM":{"Ignore":["0"]},"IX_FlightIds":{"Regex":"IX:[^,]*","RegexDelimiter":","},"MX_FlightIds":{"Regex":"ME:[^,]*|MD:[^,]*","RegexDelimiter":","},"OEMModel":{"SubLength":100},"OEMName_Uncleaned":{"SubLength":100},"PausedFeatureStatus":{"Ignore":["0"]},"PausedQualityStatus":{"Ignore":["0"]},"PSAKyoceraInstalledName":{"Contains":"A97ECD55.KYOCERAPrintCenter"},"PSATATriumphInstalledName":{"Contains":"TATriumph-AdlerGmbH.TAUTAXPrintCenter"},"SMode":{"Ignore":["0"]},"StayOnWindows10Timestamp":{"SubLength":-3,"Ignore":[""]},"XeroxPsaInstalledName":{"Contains":"XeroxCorp.PrintExperience"}},"Registry":{"AADBrokerPluginNotRegistered":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered","IfExists":true},"ActiveHoursEnd":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"ActiveHoursEnd","RegValueType":"REG_DWORD"},"ActiveHoursStart":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"ActiveHoursStart","RegValueType":"REG_DWORD"},"AdminOptedIntoRebootlessUpdates_Server":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\Hotpatch\\Environment","ValueName":"AllowRebootlessUpdates","RegValueType":"REG_DWORD"},"AhnlabInstalledKey":{"FullPath":"SOFTWARE\\Ahnlab","IfExists":true},"AhnlabInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Ahnlab","IfExists":true},"AhnLabKeyboard":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt","ValueName":"NbTpMsExist"},"AllowInPlaceUpgrade":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"AllowInPlaceUpgrade","RegValueType":"REG_DWORD"},"AllowUpgradesWithUnsupportedTPMOrCPU":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\MoSetup","ValueName":"AllowUpgradesWithUnsupportedTPMOrCPU","RegValueType":"REG_DWORD"},"AndroidUserOptinValue":{"HKey":"HKEY_CURRENT_USER","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\","ValueName":"OptedIn","RegValueType":"REG_DWORD"},"AppChannels":{"FullPath":"SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*","ValueName":"ChannelId","EncodingType":"Json"},"AppRMIDs":{"FullPath":"SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*","ValueName":"ReleaseManagementId","EncodingType":"Json"},"ARCHotpatchAttached_State":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Azure Connected Machine Agent\\Windows\\Licenses\\Features\\Hotpatch","ValueName":"Subscription","RegValueType":"REG_DWORD"},"AutopilotUpdateInProgress":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate","ValueName":"AutopilotUpdateInProgress","RegValueType":"REG_DWORD"},"AvastBlackScreen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters","ValueName":"Win10-1803"},"AvastInstalledKey":{"FullPath":"SOFTWARE\\Avast Software\\Avast","IfExists":true},"AvastInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Avast Software\\Avast","IfExists":true},"AvastReg":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters","ValueName":"QualityCompat"},"AvgBlackScreen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters","ValueName":"Win10-1803"},"AVGInstalledKey":{"FullPath":"SOFTWARE\\AVG\\Antivirus","IfExists":true},"AVGInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\AVG\\Antivirus","IfExists":true},"AvgReg":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters","ValueName":"QualityCompat"},"AviraInstalledKey":{"FullPath":"SOFTWARE\\X-AVCSD\\Workstation\\Antivirus","IfExists":true},"AviraInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus","IfExists":true},"BitDefenderInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}","IfExists":true},"BlockEdgeWithChromiumUpdate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"DoNotUpdateToEdgeWithChromium","RegValueType":"REG_DWORD"},"BlockFeatureUpdates":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade","ValueName":"BlockFeatureUpdates","RegValueType":"REG_DWORD"},"BlockWUUpgrades":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile","ValueName":"BlockWUUpgrades","RegValueType":"REG_DWORD"},"BlockWUUpgradesWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile","ValueName":"BlockWUUpgrades","RegValueType":"REG_DWORD"},"BroadcomInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Symantec\\Symantec Endpoint Protection","IfExists":true},"BuildFID":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BuildFID_WCOS":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BuildFID_WCOS2":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BullguardInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard","IfExists":true},"BypassNRO":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"BypassNRO","RegValueType":"REG_DWORD"},"ChinaTypeApproval_CTA":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess","ValueName":"ActivePolicyCode","RegValueType":"REG_SZ"},"CIOptin":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"IsContinuousInnovationOptedIn","RegValueType":"REG_DWORD"},"CloudFilesFilter":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\","ValueName":"DefaultInstance","RegValueType":"REG_SZ"},"CurrentBranch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"BuildBranch","RegValueType":"REG_SZ"},"DataExpDateEpoch_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"DataExpDateEpoch","RegValueType":"REG_SZ"},"DaysSince19H1FUOffer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin","ValueName":"DaysSinceLastOffer","RegValueType":"REG_QWORD"},"DchuAmdGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","ValueName":"DriverDelete"},"DchuAmdGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","IfExists":true},"DchuAmdGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","ValueName":"DCHUVen"},"DchuAmdGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters","ValueName":"DCHUVen"},"DchuIntelGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","ValueName":"DriverDelete"},"DchuIntelGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","IfExists":true},"DchuIntelGrfxNExists":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfxn","IfExists":true},"DchuIntelGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","ValueName":"DCHUVen"},"DchuIntelGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters","ValueName":"DCHUVen"},"DchuNvidiaGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DriverDelete"},"DchuNvidiaGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","IfExists":true},"DchuNvidiaGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DCHUVen"},"DchuNvidiaGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters","ValueName":"DCHUVen"},"DchuNvidiaGrfxVenTest":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DCHUVenTest","RegValueType":"REG_DWORD"},"DefaultUserRegion":{"HKey":"HKEY_USERS","FullPath":".DEFAULT\\Control Panel\\International\\Geo","ValueName":"Nation","RegValueType":"REG_SZ"},"DeviceInfoGatherSuccessful":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing","ValueName":"DeviceInfoGatherSuccessful","RegValueType":"REG_DWORD"},"DisableWUfBOfferBlock":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"DisableWUfBOfferBlock","RegValueType":"REG_DWORD"},"DisconnectedStandby":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\Power","ValueName":"EnforceDisconnectedStandby","RegValueType":"REG_DWORD"},"DotNetMissingComponentsTroubleshooterSuccess":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\.NETFramework","ValueName":"DotNetMissingComponentsTroubleshooterSuccess","RegValueType":"REG_DWORD"},"DriverPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\DriverFlighting\\Partner","ValueName":"TargetRing","RegValueType":"REG_SZ"},"DSS_Enrolled_DF":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\WindowsUpdate","ValueName":"WUfBDF","RegValueType":"REG_DWORD"},"DSS_Enrolled_State":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WufbDS","ValueName":"enrollmenttype","RegValueType":"REG_SZ"},"DUInternal":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\MoSetup","ValueName":"DynamicUpdateInternalTest","RegValueType":"REG_DWORD"},"DurableDeviceRegionGeo":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\DeviceRegion","ValueName":"DeviceRegion","RegValueType":"REG_DWORD"},"EdgeStableOPV_Native":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"opv","RegValueType":"REG_SZ"},"EdgeStablePV_Native":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"pv","RegValueType":"REG_SZ"},"EdgeStablePV_WOW6432":{"FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"pv","RegValueType":"REG_SZ"},"EdgeStableVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"opv","RegValueType":"REG_SZ"},"EdgeWithChromiumInstallFailureCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateAttempts"},"EdgeWithChromiumInstallFailureCountWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateAttempts"},"EdgeWithChromiumInstallVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateVersion"},"EdgeWithChromiumInstallVersionWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateVersion"},"EKB19H2InstallCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\2","ValueName":"Count"},"EKB19H2InstallTimeEpoch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\2","ValueName":"Timestamp"},"EKB19H2UnInstallCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\0","ValueName":"Count"},"EKB19H2UnInstallTimeEpoch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\0","ValueName":"Timestamp"},"EnableWUfBUpgradeGatesRS5":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0","ValueName":"DataRequireGatedScanForFeatureUpdates","RegValueType":"REG_DWORD"},"ESETInstalledKey":{"FullPath":"SOFTWARE\\ESET\\ESET Security","IfExists":true},"ESETInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\ESET\\ESET Security","IfExists":true},"EsetReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters","ValueName":"WindowsCompatibilityLevel","RegValueType":"REG_DWORD"},"ESTSecurityInstalledKey":{"FullPath":"SOFTWARE\\ESTsoft","IfExists":true},"ESTSecurityInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\ESTsoft","IfExists":true},"ExpPkgs":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability","ValueName":"ExpPkgs","RegValueType":"REG_SZ"},"ExpStates":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs","ValueName":"PreviewConfigs","RegValueType":"REG_SZ"},"FeatureUpdateDeadline":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\","ValueName":"ConfigureDeadlineForFeatureUpdates","RegValueType":"REG_DWORD"},"FlightContent":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability","ValueName":"ContentType","RegValueType":"REG_SZ"},"FlightingOptOutState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection","ValueName":"OptOutState","RegValueType":"REG_DWORD"},"FODRetryPending":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing","ValueName":"FODRetry","RegValueType":"REG_DWORD"},"FSecureInstalledKey":{"FullPath":"SOFTWARE\\F-Secure\\OneClient","IfExists":true},"FSecureInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\F-Secure\\OneClient","IfExists":true},"FSRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability","ValueName":"FSRing","RegValueType":"REG_SZ"},"GamingServicesInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\GamingServices","IfExists":true},"GridZoneName":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS","ValueName":"GridZoneName","RegValueType":"REG_SZ","PersistedSourceId":"COAWOSRoot"},"GStatus_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"GStatus","RegValueType":"REG_SZ"},"GStatusBlockIDs_All":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX","ValueName":"SdbEntries","RegValueType":"REG_SZ"},"HidOverGattReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot

 

And here's more:

%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll","ValueName":"Source","RegValueType":"REG_SZ"},"HotPatchEKBInstalled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64","IfExists":true},"IIS_ASPNET":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET","ValueName":"Selection","RegValueType":"REG_DWORD"},"IIS_NetFxExtensibility":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility","ValueName":"Selection","RegValueType":"REG_DWORD"},"InstallDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"InstallDate","RegValueType":"REG_DWORD"},"IntelPlatformId":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0","ValueName":"Platform Specific Field 1","RegValueType":"REG_DWORD"},"IppPrinterBadDefaultPdc":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData","ValueName":"V4_PDC_ChangeID","RegValueType":"REG_SZ","EncodingType":"Json"},"IsAutopilotRegistered":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache","ValueName":"ProfileAvailable","RegValueType":"REG_DWORD"},"IsFlightingEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability","ValueName":"IsBuildFlightingEnabled","RegValueType":"REG_DWORD"},"IsCHCapableBuild":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}","IfExists":true},"IsCldFltSyncRoots":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*","IfExists":true},"IsConfigMgrEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState","ValueName":"ConfigMgrEnabled","RegValueType":"REG_DWORD"},"IsContainerMgrInstalled":{"FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService","IfExists":true},"IsEdgeWithChromiumInstalled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"IsEdgeWithChromiumInstalledWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"IsFeedbackHubSelfhost":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost","IfExists":true},"IsFSOverlay":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\GlobMerger","ValueName":"IsEnabled","RegValueType":"REG_DWORD"},"IsHybridOrXGpu":{"FullPath":"SOFTWARE\\Microsoft\\DirectX","ValueName":"HybridDeviceApplicableForDxDbGpuPreferences"},"IsProcessorMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings","ValueName":"IsProcessorMode","RegValueType":"REG_QWORD"},"IsRemoteDesktopSessionHost":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"EditionID","RegValueType":"REG_SZ"},"IsSpotlightEnabledInOEMTheme":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes","ValueName":"WindowsSpotlight","RegValueType":"REG_DWORD"},"IsSpotlightThemeEnabledByOEM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization","ValueName":"WindowsSpotlightTheme","RegValueType":"REG_DWORD"},"IsVbsEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\ControlSet001\\Control\\DeviceGuard","ValueName":"EnableVirtualizationBasedSecurity","RegValueType":"REG_DWORD"},"IsWDAGEnabled":{"FullPath":"SYSTEM\\ControlSet001\\Services\\hvsics","IfExists":true},"IsWDATPEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status","ValueName":"OnboardingState"},"K7InstalledKey":{"FullPath":"SOFTWARE\\K7 Computing","IfExists":true},"K7InstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\K7 Computing","IfExists":true},"KasperskyInstalledKey":{"FullPath":"SOFTWARE\\KasperskyLab","IfExists":true},"KasperskyInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\KasperskyLab","IfExists":true},"KasperskyReg":{"FullPath":"System\\CurrentControlSet\\Services\\klhk\\Parameters","ValueName":"UseVtHardware"},"KingsoftInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security","IfExists":true},"KingsoftInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security","IfExists":true},"KioskMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount","ValueName":"ConfigSource","RegValueType":"REG_DWORD"},"KnownFoldersBackupStatus":{"HKey":"HKEY_CURRENT_USER","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus","ValueName":"OneDrive","RegValueType":"REG_SZ"},"LaunchOobeInEndUserSession":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"ContinueOobeInEnduserSession"},"LaunchUserOOBE":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"LaunchUserOOBE","RegValueType":"REG_DWORD"},"LCUVer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"LCUVer"},"LenovoInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1","IfExists":true},"LenovoInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1","IfExists":true},"MalwarebytesInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1","IfExists":true},"MalwarebytesInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1","IfExists":true},"McAfeeInstalledKey":{"FullPath":"SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams","IfExists":true},"McAfeeInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams","IfExists":true},"MDE4WSLPluginReleaseRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Microsoft Defender for Endpoint plug-in for WSL","ValueName":"ReleaseRing","RegValueType":"REG_SZ"},"MDEWSLPluginReleaseRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Lxss\\Plugins\\DefenderPlug-in","ValueName":"ReleaseRing","RegValueType":"REG_SZ"},"Migrated_GatedFeature_NI22H2":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2","ValueName":"GatedFeatureSingleString","RegValueType":"REG_SZ"},"Migrated_GatedFeature_NI22H2Setup":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup","ValueName":"GatedFeatureSingleString","RegValueType":"REG_SZ"},"MTPTargetingInfo":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Platform\\MTPTargetingInfo","ValueName":"TargetRing"},"NonSecurityUpdate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"NonSecurityRelease","RegValueType":"REG_DWORD"},"NPUEnabledDevice":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects","ValueName":"EffectsCameraAvailable","RegValueType":"REG_DWORD"},"OEMMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM","ValueName":"OOBEMode","RegValueType":"REG_SZ"},"OEMModelBaseBoard":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\BIOS","ValueName":"BaseBoardProduct","RegValueType":"REG_SZ"},"OemPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Platform\\DeviceTargetingInfo","ValueName":"TargetRing","RegValueType":"REG_SZ"},"OEMSubModel":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\BIOS","ValueName":"SystemSKU","RegValueType":"REG_SZ"},"OobeNdupAcceptedTarget":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates","ValueName":"Target","RegValueType":"REG_SZ"},"OobeNdupFU22621CommitChoice":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621","ValueName":"CommitChoice","RegValueType":"REG_DWORD"},"OobeNdupFUTarget":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22631","ValueName":"Target","RegValueType":"REG_SZ"},"OobeSeeker":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates","ValueName":"OOBEUpdateStarted"},"OSDataDriverPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner","ValueName":"TargetRing","RegValueType":"REG_SZ"},"OSRollbackBuild":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"BuildString","RegValueType":"REG_SZ"},"OSRollbackCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"Count","RegValueType":"REG_DWORD"},"OSRollbackDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"DateStamp","RegValueType":"REG_DWORD"},"PandaInstalledKey":{"FullPath":"SOFTWARE\\Panda Software\\Setup","IfExists":true},"PandaInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Panda Software\\Setup","IfExists":true},"PausedFeatureStatus":{"FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"PausedFeatureStatus"},"PausedQualityStatus":{"FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"PausedQualityStatus"},"PlayFabPartyRelay":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PlayFabPartyRelay","IfExists":true},"PonchAllow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"cadca5fe-87d3-4b96-b7fb-a231484277cc","RegValueType":"REG_DWORD"},"PonchAllowKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc","IfExists":true},"PonchAllowWow":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"cadca5fe-87d3-4b96-b7fb-a231484277cc"},"PonchAllowWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc","IfExists":true},"PonchBlock":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"65d75b03-6f4d-46e9-b870-517731e06cf9","RegValueType":"REG_DWORD"},"PreviewBuildsManagerEnabled":{"FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager","ValueName":"ArePreviewBuildsAllowed"},"ProductType":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\ProductOptions","ValueName":"ProductType"},"PSAKyoceraMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg","IfExists":true},"PSATATriumphMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y","IfExists":true},"PSAXeroxMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8","IfExists":true},"QihooInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity","IfExists":true},"QUDeadline":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"ConfigureDeadlineForQualityUpdates","RegValueType":"REG_DWORD"},"QUDeadlineMDM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update","ValueName":"ConfigureDeadlineForQualityUpdates","RegValueType":"REG_DWORD"},"QuickhealInstalledKey1":{"FullPath":"SYSTEM\\CurrentControlSet\\Servicescatflt","IfExists":true},"QuickhealInstalledKey2":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe","IfExists":true},"RecoveredFromBuild":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom","ValueName":"LastBuild","RegValueType":"REG_DWORD"},"RecoveredOnDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom","ValueName":"DateStamp","RegValueType":"REG_DWORD"},"ReleaseType":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo","ValueName":"ReleaseType","RegValueType":"REG_SZ"},"RobloxPlayer":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"roblox-player","RegValueType":"REG_SZ","IfExists":true},"RobloxStudio":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"roblox-studio","RegValueType":"REG_SZ","IfExists":true},"SetupDisplayedEulaVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\","ValueName":"SetupDisplayedEulaVersion","RegValueType":"REG_DWORD"},"SH_SIPolicyCleanup":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PPI\\Settings","ValueName":"SIPolicyCleanup","RegValueType":"REG_DWORD"},"SmartActiveHoursState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SmartActiveHoursState","RegValueType":"REG_DWORD"},"SophosInstalledKey1":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\SAVService","IfExists":true},"SophosInstalledKey2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc","IfExists":true},"StayOnWindows10Timestamp":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferDeclined","RegValueType":"REG_QWORD"},"Steam":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Classes\\Steam","ValueName":"","RegValueType":"REG_SZ"},"StrictHiveSecurityReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*","ValueName":"StrictHiveSecuritySet"},"SymantecInstalledKey":{"FullPath":"SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}","IfExists":true},"SymantecInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}","IfExists":true},"SystemGuard_Enabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios\\SystemGuard","ValueName":"Enabled","RegValueType":"REG_DWORD"},"SystemManufacturer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\SystemInformation","ValueName":"SystemManufacturer","RegValueType":"REG_SZ"},"SystemProductName":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\SystemInformation","ValueName":"SystemProductName","RegValueType":"REG_SZ"},"TargetReleaseVersionGP":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"TargetReleaseVersionInfo","RegValueType":"REG_SZ"},"TargetReleaseVersionMDM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update","ValueName":"TargetReleaseVersion","RegValueType":"REG_SZ"},"TenantId":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*","ValueName":"TenantId"},"TencentInstalledKey":{"FullPath":"SOFTWARE\\Tencent\\QQPCMgr","IfExists":true},"TencentInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr","IfExists":true},"TencentReg":{"FullPath":"SYSTEM\\CurrentControlSet\\services\\TesSafe","ValueName":"LoadStartTime"},"TencentType":{"FullPath":"SYSTEM\\CurrentControlSet\\services\\TesSafe","ValueName":"Type"},"TestRN":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON","ValueName":"TestRing"},"ThreatTrackInstalledKey":{"FullPath":"SOFTWARE\\SBAMSvc","IfExists":true},"ThreatTrackInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\SBAMSvc","IfExists":true},"TimestampEpochString_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"TimestampEpochString","RegValueType":"REG_SZ"},"TrendInstalledKey":{"FullPath":"SOFTWARE\\TrendMicro","IfExists":true},"TrendInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\TrendMicro","IfExists":true},"UHSEnrolled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"UHSEnrolled","RegValueType":"REG_SZ","IfExists":true},"UninstallActive":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"System\\Setup","ValueName":"UninstallActive","RegValueType":"REG_DWORD"},"UpdateOfferedDays":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\","ValueName":"UpToDateDays","RegValueType":"REG_DWORD"},"UpdatePreference":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"UpdatePreference","RegValueType":"REG_DWORD"},"UpgEx_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"UpgEx","RegValueType":"REG_SZ"},"UpgradeAccepted":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\","ValueName":"UpgradeAccepted","RegValueType":"REG_DWORD","IfExists":true},"UpgradeEligible":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"UpgradeEligible","RegValueType":"REG_DWORD"},"UserInPlaceUpgrade":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"UserInPlaceUpgrade","RegValueType":"REG_DWORD"},"UsoScanMitigation":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator\\Mitigation\\","ValueName":"UsoScanNotStartingMitigationCompleted","RegValueType":"REG_DWORD","IfExists":true},"UtcDataHandlingPolicies":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack","ValueName":"UtcDataHandlingPolicies","RegValueType":"REG_QWORD"},"UUSVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator","ValueName":"LastRunVersion","RegValueType":"REG_SZ"},"WAS_NetFxEnvironment":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment","ValueName":"Selection","RegValueType":"REG_DWORD"},"WCFHTTPActivationNotificationState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation","ValueName":"Selection","RegValueType":"REG_DWORD"},"WCFNonHTTPActivationNotificationState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation","ValueName":"Selection","RegValueType":"REG_DWORD"},"WebExperience":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"WebExperienceWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"WebrootInstalledKey":{"FullPath":"SOFTWARE\\WRData","IfExists":true},"WebrootInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\WRData","IfExists":true},"Win11UpgradeAcceptedTimestamp":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferAccepted","RegValueType":"REG_QWORD"},"Win11UpgradeAcceptedWUSeeker":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferAccepted","RegValueType":"REG_QWORD","IfExists":true},"WindowsAccountSyncConsentApplicable":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT","ValueName":"isApplicable","RegValueType":"REG_DWORD"},"WindowsAccountSyncConsentPromptAllowed":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT","ValueName":"isSystemInitiatedPromptAllowed","RegValueType":"REG_DWORD"},"WindowsAccountSyncConsentState":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT\\DATASHARING","ValueName":"isConsentAccepted","RegValueType":"REG_DWORD"},"WindowsMixedReality":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors","ValueName":"WdfMajorVersion","RegValueType":"REG_DWORD"},"WOSCEndpointsSupported":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent","ValueName":"EndpointsSupported","RegValueType":"REG_SZ"},"WSX_Runtime":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"ExperienceExtensions","RegValueType":"REG_SZ"},"WSX_Windows_AccountControl":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.AccountControl","RegValueType":"REG_SZ"},"WSX_Windows_AppSample":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.AppSample","RegValueType":"REG_SZ"},"WSX_Windows_Settings_Account":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.Settings.Account","RegValueType":"REG_SZ"},"WSX_Windows_Shell_Start":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.Shell.StartMenu","RegValueType":"REG_SZ"}},"FileInfo":{"AvastVer":{"Path":"\\system32\\Drivers\\aswVmm.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"AvgVer":{"Path":"\\system32\\Drivers\\avgVmm.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"BullguardInstalledVer":{"Path":"\\BullGuard Ltd\\BullGuard\\BullGuard.exe","IfExists":true,"FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CortanaAppVer":{"Path":"\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CortanaAppVerTest":{"Path":"\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CrowdStrikeInstalledVer":{"Path":"drivers\\CrowdStrike\\CSAgent.sys","IfExists":true,"FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"DmdHpControlPackageEnUs":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\en-US\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"DmdHpControlPackageMultiloc":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\multiloc\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"DmdHpControlPackageTr":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\tr\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"EsetVer":{"Path":"\\drivers\\ehdrv.sys","FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"FileExistsMscoreeDll":{"Path":"%windir%\\\\system32\\\\mscoree.dll","IfExists":true},"GDataInstalledVer":{"Path":"\\drivers\\MiniIcpt.sys","IfExists":true,"FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"HidparseDriversVer":{"Path":"%windir%\\system32\\drivers\\hidparse.sys"},"HidparseSystem32Ver":{"Path":"%windir%\\system32"},"HidparseSystem32Ver1":{"Path":"%windir%\\system32\\hidparse.sys"},"IsNotepadExePresent":{"Path":"%windir%\\system32\\notepad.exe","IfExists":true},"K7InstalledVer":{"Path":"\\K7 Computing","IfExists":true,"FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"KasperskyVer":{"Path":"\\system32\\Drivers\\klhk.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"OnnxruntimeVer":{"Path":"%windir%\\\\system32\\\\onnxruntime.dll"},"PandaInstalledVer":{"Path":"\\Panda Security","IfExists":true,"FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"SkypeRoomSystem":{"Path":"%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml","IfExists":true},"SymantecVer":{"Path":"\\Symantec\\Shared\\EENGINE\\eeCtrl.sys","FolderGuid":"{DE974D24-D9C6-4D3E-BF91-F4455120B917}"},"SymantecVer64":{"Path":"\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys","FolderGuid":"{DE974D24-D9C6-4D3E-BF91-F4455120B917}"},"TobiiVer":{"Path":"\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"TobiiVer1x86":{"Path":"\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"TobiiVerx86":{"Path":"\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"TrendInstalledVer":{"Path":"\\Trend Micro\\Titanium\\plugin\\plugVizor.dll","IfExists":true,"FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"TrendMicroVer":{"Path":"\\drivers\\TMUMH.sys","FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"WuClientVer":{"Path":"\\system32\\wuaueng.dll","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"XamlCbsActivationStore":{"Path":"%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat","IfExists":true},"XamlCbsActivationStoreArm64":{"Path":"%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat","IfExists":true}},"Licensing":{"UpdateManagementGroup":{"Name":"UpdatePolicy-UpdateManagementGroup"}},"UpdatePolicy":{"AdminOptedIntoRebootlessUpdates":{"PolicyEnum":59,"Enterprise":true},"AllowOptionalContent":{"PolicyEnum":58,"Enterprise":true},"BranchReadinessLevel":{"PolicyEnum":5,"Enterprise":true},"BranchReadinessLevelSource":{"PolicyEnum":5,"Enterprise":true,"UseSource":true},"DeferFeatureUpdatePeriodInDays":{"PolicyEnum":9,"Enterprise":true},"DeferQualityUpdatePeriodInDays":{"PolicyEnum":7,"Enterprise":true},"DisableDualScan":{"PolicyEnum":42,"Enterprise":true},"EnableWUfBUpgradeGates":{"PolicyEnum":51,"Enterprise":true},"TargetProductVersion":{"PolicyEnum":53,"Enterprise":true},"TargetReleaseVersion":{"PolicyEnum":50,"Enterprise":true},"UpdateServiceUrl":{"PolicyEnum":12},"WUfBClientManaged":{"PolicyEnum":32,"Enterprise":true}},"Policy":{"DesiredOcpVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"},"DesiredOsVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"},"DesiredSystemManifestVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"},"DucCustomPackageId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"},"DucDeviceModelId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"},"DucOemPartnerRing":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"},"DucPublisherId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"},"SetPolicyDrivenUpdateSourceForFeatureUpdates":{"LocUri":"./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"},"WSUSconfigured_csp":{"LocUri":"./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"}},"AppInfo":{"WidgetsAppVer":{"Name":"MicrosoftWindows.Client.WebExperience"}},"WMI":{"ElanFingerprintDriverVersion":{"Query":"SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'","Name":"DriverVersion","Timeout":2000},"FirstStorageSpaceDeviceId":{"Query":"SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'","Name":"DeviceID","Timeout":2000},"IIS_ASPNET_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'","Name":"InstallState","Timeout":2000},"IIS_NetFxExtensibility_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'","Name":"InstallState","Timeout":2000},"NetFx3State":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'","Name":"InstallState","Timeout":2000},"PSAKyoceraInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'","Name":"Name","Timeout":2000},"PSATATriumphInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'","Name":"Name","Timeout":2000},"WAS_NetFxEnvironment_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'","Name":"InstallState","Timeout":2000},"WCFHTTPActivationState":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'","Name":"InstallState","Timeout":2000},"WCFNonHTTPActivationState":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'","Name":"InstallState","Timeout":2000},"XeroxPsaInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'","Name":"Name","Timeout":2000}},"RegionPolicy":{"IsCampaignEdgePromotionEnabled":{"ForceEvaluate":false,"PolicyGUID":"{2BF706DE-6DBB-4692-B7EF-84D80C47E927}"},"IsCampaignSegmentTargetingEnabled":{"ForceEvaluate":false,"PolicyGUID":"{36996754-E327-483A-902F-523E2BA03239}"}}}"

 

Sorry, it keeps not wanting to post because it's so long. I have to really break it down, here's more of the same log:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributesVerified"="{"Version":383,"SchemaVersion":1,"PartA":["App","AppVer","AttrDataVer"],"Default":["DeviceFamily","f:FlightRing","t:OSVersionFull"],"PartB":{"ACSOVERRIDE":["OSArchitecture","c:IsAlwaysOnAlwaysConnectedCapable"],"APPTARGETEDFEATUREDB":["c:FlightingBranchName","f:FlightRing","t:OSVersionFull","DeviceFamily"],"CASSCLIENT":["OSVersion","c:OSEdition","f:FlightRing","c:OSUILocale","f:FlightingBranchName","r:OEMMode"],"CDM":["ChassisTypeId","r:CurrentBranch","DeviceFamily","f:FlightingBranchName","f:FlightRing","c:InstallLanguage","c:IsDomainJoined","t:IsTestLab","OEMModel","OSArchitecture","OSVersion","t:OSSkuId","crocessorIdentifier","c:TelemetryLevel","t:IsMsftOwned","t:WCOSProductId","c:OSUILocale","c:CommercialId","c:ActivationChannel","c:SCCMClientId","c:IsCloudDomainJoined","r:WebExperience","c:FlightIds","AccountFirstChar","r:WSX_Windows_Settings_Account","r:InstallDate","r:WSX_Runtime","refaultUserRegion","a:GatedFeature_NI22H2","r:WSX_Windows_Shell_Start","a:GatedFeature_CU23H2","r:ExpStates","n:MVVersion","r:CIOptin","crocessorCores","c:TotalPhysicalRAM","r:TestRN","u:UpdateServiceUrl","u:WUfBClientManaged","r:UUSVersion","DL_OSVersion","r:ExpPkgs","u:AllowOptionalContent","n:IsMicrosoftAAD","q:WidgetsAppVer","c:IsDeviceRetailDemo","r:IsFSOverlay","a:SdbVer_NI22H2","r:EdgeStableVersion","r:Migrated_GatedFeature_NI22H2Setup","a:SdbVer_21H2","a:GatedFeature_21H2","r:UtcDataHandlingPolicies","v:SkypeRoomSystem","r:BypassNRO","c:IsVirtualDevice"],"CDM_OS":["+CDM","c:FlightIds"],"COMPATLOGGER":["osVer","ring","deviceId"],"CONTENT_DELIVERY_MANAGER":["c:OSEdition","t:OSSkuId","c:OSUILocale","a:UpgEx_CO21H2","a:GStatus_CO21H2","aataExpDateEpoch_CO21H2","a:TimestampEpochString_CO21H2","r:AndroidUserOptinValue","f:FlightingBranchName","f:FlightRing","r:CurrentBranch","procm","r:NPUEnabledDevice","MX_FlightIds","r:KnownFoldersBackupStatus","c:IsDomainJoined","iepe","iste","drgng","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentPromptAllowed","aipc","ram","prccn","prccs","prcmf"],"CORTANA_GATEKEEPER":["r:CurrentBranch","f:FlightRing","f:IsRetailOS"],"CORTANAUWP":["c:OSUILocale","t:OSVersionFull","v:CortanaAppVer"],"CORTANAUWPTEST":["+CORTANAUWP","v:CortanaAppVerTest"],"CTAC":["+FSS"],"DDC":["+WU_STORE","+_WU_PTI"],"DXDB":["DeviceFamily","f:FlightRing","r:IsHybridOrXGpu","t:OSVersionFull","OSVersion"],"EDGE_SERVICEUI":["t:LocalDeviceID","t:LocalUserID"],"FCON":["+CDM"],"FSS":["rreviewBuildsManagerEnabled","f:BranchReadinessLevelRaw","u:BranchReadinessLevelSource","r:BuildFID","teviceFamily","DeviceId","c:EnablePreviewBuilds","f:FlightingPolicyValue","f:IsRetailOS","f:ManagePreviewBuilds","OSVersionFull","t:WCOSProductId","r:SmartActiveHoursState","r:ActiveHoursStart","r:ActiveHoursEnd","r:IsCHCapableBuild","r:FSRing","s:MaxShellVersion","s:MinShellVersion","c:TPMVersion","c:SecureBootCapable","crocessorClockSpeed","crocessorCores","c:TotalPhysicalRAM","t:SMode","c:SystemVolumeTotalCapacity","c:OEMManufacturerName","c:OEMModelNumber","a:ISVM","r:AllowUpgradesWithUnsupportedTPMOrCPU","r:IntelPlatformId","r:IsConfigMgrEnabled","f:IsFlightingEnabled","reviceInfoGatherSuccessful","c:IsVirtualDevice","r:OemPartnerRing","c:FlightingBranchName","a:UpgEx_CO21H2","a:UpgEx_NI22H2","a:UpgEx_GE24H2"],"FXIRISCLIENT":["+IRISCLIENT"],"GS":["t:OSSkuId","t:OSVersionFull","r:CurrentBranch","refaultUserRegion","DeviceFamily","c:FlightIds","f:FlightingBranchName","f:FlightRing","c:IsCloudDomainJoined","t:IsMsftOwned","f:IsRetailOS","c:OSUILocale","c:IsDomainJoined"],"IRISCLIENT":["+IRISCLIENTBASE","c:FlightIds"],"IRISCLIENTBASE":["DeviceFamily","OSVersion","t:OSSkuId","OSArchitecture","c:TelemetryLevel","f:FlightRing","f:FlightingBranchName","OEMModel","c:OSUILocale","c:OSEdition","r:CurrentBranch","t:WCOSProductId","c:InstallationType","r:InstallDate","c:IsDeviceRetailDemo","f:IsRetailOS","prccs","prccn","prcmf","ram","c3DMaxFeatureLevel","c:IsAlwaysOnAlwaysConnectedCapable","t:SMode","t:LocalUserID","r:AndroidUserOptinValue","procm","MX_FlightIds","a:UpgEx_CO21H2","r:KnownFoldersBackupStatus","c:OEMModelSystemFamily","OEMName_Uncleaned","r:IsSpotlightEnabledInOEMTheme","r:IsSpotlightThemeEnabledByOEM","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed","iepe","iste","drgng","aipc","oemname","smbiosdm"],"IRISCLIENTV2":["+IRISCLIENTBASE","IX_FlightIds"],"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE":["t:OSVersionFull","t:IsTestLab","f:FlightRing"],"MITIGATION":["teviceFamily","f:FlightRing","c:FlightIds","c:IsDomainJoined","t:IsMsftOwned","f:IsRetailOS","t:IsTestLab","IsVM","OEMModel","c:OSEdition","t:OSSkuId","t:OSVersionFull","c:OSUILocale","t:SMode","f:IsFlightingEnabled","c:FirmwareVersion","c:TelemetryLevel","f:FlightingBranchName","r:CurrentBranch","OSVersion","w:FirstStorageSpaceDeviceId","r:IsCldFltSyncRoots","c:OSInstallType","v:IsNotepadExePresent","r:StrictHiveSecurityReg","a:GatedBlockId_21H1","r:UpdateOfferedDays","r:UsoScanMitigation","r:GamingServicesInstalledKey","v:FileExistsMscoreeDll","w:NetFx3State","r:WCFHTTPActivationNotificationState","w:WCFHTTPActivationState","r:WCFNonHTTPActivationNotificationState","w:WCFNonHTTPActivationState","rotNetMissingComponentsTroubleshooterSuccess","r:IIS_ASPNET","w:IIS_ASPNET_WMI","r:IIS_NetFxExtensibility","w:IIS_NetFxExtensibility_WMI","r:WAS_NetFxEnvironment","w:WAS_NetFxEnvironment_WMI","v:XamlCbsActivationStore","v:XamlCbsActivationStoreArm64","v:OnnxruntimeVer","w:ElanFingerprintDriverVersion","r:AADBrokerPluginNotRegistered","r:TenantId","r:IppPrinterBadDefaultPdc","r:FlightingOptOutState","r:CloudFilesFilter","rSAKyoceraMissingDEH","rSATATriumphMissingDEH","rSAXeroxMissingDEH","wSAKyoceraInstalledName","wSATATriumphInstalledName","w:XeroxPsaInstalledName","vmdHpControlPackageEnUs","vmdHpControlPackageMultiloc","vmdHpControlPackageTr"],"MLMOD":["ChassisTypeId","teviceFamily","f:FlightingBranchName","f:FlightRing","f:IsRetailOS","t:OSSkuId","t:OSVersionFull","c:OSUILocale","OSVersion","c:TelemetryLevel","r:CurrentBranch","t:IsTestLab","crimaryDiskType","FX_FlightIds"],"MTP":["+_WU_OS_CORE"],"MUSE":["+_WU_FB","ChassisTypeId","deviceClass","deviceId","c:FlightIds","locale","ms","os","osVer","ring","sampleId","sku","raysSince19H1FUOffer","uisableDualScan","u:UpdateServiceUrl","c:CommercialId","f:FlightingBranchName","c:SystemVolumeTotalCapacity","c:IsAlwaysOnAlwaysConnectedCapable","crocessorCores","crimaryDiskType","c:TotalPhysicalRAM","crocessorClockSpeed","crocessorIdentifier","crocessorModel","c:ActivationChannel","c:IsCloudDomainJoined","c:isCommercial","c:IsDomainJoined","c:IsMDMEnrolled","c:SCCMClientID","r:OEMSubModel","c:OEMModelNumber","c:OEMManufacturerName","r:OobeSeeker","refaultUserRegion"],"NARRATORNNV":["+WU_STORE"],"NOISYHAMMER":["+WU_OS"],"PHS":["r:GridZoneName","OEMModel","c:OEMManufacturerName","c:OSUILocale","r:OEMSubModel","DeviceFamily"],"RULESENGINE":["c:OSEdition","t:OSSkuId","c:OSUILocale","a:UpgEx_CO21H2","a:GStatus_CO21H2","aataExpDateEpoch_CO21H2","a:TimestampEpochString_CO21H2","r:AndroidUserOptinValue","f:FlightingBranchName","f:FlightRing","r:CurrentBranch","crocessorModel","r:NPUEnabledDevice","MX_FlightIds","r:KnownFoldersBackupStatus","c:IsDomainJoined","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed"],"RUXIM":["c:ActivationChannel","f:FlightRing","r:InstallDate","f:IsFlightingEnabled","a:ISVM","OEMModel","OSArchitecture","t:OSSkuId","c:SCCMClientID","r:SetupDisplayedEulaVersion","r:KioskMode","r:OobeSeeker","r:UninstallActive","c:OEMManufacturerName","r:OEMSubModel","c:OSUILocale"],"SEDIMENTPACK":["+WU_OS"],"SERVICEEXPERIENCES":["f:FlightingBranchName","f:FlightRing","s:MaxShellVersion","s:MinShellVersion","t:IsTestLab","c:TelemetryLevel","t:OSSkuId","r:CurrentBranch","OSVersion","DeviceFamily","r:WSX_Windows_Settings_Account","c:FlightIds","r:WSX_Runtime","r:WSX_Windows_Shell_Start","r:WSX_Windows_AppSample","r:WSX_Windows_AccountControl"],"SERVICING_CBS":["+WU","osVer"],"SETUP360":["t:OSSkuId","f:FlightRing"],"SMARTOPTOUT":["+CDM"],"STORAGEGROVELER":["a:Free","c:TelemetryLevel","f:FlightRing","f:IsFlightingEnabled","IsVM","t:OSVersionFull"],"UTC":["+UTC_STATIC","osVer","locale","ring","filotRing","f:IsRetailOS","ms","expId","t:SMode","f:FlightingBranchName","c:CommercialId","r:IsFeedbackHubSelfhost","c:AzureVMType","t:IsTestLab","c:TelemetryLevel","c:IsVirtualDevice","r:IsProcessorMode","r:UtcDataHandlingPolicies"],"UTC_STATIC":["os","deviceId","sampleId","deviceClass","sku","OEMModel","OEMName_Uncleaned","crimaryDiskType","crocessorModel","c:TotalPhysicalRAM"],"UUS":["OSVersion","f:FlightRing","t:IsTestLab","t:OSVersionFull","f:FlightingBranchName","r:CurrentBranch","f:IsFlightingEnabled"],"WAASASSESSMENT":["+WU_OS"],"WAASMEDIC":["os","osVer","ring","deviceClass","deviceId","locale","sku","c:ActivationChannel","c:CommercialId","r:CurrentBranch","f:FlightingBranchName","c:IsCloudDomainJoined","c:IsDomainJoined","t:IsTestLab","OSVersion","c:SCCMClientID","c:TelemetryLevel","r:FlightingOptOutState"],"WOSC":["teviceFamily","f:FlightRing","f:IsFlightingEnabled","t:IsMsftOwned","t:LocalDeviceID","t:OSSkuId","c:OSUILocale","t:OSVersionFull","c:TelemetryLevel","r:IsHybridOrXGpu","rlayFabPartyRelay","OSVersion","n:IsMicrosoftAAD","r:WOSCEndpointsSupported"],"WPSHIFT":["+MTP"],"WU":["+WU_OS","rUInternal"],"_WU_AV":["r:AvastReg","r:AvastBlackScreen","v:AvastVer","r:AvgReg","v:AvgVer","r:EsetReg","v:EsetVer","r:KasperskyReg","v:KasperskyVer","v:SymantecVer","r:TencentReg","r:TencentType","r:AhnlabInstalledKey","r:AvastInstalledKey","r:AVGInstalledKey","r:AviraInstalledKey","r:BullguardInstalledKey","r:ESETInstalledKey","r:ESTSecurityInstalledKey","r:FSecureInstalledKey","v:GDataInstalledVer","r:K7InstalledKey","r:KasperskyInstalledKey","r:KingsoftInstalledKey","r:LenovoInstalledKey","r:MalwarebytesInstalledKey","r:McAfeeInstalledKey","randaInstalledKey","r:QuickhealInstalledKey1","r:SophosInstalledKey1","r:SymantecInstalledKey","r:TencentInstalledKey","r:ThreatTrackInstalledKey","r:TrendInstalledKey","r:WebrootInstalledKey","v:K7InstalledVer"],"_WU_COMMON":["r:CurrentBranch","refaultUserRegion","DeviceFamily","rriverPartnerRing","r:FlightContent","f:FlightingBranchName","f:FlightRing","HoloLens","c:InstallationType","c:InstallLanguage","f:IsFlightingEnabled","r:IsFlightingEnabled","c:MobileOperatorCommercialized","OEMModel","OEMName_Uncleaned","r:OemPartnerRing","OSArchitecture","OSVersion","t:OSSkuId","c:OSUILocale","crocessorManufacturer","r:ReleaseType","v:SkypeRoomSystem","t:SMode","c:TelemetryLevel","r:WindowsMixedReality","v:WuClientVer","pucPublisherId","pucDeviceModelId","pucOemPartnerRing","pucCustomPackageId","pesiredOsVersion","pesiredSystemManifestVersion","r:TenantId"],"_WU_FB":["u:BranchReadinessLevel","ueferQualityUpdatePeriodInDays","ueferFeatureUpdatePeriodInDays","rausedFeatureStatus","rausedQualityStatus","u:TargetReleaseVersion","r:QUDeadline","r:UpdatePreference","r:UpdateOfferedDays","u:TargetProductVersion","DSS_Enrolled","r:NonSecurityUpdate","u:AdminOptedIntoRebootlessUpdates"],"WU_OS":["+_WU_OS_CORE","+_WU_FB"],"_WU_OS_CORE":["+_WU_COMMON","+_WU_AV","r:AhnLabKeyboard","a:Bios","r:BlockFeatureUpdates","c:CommercialId","aataVer_RS5","risconnectedStandby","rchuNvidiaGrfxExists","rchuNvidiaGrfxVen","rchuIntelGrfxExists","rchuIntelGrfxVen","rchuAmdGrfxExists","rchuAmdGrfxVen","c:FirmwareVersion","a:Free","a:GStatus_RS3","a:GStatus_RS4","a:GStatus_RS5","r:HidOverGattReg","r:InstallDate","c:IsDeviceRetailDemo","c:IsPortableOperatingSystem","IsVM","c:OEMModelBaseBoard","r:OobeSeeker","r:OSRollbackBuild","r:OSRollbackCount","r:OSRollbackDate","PhoneTargetingName","ronchAllow","ronchBlock","crocessorIdentifier","r:RecoveredFromBuild","r:RecoveredOnDate","r:Steam","v:TobiiVer","v:TrendMicroVer","r:UninstallActive","l:UpdateManagementGroup","a:UpgEx_RS3","a:UpgEx_RS4","a:UpgEx_RS5","a:Version_RS5","risableWUfBOfferBlock","a:UpgEx_19H1","a:SdbVer_19H1","a:GStatus_19H1","a:GStatus_19H1Setup","a:TimestampEpochString_19H1Setup","a:GenTelRunTimestamp_19H1","aataExpDateEpoch_19H1","u:EnableWUfBUpgradeGates","r:GStatusBlockIDs_All","TimestampDelta_19H1Subtract19H1Setup","DataExpDateDelta_19H1Subtract19H1Setup","aataExpDateEpoch_19H1Setup","a:TimestampEpochString_19H1","r:IsContainerMgrInstalled","r:IsWDAGEnabled","r:MTPTargetingInfo","r:EKB19H2InstallCount","r:EKB19H2UnInstallCount","r:EKB19H2InstallTimeEpoch","r:EKB19H2UnInstallTimeEpoch","r:BlockEdgeWithChromiumUpdate","r:IsWDATPEnabled","r:IsAutopilotRegistered","r:EdgeWithChromiumInstallVersion","r:EdgeWithChromiumInstallFailureCount","r:IsEdgeWithChromiumInstalled","r:KioskMode","c:IsCloudDomainJoined","c:IsDomainJoined","aataExpDateEpoch_20H1","aataExpDateEpoch_20H1Setup","a:GStatus_20H1","a:GStatus_20H1Setup","a:SdbVer_20H1","a:TimestampEpochString_20H1","a:TimestampEpochString_20H1Setup","DataExpDateDelta_20H1Subtract20H1Setup","TimestampDelta_20H1Subtract20H1Setup","a:UpgEx_20H1","r:AutopilotUpdateInProgress","r:UHSEnrolled","r:HotPatchEKBInstalled","r:LCUVer","c:isCommercial","c:ActivationChannel","c:IsMDMEnrolled","c:SCCMClientID","r:ChinaTypeApproval_CTA","pesiredOcpVersion","r:UpgradeEligible","r:AllowInPlaceUpgrade","r:SH_SIPolicyCleanup","r:FeatureUpdateDeadline","aataExpDateEpoch_21H1","a:UpgEx_CO21H2","a:GStatus_21H1","DataExpDateDelta_21H1Subtract20H1Setup","TimestampDelta_21H1Subtract20H1Setup","a:TimestampEpochString_21H1","r:OEMSubModel","crocessorModel","c:TPMVersion","r:StayOnWindows10Timestamp","a:GStatus_CO21H2Setup","TimestampDelta_CO21H2SubtractCO21H2Setup","DataExpDateDelta_CO21H2SubtractCO21H2Setup","a:TimestampEpochString_CO21H2Setup","aataExpDateEpoch_CO21H2Setup","a:TimestampEpochString_CO21H2","aataExpDateEpoch_CO21H2","a:GStatus_CO21H2","p:SetPolicyDrivenUpdateSourceForFeatureUpdates","rchuNvidiaGrfxVenTest","aataExpDateDelta_21H2Subtract20H1Setup","a:TimestampEpochString_21H2","a:TimestampDelta_21H2Subtract20H1Setup","a:GStatus_21H2","aataExpDateEpoch_21H2","rSS_Enrolled_DF","r:UpgradeAccepted","r:SetupDisplayedEulaVersion","crocessorCores","crocessorClockSpeed","c:TotalPhysicalRAM","c:SecureBootCapable","crimaryDiskTotalCapacity","r:BitDefenderInstalledKey","r:BroadcomInstalledKey","v:CrowdStrikeInstalledVer","r:QihooInstalledKey","r:Win11UpgradeAcceptedTimestamp","a:UpgEx_NI22H2","r:OobeNdupAcceptedTarget","r:OobeNdupFU22621CommitChoice","aataExpDateEpoch_NI22H2","a:GStatus_NI22H2","a:GStatus_NI22H2Setup","a:TimestampEpochString_NI22H2Setup","TimestampDelta_NI22H2SubtractNI22H2Setup","DataExpDateDelta_NI22H2SubtractNI22H2Setup","aataExpDateEpoch_NI22H2Setup","a:TimestampEpochString_NI22H2","r:IsVbsEnabled","r:FODRetryPending","r:UserInPlaceUpgrade","v:HidparseDriversVer","v:HidparseSystem32Ver","v:HidparseSystem32Ver1","r:CIOptin","r:FlightingOptOutState","p:WSUSconfigured_csp","a:UpgEx_NI22H2Setup","a:UpgEx_CO21H2Setup","u:WUfBClientManaged","u:UpdateServiceUrl","u:AllowOptionalContent","FX_FlightIds","DL_OSVersion","r:ExpPkgs","r:UUSVersion","c:FlightIds","r:OobeNdupFUTarget","a:GStatus_NI23H2","aataExpDateEpoch_NI23H2","a:TimestampEpochString_NI23H2","DataExpDateDelta_NI23H2SubtractNI22H2Setup","TimestampDelta_NI23H2SubtractNI22H2Setup","r:LaunchUserOOBE","r:RobloxPlayer","r:RobloxStudio","c:VBSState","r:ARCHotpatchAttached_State","r:MDEWSLPluginReleaseRing","r:SystemGuard_Enabled","u:AdminOptedIntoRebootlessUpdates","r:LaunchOobeInEndUserSession","r:MDE4WSLPluginReleaseRing","r:AdminOptedIntoRebootlessUpdates_Server","r:IsRemoteDesktopSessionHost","a:UpgEx_GE24H2","s:IsA9CapablePC","a:UpgEx_GE24H2Setup","rroductType"],"_WU_PTI":["c:FrontFacingCameraResolution","c:RearFacingCameraResolution","c:TotalPhysicalRAM","c:NFCProximity","c:Magnetometer","c:Gyroscope","c3DMaxFeatureLevel","c:InternalPrimaryDisplayResolutionHorizontal","c:InternalPrimaryDisplayResolutionVetical"],"WU_STORE":["+_WU_COMMON","r:AppChannels","r:AppRMIDs","u:BranchReadinessLevel"]},"Required":["App","AppVer","AttrDataVer"],"Aliases":{"AccountFirstChar":"c:MSA_Accounts","aipc":"s:IsA9CapablePC","ChassisTypeId":"c:ChassisType","CX_FlightIds":"c:CX_FlightIds","DataExpDateDelta_19H1Subtract19H1Setup":"aataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup","DataExpDateDelta_20H1Subtract20H1Setup":"aataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup","DataExpDateDelta_21H1Subtract20H1Setup":"aataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup","DataExpDateDelta_CO21H2SubtractCO21H2Setup":"aataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup","DataExpDateDelta_NI22H2SubtractNI22H2Setup":"aataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup","DataExpDateDelta_NI23H2SubtractNI22H2Setup":"aataExpDateEpoch_NI23H2_Subtract_DataExpDateEpoch_NI22H2Setup","deviceClass":"DeviceFamily","deviceId":"t:LocalDeviceID","DeviceId":"t:LocalDeviceID","DL_OSVersion2":"DL_OSVersion","drgng":"rurableDeviceRegionGeo","DSS_Enrolled":"rSS_Enrolled_State","EdgeStableVersion":"r:EdgeStableVersion","expId":"c:FlightIds","FlightRing":"f:FlightRing","FX_FlightIds":"c:FlightIds","iepe":"g:IsCampaignEdgePromotionEnabled","iste":"g:IsCampaignSegmentTargetingEnabled","IsVM":"a:ISVM","IX_FlightIds":"c:FlightIds","locale":"c:OSUILocale","ms":"t:IsMsftOwned","MX_FlightIds":"c:FlightIds","OEMModel":"c:OEMModelNumber","oemname":"r:SystemManufacturer","OEMName_Uncleaned":"c:OEMManufacturerName","osVer":"t:OSVersionFull","OSVersionFull":"t:OSVersionFull","PhoneTargetingName":"c:OEMModelName","prccn":"crocessorCores","prccs":"crocessorClockSpeed","prcmf":"crocessorManufacturer","procm":"crocessorModel","ram":"c:TotalPhysicalRAM","ring":"f:FlightRing","sampleId":"topVal","sku":"t:OSSkuId","smbiosdm":"r:SystemProductName","TimestampDelta_19H1Subtract19H1Setup":"a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup","TimestampDelta_20H1Subtract20H1Setup":"a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup","TimestampDelta_21H1Subtract20H1Setup":"a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup","TimestampDelta_CO21H2SubtractCO21H2Setup":"a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup","TimestampDelta_NI22H2SubtractNI22H2Setup":"a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup","TimestampDelta_NI23H2SubtractNI22H2Setup":"a:TimestampEpochString_NI23H2_Subtract_TimestampEpochString_NI22H2Setup"},"Fallback":{"r:AhnlabInstalledKey":"r:AhnlabInstalledWowKey","r:AvastBlackScreen":"r:AvgBlackScreen","r:AvastInstalledKey":"r:AvastInstalledWowKey","r:AVGInstalledKey":"r:AVGInstalledWowKey","r:AviraInstalledKey":"r:AviraInstalledWowKey","a:Bios":"a:Bios_RS3","a:Bios_RS3":"a:Bios_RS4","a:Bios_RS4":"a:Bios_RS5","r:BlockFeatureUpdates":"r:BlockWUUpgrades","r:BlockWUUpgrades":"r:BlockWUUpgradesWow","r:BuildFID":"r:BuildFID_WCOS","r:BuildFID_WCOS":"r:BuildFID_WCOS2","r:BullguardInstalledKey":"v:BullguardInstalledVer","aataExpDateEpoch_CO21H2":"rataExpDateEpoch_CO21H2RegFb","rchuAmdGrfxVen":"rchuAmdGrfxVen2","rchuAmdGrfxVen2":"rchuAmdGrfxDeletePending","rchuIntelGrfxDeletePending":"rchuIntelGrfxNExists","rchuIntelGrfxVen":"rchuIntelGrfxVen2","rchuIntelGrfxVen2":"rchuIntelGrfxDeletePending","rchuNvidiaGrfxVen":"rchuNvidiaGrfxVen2","rchuNvidiaGrfxVen2":"rchuNvidiaGrfxDeletePending","DL_OSVersion":"OSVersion","rriverPartnerRing":"r:OSDataDriverPartnerRing","r:EdgeStableOPV_Native":"r:EdgeStablePV_Native","r:EdgeStablePV_WOW6432":"r:EdgeStableOPV_Native","r:EdgeStableVersion":"r:EdgeStablePV_WOW6432","r:EdgeWithChromiumInstallFailureCount":"r:EdgeWithChromiumInstallFailureCountWow","r:EdgeWithChromiumInstallVersion":"r:EdgeWithChromiumInstallVersionWow","u:EnableWUfBUpgradeGates":"r:EnableWUfBUpgradeGatesRS5","r:ESETInstalledKey":"r:ESETInstalledWowKey","r:ESTSecurityInstalledKey":"r:ESTSecurityInstalledWowKey","f:FlightingBranchName":"c:FlightingBranchName","a:Free":"a:Free_RS3","a:Free_RS3":"a:Free_RS4","a:Free_RS4":"a:Free_RS5","r:FSecureInstalledKey":"r:FSecureInstalledWowKey","a:GatedFeature_NI22H2":"r:Migrated_GatedFeature_NI22H2Setup","a:GStatus_CO21H2":"r:GStatus_CO21H2RegFb","HoloLens":"r:WindowsMixedReality","r:IsEdgeWithChromiumInstalled":"r:IsEdgeWithChromiumInstalledWow","a:ISVM":"a:ISVM_RS3","a:ISVM_RS3":"a:ISVM_RS4","a:ISVM_RS4":"a:ISVM_RS5","r:K7InstalledKey":"r:K7InstalledWowKey","r:KasperskyInstalledKey":"r:KasperskyInstalledWowKey","r:KingsoftInstalledKey":"r:KingsoftInstalledWowKey","r:LenovoInstalledKey":"r:LenovoInstalledWowKey","r:MalwarebytesInstalledKey":"r:MalwarebytesInstalledWowKey","r:McAfeeInstalledKey":"r:McAfeeInstalledWowKey","r:Migrated_GatedFeature_NI22H2Setup":"r:Migrated_GatedFeature_NI22H2","c:OEMModelBaseBoard":"r:OEMModelBaseBoard","randaInstalledKey":"randaInstalledWowKey","randaInstalledWowKey":"vandaInstalledVer","ronchAllow":"ronchAllowKey","ronchAllowKey":"ronchAllowWow","ronchAllowWow":"ronchAllowWowKey","r:QUDeadline":"r:QUDeadlineMDM","r:QuickhealInstalledKey1":"r:QuickhealInstalledKey2","r:SophosInstalledKey1":"r:SophosInstalledKey2","r:SymantecInstalledKey":"r:SymantecInstalledWowKey","v:SymantecVer":"v:SymantecVer64","u:TargetReleaseVersion":"r:TargetReleaseVersionGP","r:TargetReleaseVersionGP":"r:TargetReleaseVersionMDM","r:TencentInstalledKey":"r:TencentInstalledWowKey","r:ThreatTrackInstalledKey":"r:ThreatTrackInstalledWowKey","a:TimestampEpochString_CO21H2":"r:TimestampEpochString_CO21H2RegFb","v:TobiiVer":"v:TobiiVerx86","v:TobiiVerx86":"v:TobiiVer1x86","r:TrendInstalledKey":"r:TrendInstalledWowKey","r:TrendInstalledWowKey":"v:TrendInstalledVer","a:UpgEx_CO21H2":"r:UpgEx_CO21H2RegFb","r:UpgradeAccepted":"r:Win11UpgradeAcceptedWUSeeker","r:WebExperience":"r:WebExperienceWow","r:WebrootInstalledKey":"r:WebrootInstalledWowKey"},"Transform":{"AccountFirstChar":{"SubLength":1},"CX_FlightIds":{"Regex":"CX:[^,]*","RegexDelimiter":","},"FlightingOptOutState":{"Ignore":["0"]},"FX_FlightIds":{"Regex":"FX:[^,]*","RegexDelimiter":","},"IppPrinterBadDefaultPdc":{"Contains":"V4_No_ChangeID_Present"},"aipc":{"Ignore":["0"]},"IsDomainJoined":{"Ignore":["0"]},"IsHybridOrXGpu":{"Ignore":["0"]},"IsMsftOwned":{"Ignore":["0"]},"IsPortableOperatingSystem":{"Ignore":["0"]},"IsRemoteDesktopSessionHost":{"Contains":"ServerRdsh"},"IsTestLab":{"Ignore":["0"]},"IsVM":{"Ignore":["0"]},"IX_FlightIds":{"Regex":"IX:[^,]*","RegexDelimiter":","},"MX_FlightIds":{"Regex":"ME:[^,]*|MD:[^,]*","RegexDelimiter":","},"OEMModel":{"SubLength":100},"OEMName_Uncleaned":{"SubLength":100},"PausedFeatureStatus":{"Ignore":["0"]},"PausedQualityStatus":{"Ignore":["0"]},"PSAKyoceraInstalledName":{"Contains":"A97ECD55.KYOCERAPrintCenter"},"PSATATriumphInstalledName":{"Contains":"TATriumph-AdlerGmbH.TAUTAXPrintCenter"},"SMode":{"Ignore":["0"]},"StayOnWindows10Timestamp":{"SubLength":-3,"Ignore":[""]},"XeroxPsaInstalledName":{"Contains":"XeroxCorp.PrintExperience"}},"Registry":{"AADBrokerPluginNotRegistered":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered","IfExists":true},"ActiveHoursEnd":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"ActiveHoursEnd","RegValueType":"REG_DWORD"},"ActiveHoursStart":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"ActiveHoursStart","RegValueType":"REG_DWORD"},"AdminOptedIntoRebootlessUpdates_Server":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\Hotpatch\\Environment","ValueName":"AllowRebootlessUpdates","RegValueType":"REG_DWORD"},"AhnlabInstalledKey":{"FullPath":"SOFTWARE\\Ahnlab","IfExists":true},"AhnlabInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Ahnlab","IfExists":true},"AhnLabKeyboard":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt","ValueName":"NbTpMsExist"},"AllowInPlaceUpgrade":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"AllowInPlaceUpgrade","RegValueType":"REG_DWORD"},"AllowUpgradesWithUnsupportedTPMOrCPU":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\MoSetup","ValueName":"AllowUpgradesWithUnsupportedTPMOrCPU","RegValueType":"REG_DWORD"},"AndroidUserOptinValue":{"HKey":"HKEY_CURRENT_USER","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\","ValueName":"OptedIn","RegValueType":"REG_DWORD"},"AppChannels":{"FullPath":"SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*","ValueName":"ChannelId","EncodingType":"Json"},"AppRMIDs":{"FullPath":"SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*","ValueName":"ReleaseManagementId","EncodingType":"Json"},"ARCHotpatchAttached_State":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Azure Connected Machine Agent\\Windows\\Licenses\\Features\\Hotpatch","ValueName":"Subscription","RegValueType":"REG_DWORD"},"AutopilotUpdateInProgress":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate","ValueName":"AutopilotUpdateInProgress","RegValueType":"REG_DWORD"},"AvastBlackScreen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters","ValueName":"Win10-1803"},"AvastInstalledKey":{"FullPath":"SOFTWARE\\Avast Software\\Avast","IfExists":true},"AvastInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Avast Software\\Avast","IfExists":true},"AvastReg":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters","ValueName":"QualityCompat"},"AvgBlackScreen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters","ValueName":"Win10-1803"},"AVGInstalledKey":{"FullPath":"SOFTWARE\\AVG\\Antivirus","IfExists":true},"AVGInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\AVG\\Antivirus","IfExists":true},"AvgReg":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters","ValueName":"QualityCompat"},"AviraInstalledKey":{"FullPath":"SOFTWARE\\X-AVCSD\\Workstation\\Antivirus","IfExists":true},"AviraInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus","IfExists":true},"BitDefenderInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}","IfExists":true},"BlockEdgeWithChromiumUpdate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"DoNotUpdateToEdgeWithChromium","RegValueType":"REG_DWORD"},"BlockFeatureUpdates":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade","ValueName":"BlockFeatureUpdates","RegValueType":"REG_DWORD"},"BlockWUUpgrades":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile","ValueName":"BlockWUUpgrades","RegValueType":"REG_DWORD"},"BlockWUUpgradesWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile","ValueName":"BlockWUUpgrades","RegValueType":"REG_DWORD"},"BroadcomInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Symantec\\Symantec Endpoint Protection","IfExists":true},"BuildFID":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BuildFID_WCOS":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BuildFID_WCOS2":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BullguardInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard","IfExists":true},"BypassNRO":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"BypassNRO","RegValueType":"REG_DWORD"},"ChinaTypeApproval_CTA":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess","ValueName":"ActivePolicyCode","RegValueType":"REG_SZ"},"CIOptin":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"IsContinuousInnovationOptedIn","RegValueType":"REG_DWORD"},"CloudFilesFilter":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\","ValueName":"DefaultInstance","RegValueType":"REG_SZ"},"CurrentBranch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"BuildBranch","RegValueType":"REG_SZ"},"DataExpDateEpoch_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"DataExpDateEpoch","RegValueType":"REG_SZ"},"DaysSince19H1FUOffer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin","ValueName":"DaysSinceLastOffer","RegValueType":"REG_QWORD"},"DchuAmdGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","ValueName":"DriverDelete"},"DchuAmdGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","IfExists":true},"DchuAmdGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","ValueName":"DCHUVen"},"DchuAmdGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters","ValueName":"DCHUVen"},"DchuIntelGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","ValueName":"DriverDelete"},"DchuIntelGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","IfExists":true},"DchuIntelGrfxNExists":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfxn","IfExists":true},"DchuIntelGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","ValueName":"DCHUVen"},"DchuIntelGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters","ValueName":"DCHUVen"},"DchuNvidiaGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DriverDelete"},"DchuNvidiaGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","IfExists":true},"DchuNvidiaGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DCHUVen"},"DchuNvidiaGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters","ValueName":"DCHUVen"},"DchuNvidiaGrfxVenTest":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DCHUVenTest","RegValueType":"REG_DWORD"},"DefaultUserRegion":{"HKey":"HKEY_USERS","FullPath":".DEFAULT\\Control Panel\\International\\Geo","ValueName":"Nation","RegValueType":"REG_SZ"},"DeviceInfoGatherSuccessful":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing","ValueName":"DeviceInfoGatherSuccessful","RegValueType":"REG_DWORD"},"DisableWUfBOfferBlock":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"DisableWUfBOfferBlock","RegValueType":"REG_DWORD"},"DisconnectedStandby":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\Power","ValueName":"EnforceDisconnectedStandby","RegValueType":"REG_DWORD"},"DotNetMissingComponentsTroubleshooterSuccess":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\.NETFramework","ValueName":"DotNetMissingComponentsTroubleshooterSuccess","RegValueType":"REG_DWORD"},"DriverPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\DriverFlighting\\Partner","ValueName":"TargetRing","RegValueType":"REG_SZ"},"DSS_Enrolled_DF":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\WindowsUpdate","ValueName":"WUfBDF","RegValueType":"REG_DWORD"},"DSS_Enrolled_State":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WufbDS","ValueName":"enrollmenttype","RegValueType":"REG_SZ"},"DUInternal":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\MoSetup","ValueName":"DynamicUpdateInternalTest","RegValueType":"REG_DWORD"},"DurableDeviceRegionGeo":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\DeviceRegion","ValueName":"DeviceRegion","RegValueType":"REG_DWORD"},"EdgeStableOPV_Native":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"opv","RegValueType":"REG_SZ"},"EdgeStablePV_Native":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"pv","RegValueType":"REG_SZ"},"EdgeStablePV_WOW6432":{"FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"pv","RegValueType":"REG_SZ"},"EdgeStableVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"opv","RegValueType":"REG_SZ"},"EdgeWithChromiumInstallFailureCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateAttempts"},"EdgeWithChromiumInstallFailureCountWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateAttempts"},"EdgeWithChromiumInstallVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateVersion"},"EdgeWithChromiumInstallVersionWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateVersion"},"EKB19H2InstallCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\2","ValueName":"Count"},"EKB19H2InstallTimeEpoch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\2","ValueName":"Timestamp"},"EKB19H2UnInstallCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\0","ValueName":"Count"},"EKB19H2UnInstallTimeEpoch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\0","ValueName":"Timestamp"},"EnableWUfBUpgradeGatesRS5":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0","ValueName":"DataRequireGatedScanForFeatureUpdates","RegValueType":"REG_DWORD"},"ESETInstalledKey":{"FullPath":"SOFTWARE\\ESET\\ESET Security","IfExists":true},"ESETInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\ESET\\ESET Security","IfExists":true},"EsetReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters","ValueName":"WindowsCompatibilityLevel","RegValueType":"REG_DWORD"},"ESTSecurityInstalledKey":{"FullPath":"SOFTWARE\\ESTsoft","IfExists":true},"ESTSecurityInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\ESTsoft","IfExists":true},"ExpPkgs":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability","ValueName":"ExpPkgs","RegValueType":"REG_SZ"},"ExpStates":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs","ValueName":"PreviewConfigs","RegValueType":"REG_SZ"},"FeatureUpdateDeadline":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\","ValueName":"ConfigureDeadlineForFeatureUpdates","RegValueType":"REG_DWORD"},"FlightContent":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability","ValueName":"ContentType","RegValueType":"REG_SZ"},"FlightingOptOutState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection","ValueName":"OptOutState","RegValueType":"REG_DWORD"},"FODRetryPending":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing","ValueName":"FODRetry","RegValueType":"REG_DWORD"},"FSecureInstalledKey":{"FullPath":"SOFTWARE\\F-Secure\\OneClient","IfExists":true},"FSecureInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\F-Secure\\OneClient","IfExists":true},"FSRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability","ValueName":"FSRing","RegValueType":"REG_SZ"},"GamingServicesInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\GamingServices","IfExists":true},"GridZoneName":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS","ValueName":"GridZoneName","RegValueType":"REG_SZ","PersistedSourceId":"COAWOSRoot"},"GStatus_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"GStatus","RegValueType":"REG_SZ"},"GStatusBlockIDs_All":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX","ValueName":"SdbEntries","RegValueType":"REG_SZ"},"HidOverGattReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot

 

Here's more of it:

%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll","ValueName":"Source","RegValueType":"REG_SZ"},"HotPatchEKBInstalled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64","IfExists":true},"IIS_ASPNET":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET","ValueName":"Selection","RegValueType":"REG_DWORD"},"IIS_NetFxExtensibility":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility","ValueName":"Selection","RegValueType":"REG_DWORD"},"InstallDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"InstallDate","RegValueType":"REG_DWORD"},"IntelPlatformId":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0","ValueName":"Platform Specific Field 1","RegValueType":"REG_DWORD"},"IppPrinterBadDefaultPdc":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData","ValueName":"V4_PDC_ChangeID","RegValueType":"REG_SZ","EncodingType":"Json"},"IsAutopilotRegistered":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache","ValueName":"ProfileAvailable","RegValueType":"REG_DWORD"},"IsFlightingEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability","ValueName":"IsBuildFlightingEnabled","RegValueType":"REG_DWORD"},"IsCHCapableBuild":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}","IfExists":true},"IsCldFltSyncRoots":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*","IfExists":true},"IsConfigMgrEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState","ValueName":"ConfigMgrEnabled","RegValueType":"REG_DWORD"},"IsContainerMgrInstalled":{"FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService","IfExists":true},"IsEdgeWithChromiumInstalled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"IsEdgeWithChromiumInstalledWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"IsFeedbackHubSelfhost":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost","IfExists":true},"IsFSOverlay":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\GlobMerger","ValueName":"IsEnabled","RegValueType":"REG_DWORD"},"IsHybridOrXGpu":{"FullPath":"SOFTWARE\\Microsoft\\DirectX","ValueName":"HybridDeviceApplicableForDxDbGpuPreferences"},"IsProcessorMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings","ValueName":"IsProcessorMode","RegValueType":"REG_QWORD"},"IsRemoteDesktopSessionHost":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"EditionID","RegValueType":"REG_SZ"},"IsSpotlightEnabledInOEMTheme":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes","ValueName":"WindowsSpotlight","RegValueType":"REG_DWORD"},"IsSpotlightThemeEnabledByOEM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization","ValueName":"WindowsSpotlightTheme","RegValueType":"REG_DWORD"},"IsVbsEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\ControlSet001\\Control\\DeviceGuard","ValueName":"EnableVirtualizationBasedSecurity","RegValueType":"REG_DWORD"},"IsWDAGEnabled":{"FullPath":"SYSTEM\\ControlSet001\\Services\\hvsics","IfExists":true},"IsWDATPEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status","ValueName":"OnboardingState"},"K7InstalledKey":{"FullPath":"SOFTWARE\\K7 Computing","IfExists":true},"K7InstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\K7 Computing","IfExists":true},"KasperskyInstalledKey":{"FullPath":"SOFTWARE\\KasperskyLab","IfExists":true},"KasperskyInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\KasperskyLab","IfExists":true},"KasperskyReg":{"FullPath":"System\\CurrentControlSet\\Services\\klhk\\Parameters","ValueName":"UseVtHardware"},"KingsoftInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security","IfExists":true},"KingsoftInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security","IfExists":true},"KioskMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount","ValueName":"ConfigSource","RegValueType":"REG_DWORD"},"KnownFoldersBackupStatus":{"HKey":"HKEY_CURRENT_USER","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus","ValueName":"OneDrive","RegValueType":"REG_SZ"},"LaunchOobeInEndUserSession":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"ContinueOobeInEnduserSession"},"LaunchUserOOBE":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"LaunchUserOOBE","RegValueType":"REG_DWORD"},"LCUVer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"LCUVer"},"LenovoInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1","IfExists":true},"LenovoInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1","IfExists":true},"MalwarebytesInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1","IfExists":true},"MalwarebytesInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1","IfExists":true},"McAfeeInstalledKey":{"FullPath":"SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams","IfExists":true},"McAfeeInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams","IfExists":true},"MDE4WSLPluginReleaseRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Microsoft Defender for Endpoint plug-in for WSL","ValueName":"ReleaseRing","RegValueType":"REG_SZ"},"MDEWSLPluginReleaseRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Lxss\\Plugins\\DefenderPlug-in","ValueName":"ReleaseRing","RegValueType":"REG_SZ"},"Migrated_GatedFeature_NI22H2":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2","ValueName":"GatedFeatureSingleString","RegValueType":"REG_SZ"},"Migrated_GatedFeature_NI22H2Setup":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup","ValueName":"GatedFeatureSingleString","RegValueType":"REG_SZ"},"MTPTargetingInfo":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Platform\\MTPTargetingInfo","ValueName":"TargetRing"},"NonSecurityUpdate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"NonSecurityRelease","RegValueType":"REG_DWORD"},"NPUEnabledDevice":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects","ValueName":"EffectsCameraAvailable","RegValueType":"REG_DWORD"},"OEMMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM","ValueName":"OOBEMode","RegValueType":"REG_SZ"},"OEMModelBaseBoard":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\BIOS","ValueName":"BaseBoardProduct","RegValueType":"REG_SZ"},"OemPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Platform\\DeviceTargetingInfo","ValueName":"TargetRing","RegValueType":"REG_SZ"},"OEMSubModel":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\BIOS","ValueName":"SystemSKU","RegValueType":"REG_SZ"},"OobeNdupAcceptedTarget":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates","ValueName":"Target","RegValueType":"REG_SZ"},"OobeNdupFU22621CommitChoice":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621","ValueName":"CommitChoice","RegValueType":"REG_DWORD"},"OobeNdupFUTarget":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22631","ValueName":"Target","RegValueType":"REG_SZ"},"OobeSeeker":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates","ValueName":"OOBEUpdateStarted"},"OSDataDriverPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner","ValueName":"TargetRing","RegValueType":"REG_SZ"},"OSRollbackBuild":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"BuildString","RegValueType":"REG_SZ"},"OSRollbackCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"Count","RegValueType":"REG_DWORD"},"OSRollbackDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"DateStamp","RegValueType":"REG_DWORD"},"PandaInstalledKey":{"FullPath":"SOFTWARE\\Panda Software\\Setup","IfExists":true},"PandaInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Panda Software\\Setup","IfExists":true},"PausedFeatureStatus":{"FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"PausedFeatureStatus"},"PausedQualityStatus":{"FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"PausedQualityStatus"},"PlayFabPartyRelay":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PlayFabPartyRelay","IfExists":true},"PonchAllow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"cadca5fe-87d3-4b96-b7fb-a231484277cc","RegValueType":"REG_DWORD"},"PonchAllowKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc","IfExists":true},"PonchAllowWow":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"cadca5fe-87d3-4b96-b7fb-a231484277cc"},"PonchAllowWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc","IfExists":true},"PonchBlock":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"65d75b03-6f4d-46e9-b870-517731e06cf9","RegValueType":"REG_DWORD"},"PreviewBuildsManagerEnabled":{"FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager","ValueName":"ArePreviewBuildsAllowed"},"ProductType":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\ProductOptions","ValueName":"ProductType"},"PSAKyoceraMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg","IfExists":true},"PSATATriumphMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y","IfExists":true},"PSAXeroxMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8","IfExists":true},"QihooInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity","IfExists":true},"QUDeadline":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"ConfigureDeadlineForQualityUpdates","RegValueType":"REG_DWORD"},"QUDeadlineMDM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update","ValueName":"ConfigureDeadlineForQualityUpdates","RegValueType":"REG_DWORD"},"QuickhealInstalledKey1":{"FullPath":"SYSTEM\\CurrentControlSet\\Servicescatflt","IfExists":true},"QuickhealInstalledKey2":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe","IfExists":true},"RecoveredFromBuild":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom","ValueName":"LastBuild","RegValueType":"REG_DWORD"},"RecoveredOnDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom","ValueName":"DateStamp","RegValueType":"REG_DWORD"},"ReleaseType":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo","ValueName":"ReleaseType","RegValueType":"REG_SZ"},"RobloxPlayer":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"roblox-player","RegValueType":"REG_SZ","IfExists":true},"RobloxStudio":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"roblox-studio","RegValueType":"REG_SZ","IfExists":true},"SetupDisplayedEulaVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\","ValueName":"SetupDisplayedEulaVersion","RegValueType":"REG_DWORD"},"SH_SIPolicyCleanup":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PPI\\Settings","ValueName":"SIPolicyCleanup","RegValueType":"REG_DWORD"},"SmartActiveHoursState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SmartActiveHoursState","RegValueType":"REG_DWORD"},"SophosInstalledKey1":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\SAVService","IfExists":true},"SophosInstalledKey2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc","IfExists":true},"StayOnWindows10Timestamp":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferDeclined","RegValueType":"REG_QWORD"},"Steam":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Classes\\Steam","ValueName":"","RegValueType":"REG_SZ"},"StrictHiveSecurityReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*","ValueName":"StrictHiveSecuritySet"},"SymantecInstalledKey":{"FullPath":"SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}","IfExists":true},"SymantecInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}","IfExists":true},"SystemGuard_Enabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios\\SystemGuard","ValueName":"Enabled","RegValueType":"REG_DWORD"},"SystemManufacturer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\SystemInformation","ValueName":"SystemManufacturer","RegValueType":"REG_SZ"},"SystemProductName":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\SystemInformation","ValueName":"SystemProductName","RegValueType":"REG_SZ"},"TargetReleaseVersionGP":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"TargetReleaseVersionInfo","RegValueType":"REG_SZ"},"TargetReleaseVersionMDM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update","ValueName":"TargetReleaseVersion","RegValueType":"REG_SZ"},"TenantId":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*","ValueName":"TenantId"},"TencentInstalledKey":{"FullPath":"SOFTWARE\\Tencent\\QQPCMgr","IfExists":true},"TencentInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr","IfExists":true},"TencentReg":{"FullPath":"SYSTEM\\CurrentControlSet\\services\\TesSafe","ValueName":"LoadStartTime"},"TencentType":{"FullPath":"SYSTEM\\CurrentControlSet\\services\\TesSafe","ValueName":"Type"},"TestRN":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON","ValueName":"TestRing"},"ThreatTrackInstalledKey":{"FullPath":"SOFTWARE\\SBAMSvc","IfExists":true},"ThreatTrackInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\SBAMSvc","IfExists":true},"TimestampEpochString_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"TimestampEpochString","RegValueType":"REG_SZ"},"TrendInstalledKey":{"FullPath":"SOFTWARE\\TrendMicro","IfExists":true},"TrendInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\TrendMicro","IfExists":true},"UHSEnrolled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"UHSEnrolled","RegValueType":"REG_SZ","IfExists":true},"UninstallActive":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"System\\Setup","ValueName":"UninstallActive","RegValueType":"REG_DWORD"},"UpdateOfferedDays":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\","ValueName":"UpToDateDays","RegValueType":"REG_DWORD"},"UpdatePreference":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"UpdatePreference","RegValueType":"REG_DWORD"},"UpgEx_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"UpgEx","RegValueType":"REG_SZ"},"UpgradeAccepted":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\","ValueName":"UpgradeAccepted","RegValueType":"REG_DWORD","IfExists":true},"UpgradeEligible":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"UpgradeEligible","RegValueType":"REG_DWORD"},"UserInPlaceUpgrade":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"UserInPlaceUpgrade","RegValueType":"REG_DWORD"},"UsoScanMitigation":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator\\Mitigation\\","ValueName":"UsoScanNotStartingMitigationCompleted","RegValueType":"REG_DWORD","IfExists":true},"UtcDataHandlingPolicies":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack","ValueName":"UtcDataHandlingPolicies","RegValueType":"REG_QWORD"},"UUSVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator","ValueName":"LastRunVersion","RegValueType":"REG_SZ"},"WAS_NetFxEnvironment":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment","ValueName":"Selection","RegValueType":"REG_DWORD"},"WCFHTTPActivationNotificationState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation","ValueName":"Selection","RegValueType":"REG_DWORD"},"WCFNonHTTPActivationNotificationState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation","ValueName":"Selection","RegValueType":"REG_DWORD"},"WebExperience":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"WebExperienceWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"WebrootInstalledKey":{"FullPath":"SOFTWARE\\WRData","IfExists":true},"WebrootInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\WRData","IfExists":true},"Win11UpgradeAcceptedTimestamp":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferAccepted","RegValueType":"REG_QWORD"},"Win11UpgradeAcceptedWUSeeker":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferAccepted","RegValueType":"REG_QWORD","IfExists":true},"WindowsAccountSyncConsentApplicable":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT","ValueName":"isApplicable","RegValueType":"REG_DWORD"},"WindowsAccountSyncConsentPromptAllowed":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT","ValueName":"isSystemInitiatedPromptAllowed","RegValueType":"REG_DWORD"},"WindowsAccountSyncConsentState":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT\\DATASHARING","ValueName":"isConsentAccepted","RegValueType":"REG_DWORD"},"WindowsMixedReality":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors","ValueName":"WdfMajorVersion","RegValueType":"REG_DWORD"},"WOSCEndpointsSupported":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent","ValueName":"EndpointsSupported","RegValueType":"REG_SZ"},"WSX_Runtime":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"ExperienceExtensions","RegValueType":"REG_SZ"},"WSX_Windows_AccountControl":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.AccountControl","RegValueType":"REG_SZ"},"WSX_Windows_AppSample":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.AppSample","RegValueType":"REG_SZ"},"WSX_Windows_Settings_Account":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.Settings.Account","RegValueType":"REG_SZ"},"WSX_Windows_Shell_Start":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.Shell.StartMenu","RegValueType":"REG_SZ"}},"FileInfo":{"AvastVer":{"Path":"\\system32\\Drivers\\aswVmm.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"AvgVer":{"Path":"\\system32\\Drivers\\avgVmm.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"BullguardInstalledVer":{"Path":"\\BullGuard Ltd\\BullGuard\\BullGuard.exe","IfExists":true,"FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CortanaAppVer":{"Path":"\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CortanaAppVerTest":{"Path":"\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CrowdStrikeInstalledVer":{"Path":"drivers\\CrowdStrike\\CSAgent.sys","IfExists":true,"FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"DmdHpControlPackageEnUs":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\en-US\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"DmdHpControlPackageMultiloc":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\multiloc\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"DmdHpControlPackageTr":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\tr\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"EsetVer":{"Path":"\\drivers\\ehdrv.sys","FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"FileExistsMscoreeDll":{"Path":"%windir%\\\\system32\\\\mscoree.dll","IfExists":true},"GDataInstalledVer":{"Path":"\\drivers\\MiniIcpt.sys","IfExists":true,"FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"HidparseDriversVer":{"Path":"%windir%\\system32\\drivers\\hidparse.sys"},"HidparseSystem32Ver":{"Path":"%windir%\\system32"},"HidparseSystem32Ver1":{"Path":"%windir%\\system32\\hidparse.sys"},"IsNotepadExePresent":{"Path":"%windir%\\system32\\notepad.exe","IfExists":true},"K7InstalledVer":{"Path":"\\K7 Computing","IfExists":true,"FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"KasperskyVer":{"Path":"\\system32\\Drivers\\klhk.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"OnnxruntimeVer":{"Path":"%windir%\\\\system32\\\\onnxruntime.dll"},"PandaInstalledVer":{"Path":"\\Panda Security","IfExists":true,"FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"SkypeRoomSystem":{"Path":"%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml","IfExists":true},"SymantecVer":{"Path":"\\Symantec\\Shared\\EENGINE\\eeCtrl.sys","FolderGuid":"{DE974D24-D9C6-4D3E-BF91-F4455120B917}"},"SymantecVer64":{"Path":"\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys","FolderGuid":"{DE974D24-D9C6-4D3E-BF91-F4455120B917}"},"TobiiVer":{"Path":"\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"TobiiVer1x86":{"Path":"\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"TobiiVerx86":{"Path":"\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"TrendInstalledVer":{"Path":"\\Trend Micro\\Titanium\\plugin\\plugVizor.dll","IfExists":true,"FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"TrendMicroVer":{"Path":"\\drivers\\TMUMH.sys","FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"WuClientVer":{"Path":"\\system32\\wuaueng.dll","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"XamlCbsActivationStore":{"Path":"%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat","IfExists":true},"XamlCbsActivationStoreArm64":{"Path":"%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat","IfExists":true}},"Licensing":{"UpdateManagementGroup":{"Name":"UpdatePolicy-UpdateManagementGroup"}},"UpdatePolicy":{"AdminOptedIntoRebootlessUpdates":{"PolicyEnum":59,"Enterprise":true},"AllowOptionalContent":{"PolicyEnum":58,"Enterprise":true},"BranchReadinessLevel":{"PolicyEnum":5,"Enterprise":true},"BranchReadinessLevelSource":

 

And more:

{"PolicyEnum":5,"Enterprise":true,"UseSource":true},"DeferFeatureUpdatePeriodInDays":{"PolicyEnum":9,"Enterprise":true},"DeferQualityUpdatePeriodInDays":{"PolicyEnum":7,"Enterprise":true},"DisableDualScan":{"PolicyEnum":42,"Enterprise":true},"EnableWUfBUpgradeGates":{"PolicyEnum":51,"Enterprise":true},"TargetProductVersion":{"PolicyEnum":53,"Enterprise":true},"TargetReleaseVersion":{"PolicyEnum":50,"Enterprise":true},"UpdateServiceUrl":{"PolicyEnum":12},"WUfBClientManaged":{"PolicyEnum":32,"Enterprise":true}},"Policy":{"DesiredOcpVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"},"DesiredOsVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"},"DesiredSystemManifestVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"},"DucCustomPackageId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"},"DucDeviceModelId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"},"DucOemPartnerRing":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"},"DucPublisherId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"},"SetPolicyDrivenUpdateSourceForFeatureUpdates":{"LocUri":"./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"},"WSUSconfigured_csp":{"LocUri":"./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"}},"AppInfo":{"WidgetsAppVer":{"Name":"MicrosoftWindows.Client.WebExperience"}},"WMI":{"ElanFingerprintDriverVersion":{"Query":"SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'","Name":"DriverVersion","Timeout":2000},"FirstStorageSpaceDeviceId":{"Query":"SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'","Name":"DeviceID","Timeout":2000},"IIS_ASPNET_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'","Name":"InstallState","Timeout":2000},"IIS_NetFxExtensibility_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'","Name":"InstallState","Timeout":2000},"NetFx3State":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'","Name":"InstallState","Timeout":2000},"PSAKyoceraInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'","Name":"Name","Timeout":2000},"PSATATriumphInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'","Name":"Name","Timeout":2000},"WAS_NetFxEnvironment_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'","Name":"InstallState","Timeout":2000},"WCFHTTPActivationState":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'","Name":"InstallState","Timeout":2000},"WCFNonHTTPActivationState":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'","Name":"InstallState","Timeout":2000},"XeroxPsaInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'","Name":"Name","Timeout":2000}},"RegionPolicy":{"IsCampaignEdgePromotionEnabled":{"ForceEvaluate":false,"PolicyGUID":"{2BF706DE-6DBB-4692-B7EF-84D80C47E927}"},"IsCampaignSegmentTargetingEnabled":{"ForceEvaluate":false,"PolicyGUID":"{36996754-E327-483A-902F-523E2BA03239}"}}}"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\com.avast.nativeproxy]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\com.avast.nativeproxy]
""="C:\Program Files\AVAST Software\Avast\AvastNM.json"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-2007.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-downloads.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-hq.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\download-avast.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\www.avast]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\telecharger-avast.com]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\aswbIDSAgent]
"Path"=""C:\Program Files\AVAST Software\Avast\aswidsagent.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\aswbIDSAgent]
"Path.Org"=""C:\Program Files\AVAST Software\Avast\aswidsagent.exe""

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\aswbIDSAgent]
"Path.Win32"="C:\Program Files\AVAST Software\Avast\aswidsagent.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\avast! Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\avast! Antivirus]
"ServiceName"="avast! Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\avast! Antivirus]
"Path"=""C:\Program Files\AVAST Software\Avast\AvastSvc.exe" /runassvc"

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\avast! Antivirus]
"Path.Org"=""C:\Program Files\AVAST Software\Avast\AvastSvc.exe" /runassvc"

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\avast! Antivirus]
"Path.Win32"="C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\avast! Antivirus]
"DisplayName"="Avast Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AvastWscReporter]

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AvastWscReporter]
"ServiceName"="AvastWscReporter"

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AvastWscReporter]
"Path"=""C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver"

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AvastWscReporter]
"Path.Org"=""C:\Program Files\AVAST Software\Avast\wsc_proxy.exe" /runassvc /rpcserver"

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AvastWscReporter]
"Path.Win32"="C:\Program Files\AVAST Software\Avast\wsc_proxy.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AvastWscReporter]
"DisplayName"="AvastWscReporter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-4161042128-27025238-194098315-1001]
"\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe"="0x33A3568C8B52D50100000000000000000000000002000000"

[HKEY_USERS\.DEFAULT\Software\Avast Software]

[HKEY_USERS\.DEFAULT\Software\Avast Software\Avast]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-2007.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-downloads.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-hq.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\download-avast.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\avast]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\www.avast]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\telecharger-avast.com]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\AVAST Software]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\AVAST Software\Avast]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\286135bd_0]
""="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0230&subsys_17aa3820&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5a2e1c0b_0]
""="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0230&subsys_17aa3820&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\espeakertopo/00010001|\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8024366c_0]
""="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0230&subsys_17aa3820&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\eheadphonetopo/00010001|\Device\HarddiskVolume3\Program Files\Avast Software\Avast\AvastUI.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ec73648b_0]
""="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0230&subsys_17aa3820&rev_1000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\espeakertopo/00010001|\Device\HarddiskVolume3\Program Files\Avast Software\Avast\AvastUI.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\default$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~avast! antivirus]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-2007.com]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-downloads.com]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-hq.com]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\download-avast.com]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\avast]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\www.avast]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\telecharger-avast.com]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\avast! Antivirus]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\User\Desktop\avast_free_antivirus_setup_online_cnet2.exe"="0x534143500100000000000000070000002800000090B802000AB7030001000000000000000000000A00210000DB80FDAC2839D3010000000000000000020000002800000000000000000000400000000000000000000000000000000059A90800000000000100000001000000"

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\User\Desktop\avast_free_antivirus_setup_online.exe"="0x5341435001000000000000000700000028000000E85C0300BE58040001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000015B90200000000000100000001000000"

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MSPaint_8wekyb3d8bbwe\PersistedStorageItemTable\MostRecentlyUsed\{2752C3AB-9C4E-4926-9AC7-A1D4D602F6F4}]
"FilePath"="\\?\Volume{E7C1BEB2-8B51-4959-B3A8-2C788C00FA2E}\Users\User\Desktop\avast.png"

 

This is more:


===================== Search result for "Avira" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributes"="{"Version":383,"SchemaVersion":1,"PartA":["App","AppVer","AttrDataVer"],"Default":["DeviceFamily","f:FlightRing","t:OSVersionFull"],"PartB":{"ACSOVERRIDE":["OSArchitecture","c:IsAlwaysOnAlwaysConnectedCapable"],"APPTARGETEDFEATUREDB":["c:FlightingBranchName","f:FlightRing","t:OSVersionFull","DeviceFamily"],"CASSCLIENT":["OSVersion","c:OSEdition","f:FlightRing","c:OSUILocale","f:FlightingBranchName","r:OEMMode"],"CDM":["ChassisTypeId","r:CurrentBranch","DeviceFamily","f:FlightingBranchName","f:FlightRing","c:InstallLanguage","c:IsDomainJoined","t:IsTestLab","OEMModel","OSArchitecture","OSVersion","t:OSSkuId","crocessorIdentifier","c:TelemetryLevel","t:IsMsftOwned","t:WCOSProductId","c:OSUILocale","c:CommercialId","c:ActivationChannel","c:SCCMClientId","c:IsCloudDomainJoined","r:WebExperience","c:FlightIds","AccountFirstChar","r:WSX_Windows_Settings_Account","r:InstallDate","r:WSX_Runtime","refaultUserRegion","a:GatedFeature_NI22H2","r:WSX_Windows_Shell_Start","a:GatedFeature_CU23H2","r:ExpStates","n:MVVersion","r:CIOptin","crocessorCores","c:TotalPhysicalRAM","r:TestRN","u:UpdateServiceUrl","u:WUfBClientManaged","r:UUSVersion","DL_OSVersion","r:ExpPkgs","u:AllowOptionalContent","n:IsMicrosoftAAD","q:WidgetsAppVer","c:IsDeviceRetailDemo","r:IsFSOverlay","a:SdbVer_NI22H2","r:EdgeStableVersion","r:Migrated_GatedFeature_NI22H2Setup","a:SdbVer_21H2","a:GatedFeature_21H2","r:UtcDataHandlingPolicies","v:SkypeRoomSystem","r:BypassNRO","c:IsVirtualDevice"],"CDM_OS":["+CDM","c:FlightIds"],"COMPATLOGGER":["osVer","ring","deviceId"],"CONTENT_DELIVERY_MANAGER":["c:OSEdition","t:OSSkuId","c:OSUILocale","a:UpgEx_CO21H2","a:GStatus_CO21H2","aataExpDateEpoch_CO21H2","a:TimestampEpochString_CO21H2","r:AndroidUserOptinValue","f:FlightingBranchName","f:FlightRing","r:CurrentBranch","procm","r:NPUEnabledDevice","MX_FlightIds","r:KnownFoldersBackupStatus","c:IsDomainJoined","iepe","iste","drgng","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentPromptAllowed","aipc","ram","prccn","prccs","prcmf"],"CORTANA_GATEKEEPER":["r:CurrentBranch","f:FlightRing","f:IsRetailOS"],"CORTANAUWP":["c:OSUILocale","t:OSVersionFull","v:CortanaAppVer"],"CORTANAUWPTEST":["+CORTANAUWP","v:CortanaAppVerTest"],"CTAC":["+FSS"],"DDC":["+WU_STORE","+_WU_PTI"],"DXDB":["DeviceFamily","f:FlightRing","r:IsHybridOrXGpu","t:OSVersionFull","OSVersion"],"EDGE_SERVICEUI":["t:LocalDeviceID","t:LocalUserID"],"FCON":["+CDM"],"FSS":["rreviewBuildsManagerEnabled","f:BranchReadinessLevelRaw","u:BranchReadinessLevelSource","r:BuildFID","teviceFamily","DeviceId","c:EnablePreviewBuilds","f:FlightingPolicyValue","f:IsRetailOS","f:ManagePreviewBuilds","OSVersionFull","t:WCOSProductId","r:SmartActiveHoursState","r:ActiveHoursStart","r:ActiveHoursEnd","r:IsCHCapableBuild","r:FSRing","s:MaxShellVersion","s:MinShellVersion","c:TPMVersion","c:SecureBootCapable","crocessorClockSpeed","crocessorCores","c:TotalPhysicalRAM","t:SMode","c:SystemVolumeTotalCapacity","c:OEMManufacturerName","c:OEMModelNumber","a:ISVM","r:AllowUpgradesWithUnsupportedTPMOrCPU","r:IntelPlatformId","r:IsConfigMgrEnabled","f:IsFlightingEnabled","reviceInfoGatherSuccessful","c:IsVirtualDevice","r:OemPartnerRing","c:FlightingBranchName","a:UpgEx_CO21H2","a:UpgEx_NI22H2","a:UpgEx_GE24H2"],"FXIRISCLIENT":["+IRISCLIENT"],"GS":["t:OSSkuId","t:OSVersionFull","r:CurrentBranch","refaultUserRegion","DeviceFamily","c:FlightIds","f:FlightingBranchName","f:FlightRing","c:IsCloudDomainJoined","t:IsMsftOwned","f:IsRetailOS","c:OSUILocale","c:IsDomainJoined"],"IRISCLIENT":["+IRISCLIENTBASE","c:FlightIds"],"IRISCLIENTBASE":["DeviceFamily","OSVersion","t:OSSkuId","OSArchitecture","c:TelemetryLevel","f:FlightRing","f:FlightingBranchName","OEMModel","c:OSUILocale","c:OSEdition","r:CurrentBranch","t:WCOSProductId","c:InstallationType","r:InstallDate","c:IsDeviceRetailDemo","f:IsRetailOS","prccs","prccn","prcmf","ram","c3DMaxFeatureLevel","c:IsAlwaysOnAlwaysConnectedCapable","t:SMode","t:LocalUserID","r:AndroidUserOptinValue","procm","MX_FlightIds","a:UpgEx_CO21H2","r:KnownFoldersBackupStatus","c:OEMModelSystemFamily","OEMName_Uncleaned","r:IsSpotlightEnabledInOEMTheme","r:IsSpotlightThemeEnabledByOEM","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed","iepe","iste","drgng","aipc","oemname","smbiosdm"],"IRISCLIENTV2":["+IRISCLIENTBASE","IX_FlightIds"],"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE":["t:OSVersionFull","t:IsTestLab","f:FlightRing"],"MITIGATION":["teviceFamily","f:FlightRing","c:FlightIds","c:IsDomainJoined","t:IsMsftOwned","f:IsRetailOS","t:IsTestLab","IsVM","OEMModel","c:OSEdition","t:OSSkuId","t:OSVersionFull","c:OSUILocale","t:SMode","f:IsFlightingEnabled","c:FirmwareVersion","c:TelemetryLevel","f:FlightingBranchName","r:CurrentBranch","OSVersion","w:FirstStorageSpaceDeviceId","r:IsCldFltSyncRoots","c:OSInstallType","v:IsNotepadExePresent","r:StrictHiveSecurityReg","a:GatedBlockId_21H1","r:UpdateOfferedDays","r:UsoScanMitigation","r:GamingServicesInstalledKey","v:FileExistsMscoreeDll","w:NetFx3State","r:WCFHTTPActivationNotificationState","w:WCFHTTPActivationState","r:WCFNonHTTPActivationNotificationState","w:WCFNonHTTPActivationState","rotNetMissingComponentsTroubleshooterSuccess","r:IIS_ASPNET","w:IIS_ASPNET_WMI","r:IIS_NetFxExtensibility","w:IIS_NetFxExtensibility_WMI","r:WAS_NetFxEnvironment","w:WAS_NetFxEnvironment_WMI","v:XamlCbsActivationStore","v:XamlCbsActivationStoreArm64","v:OnnxruntimeVer","w:ElanFingerprintDriverVersion","r:AADBrokerPluginNotRegistered","r:TenantId","r:IppPrinterBadDefaultPdc","r:FlightingOptOutState","r:CloudFilesFilter","rSAKyoceraMissingDEH","rSATATriumphMissingDEH","rSAXeroxMissingDEH","wSAKyoceraInstalledName","wSATATriumphInstalledName","w:XeroxPsaInstalledName","vmdHpControlPackageEnUs","vmdHpControlPackageMultiloc","vmdHpControlPackageTr"],"MLMOD":["ChassisTypeId","teviceFamily","f:FlightingBranchName","f:FlightRing","f:IsRetailOS","t:OSSkuId","t:OSVersionFull","c:OSUILocale","OSVersion","c:TelemetryLevel","r:CurrentBranch","t:IsTestLab","crimaryDiskType","FX_FlightIds"],"MTP":["+_WU_OS_CORE"],"MUSE":["+_WU_FB","ChassisTypeId","deviceClass","deviceId","c:FlightIds","locale","ms","os","osVer","ring","sampleId","sku","raysSince19H1FUOffer","uisableDualScan","u:UpdateServiceUrl","c:CommercialId","f:FlightingBranchName","c:SystemVolumeTotalCapacity","c:IsAlwaysOnAlwaysConnectedCapable","crocessorCores","crimaryDiskType","c:TotalPhysicalRAM","crocessorClockSpeed","crocessorIdentifier","crocessorModel","c:ActivationChannel","c:IsCloudDomainJoined","c:isCommercial","c:IsDomainJoined","c:IsMDMEnrolled","c:SCCMClientID","r:OEMSubModel","c:OEMModelNumber","c:OEMManufacturerName","r:OobeSeeker","refaultUserRegion"],"NARRATORNNV":["+WU_STORE"],"NOISYHAMMER":["+WU_OS"],"PHS":["r:GridZoneName","OEMModel","c:OEMManufacturerName","c:OSUILocale","r:OEMSubModel","DeviceFamily"],"RULESENGINE":["c:OSEdition","t:OSSkuId","c:OSUILocale","a:UpgEx_CO21H2","a:GStatus_CO21H2","aataExpDateEpoch_CO21H2","a:TimestampEpochString_CO21H2","r:AndroidUserOptinValue","f:FlightingBranchName","f:FlightRing","r:CurrentBranch","crocessorModel","r:NPUEnabledDevice","MX_FlightIds","r:KnownFoldersBackupStatus","c:IsDomainJoined","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed"],"RUXIM":["c:ActivationChannel","f:FlightRing","r:InstallDate","f:IsFlightingEnabled","a:ISVM","OEMModel","OSArchitecture","t:OSSkuId","c:SCCMClientID","r:SetupDisplayedEulaVersion","r:KioskMode","r:OobeSeeker","r:UninstallActive","c:OEMManufacturerName","r:OEMSubModel","c:OSUILocale"],"SEDIMENTPACK":["+WU_OS"],"SERVICEEXPERIENCES":["f:FlightingBranchName","f:FlightRing","s:MaxShellVersion","s:MinShellVersion","t:IsTestLab","c:TelemetryLevel","t:OSSkuId","r:CurrentBranch","OSVersion","DeviceFamily","r:WSX_Windows_Settings_Account","c:FlightIds","r:WSX_Runtime","r:WSX_Windows_Shell_Start","r:WSX_Windows_AppSample","r:WSX_Windows_AccountControl"],"SERVICING_CBS":["+WU","osVer"],"SETUP360":["t:OSSkuId","f:FlightRing"],"SMARTOPTOUT":["+CDM"],"STORAGEGROVELER":["a:Free","c:TelemetryLevel","f:FlightRing","f:IsFlightingEnabled","IsVM","t:OSVersionFull"],"UTC":["+UTC_STATIC","osVer","locale","ring","filotRing","f:IsRetailOS","ms","expId","t:SMode","f:FlightingBranchName","c:CommercialId","r:IsFeedbackHubSelfhost","c:AzureVMType","t:IsTestLab","c:TelemetryLevel","c:IsVirtualDevice","r:IsProcessorMode","r:UtcDataHandlingPolicies"],"UTC_STATIC":["os","deviceId","sampleId","deviceClass","sku","OEMModel","OEMName_Uncleaned","crimaryDiskType","crocessorModel","c:TotalPhysicalRAM"],"UUS":["OSVersion","f:FlightRing","t:IsTestLab","t:OSVersionFull","f:FlightingBranchName","r:CurrentBranch","f:IsFlightingEnabled"],"WAASASSESSMENT":["+WU_OS"],"WAASMEDIC":["os","osVer","ring","deviceClass","deviceId","locale","sku","c:ActivationChannel","c:CommercialId","r:CurrentBranch","f:FlightingBranchName","c:IsCloudDomainJoined","c:IsDomainJoined","t:IsTestLab","OSVersion","c:SCCMClientID","c:TelemetryLevel","r:FlightingOptOutState"],"WOSC":["teviceFamily","f:FlightRing","f:IsFlightingEnabled","t:IsMsftOwned","t:LocalDeviceID","t:OSSkuId","c:OSUILocale","t:OSVersionFull","c:TelemetryLevel","r:IsHybridOrXGpu","rlayFabPartyRelay","OSVersion","n:IsMicrosoftAAD","r:WOSCEndpointsSupported"],"WPSHIFT":["+MTP"],"WU":["+WU_OS","rUInternal"],"_WU_AV":["r:AvastReg","r:AvastBlackScreen","v:AvastVer","r:AvgReg","v:AvgVer","r:EsetReg","v:EsetVer","r:KasperskyReg","v:KasperskyVer","v:SymantecVer","r:TencentReg","r:TencentType","r:AhnlabInstalledKey","r:AvastInstalledKey","r:AVGInstalledKey","r:AviraInstalledKey","r:BullguardInstalledKey","r:ESETInstalledKey","r:ESTSecurityInstalledKey","r:FSecureInstalledKey","v:GDataInstalledVer","r:K7InstalledKey","r:KasperskyInstalledKey","r:KingsoftInstalledKey","r:LenovoInstalledKey","r:MalwarebytesInstalledKey","r:McAfeeInstalledKey","randaInstalledKey","r:QuickhealInstalledKey1","r:SophosInstalledKey1","r:SymantecInstalledKey","r:TencentInstalledKey","r:ThreatTrackInstalledKey","r:TrendInstalledKey","r:WebrootInstalledKey","v:K7InstalledVer"],"_WU_COMMON":["r:CurrentBranch","refaultUserRegion","DeviceFamily","rriverPartnerRing","r:FlightContent","f:FlightingBranchName","f:FlightRing","HoloLens","c:InstallationType","c:InstallLanguage","f:IsFlightingEnabled","r:IsFlightingEnabled","c:MobileOperatorCommercialized","OEMModel","OEMName_Uncleaned","r:OemPartnerRing","OSArchitecture","OSVersion","t:OSSkuId","c:OSUILocale","crocessorManufacturer","r:ReleaseType","v:SkypeRoomSystem","t:SMode","c:TelemetryLevel","r:WindowsMixedReality","v:WuClientVer","pucPublisherId","pucDeviceModelId","pucOemPartnerRing","pucCustomPackageId","pesiredOsVersion","pesiredSystemManifestVersion","r:TenantId"],"_WU_FB":["u:BranchReadinessLevel","ueferQualityUpdatePeriodInDays","ueferFeatureUpdatePeriodInDays","rausedFeatureStatus","rausedQualityStatus","u:TargetReleaseVersion","r:QUDeadline","r:UpdatePreference","r:UpdateOfferedDays","u:TargetProductVersion","DSS_Enrolled","r:NonSecurityUpdate","u:AdminOptedIntoRebootlessUpdates"],"WU_OS":["+_WU_OS_CORE","+_WU_FB"],"_WU_OS_CORE":["+_WU_COMMON","+_WU_AV","r:AhnLabKeyboard","a:Bios","r:BlockFeatureUpdates","c:CommercialId","aataVer_RS5","risconnectedStandby","rchuNvidiaGrfxExists","rchuNvidiaGrfxVen","rchuIntelGrfxExists","rchuIntelGrfxVen","rchuAmdGrfxExists","rchuAmdGrfxVen","c:FirmwareVersion","a:Free","a:GStatus_RS3","a:GStatus_RS4","a:GStatus_RS5","r:HidOverGattReg","r:InstallDate","c:IsDeviceRetailDemo","c:IsPortableOperatingSystem","IsVM","c:OEMModelBaseBoard","r:OobeSeeker","r:OSRollbackBuild","r:OSRollbackCount","r:OSRollbackDate","PhoneTargetingName","ronchAllow","ronchBlock","crocessorIdentifier","r:RecoveredFromBuild","r:RecoveredOnDate","r:Steam","v:TobiiVer","v:TrendMicroVer","r:UninstallActive","l:UpdateManagementGroup","a:UpgEx_RS3","a:UpgEx_RS4","a:UpgEx_RS5","a:Version_RS5","risableWUfBOfferBlock","a:UpgEx_19H1","a:SdbVer_19H1","a:GStatus_19H1","a:GStatus_19H1Setup","a:TimestampEpochString_19H1Setup","a:GenTelRunTimestamp_19H1","aataExpDateEpoch_19H1","u:EnableWUfBUpgradeGates","r:GStatusBlockIDs_All","TimestampDelta_19H1Subtract19H1Setup","DataExpDateDelta_19H1Subtract19H1Setup","aataExpDateEpoch_19H1Setup","a:TimestampEpochString_19H1","r:IsContainerMgrInstalled","r:IsWDAGEnabled","r:MTPTargetingInfo","r:EKB19H2InstallCount","r:EKB19H2UnInstallCount","r:EKB19H2InstallTimeEpoch","r:EKB19H2UnInstallTimeEpoch","r:BlockEdgeWithChromiumUpdate","r:IsWDATPEnabled","r:IsAutopilotRegistered","r:EdgeWithChromiumInstallVersion","r:EdgeWithChromiumInstallFailureCount","r:IsEdgeWithChromiumInstalled","r:KioskMode","c:IsCloudDomainJoined","c:IsDomainJoined","aataExpDateEpoch_20H1","aataExpDateEpoch_20H1Setup","a:GStatus_20H1","a:GStatus_20H1Setup","a:SdbVer_20H1","a:TimestampEpochString_20H1","a:TimestampEpochString_20H1Setup","DataExpDateDelta_20H1Subtract20H1Setup","TimestampDelta_20H1Subtract20H1Setup","a:UpgEx_20H1","r:AutopilotUpdateInProgress","r:UHSEnrolled","r:HotPatchEKBInstalled","r:LCUVer","c:isCommercial","c:ActivationChannel","c:IsMDMEnrolled","c:SCCMClientID","r:ChinaTypeApproval_CTA","pesiredOcpVersion","r:UpgradeEligible","r:AllowInPlaceUpgrade","r:SH_SIPolicyCleanup","r:FeatureUpdateDeadline","aataExpDateEpoch_21H1","a:UpgEx_CO21H2","a:GStatus_21H1","DataExpDateDelta_21H1Subtract20H1Setup","TimestampDelta_21H1Subtract20H1Setup","a:TimestampEpochString_21H1","r:OEMSubModel","crocessorModel","c:TPMVersion","r:StayOnWindows10Timestamp","a:GStatus_CO21H2Setup","TimestampDelta_CO21H2SubtractCO21H2Setup","DataExpDateDelta_CO21H2SubtractCO21H2Setup","a:TimestampEpochString_CO21H2Setup","aataExpDateEpoch_CO21H2Setup","a:TimestampEpochString_CO21H2","aataExpDateEpoch_CO21H2","a:GStatus_CO21H2","p:SetPolicyDrivenUpdateSourceForFeatureUpdates","rchuNvidiaGrfxVenTest","aataExpDateDelta_21H2Subtract20H1Setup","a:TimestampEpochString_21H2","a:TimestampDelta_21H2Subtract20H1Setup","a:GStatus_21H2","aataExpDateEpoch_21H2","rSS_Enrolled_DF","r:UpgradeAccepted","r:SetupDisplayedEulaVersion","crocessorCores","crocessorClockSpeed","c:TotalPhysicalRAM","c:SecureBootCapable","crimaryDiskTotalCapacity","r:BitDefenderInstalledKey","r:BroadcomInstalledKey","v:CrowdStrikeInstalledVer","r:QihooInstalledKey","r:Win11UpgradeAcceptedTimestamp","a:UpgEx_NI22H2","r:OobeNdupAcceptedTarget","r:OobeNdupFU22621CommitChoice","aataExpDateEpoch_NI22H2","a:GStatus_NI22H2","a:GStatus_NI22H2Setup","a:TimestampEpochString_NI22H2Setup","TimestampDelta_NI22H2SubtractNI22H2Setup","DataExpDateDelta_NI22H2SubtractNI22H2Setup","aataExpDateEpoch_NI22H2Setup","a:TimestampEpochString_NI22H2","r:IsVbsEnabled","r:FODRetryPending","r:UserInPlaceUpgrade","v:HidparseDriversVer","v:HidparseSystem32Ver","v:HidparseSystem32Ver1","r:CIOptin","r:FlightingOptOutState","p:WSUSconfigured_csp","a:UpgEx_NI22H2Setup","a:UpgEx_CO21H2Setup","u:WUfBClientManaged","u:UpdateServiceUrl","u:AllowOptionalContent","FX_FlightIds","DL_OSVersion","r:ExpPkgs","r:UUSVersion","c:FlightIds","r:OobeNdupFUTarget","a:GStatus_NI23H2","aataExpDateEpoch_NI23H2","a:TimestampEpochString_NI23H2","DataExpDateDelta_NI23H2SubtractNI22H2Setup","TimestampDelta_NI23H2SubtractNI22H2Setup","r:LaunchUserOOBE","r:RobloxPlayer","r:RobloxStudio","c:VBSState","r:ARCHotpatchAttached_State","r:MDEWSLPluginReleaseRing","r:SystemGuard_Enabled","u:AdminOptedIntoRebootlessUpdates","r:LaunchOobeInEndUserSession","r:MDE4WSLPluginReleaseRing","r:AdminOptedIntoRebootlessUpdates_Server","r:IsRemoteDesktopSessionHost","a:UpgEx_GE24H2","s:IsA9CapablePC","a:UpgEx_GE24H2Setup","rroductType"],"_WU_PTI":["c:FrontFacingCameraResolution","c:RearFacingCameraResolution","c:TotalPhysicalRAM","c:NFCProximity","c:Magnetometer","c:Gyroscope","c3DMaxFeatureLevel","c:InternalPrimaryDisplayResolutionHorizontal","c:InternalPrimaryDisplayResolutionVetical"],"WU_STORE":["+_WU_COMMON","r:AppChannels","r:AppRMIDs","u:BranchReadinessLevel"]},"Required":["App","AppVer","AttrDataVer"],"Aliases":{"AccountFirstChar":"c:MSA_Accounts","aipc":"s:IsA9CapablePC","ChassisTypeId":"c:ChassisType","CX_FlightIds":"c:CX_FlightIds","DataExpDateDelta_19H1Subtract19H1Setup":"aataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup","DataExpDateDelta_20H1Subtract20H1Setup":"aataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup","DataExpDateDelta_21H1Subtract20H1Setup":"aataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup","DataExpDateDelta_CO21H2SubtractCO21H2Setup":"aataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup","DataExpDateDelta_NI22H2SubtractNI22H2Setup":"aataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup","DataExpDateDelta_NI23H2SubtractNI22H2Setup":"aataExpDateEpoch_NI23H2_Subtract_DataExpDateEpoch_NI22H2Setup","deviceClass":"DeviceFamily","deviceId":"t:LocalDeviceID","DeviceId":"t:LocalDeviceID","DL_OSVersion2":"DL_OSVersion","drgng":"rurableDeviceRegionGeo","DSS_Enrolled":"rSS_Enrolled_State","EdgeStableVersion":"r:EdgeStableVersion","expId":"c:FlightIds","FlightRing":"f:FlightRing","FX_FlightIds":"c:FlightIds","iepe":"g:IsCampaignEdgePromotionEnabled","iste":"g:IsCampaignSegmentTargetingEnabled","IsVM":"a:ISVM","IX_FlightIds":"c:FlightIds","locale":"c:OSUILocale","ms":"t:IsMsftOwned","MX_FlightIds":"c:FlightIds","OEMModel":"c:OEMModelNumber","oemname":"r:SystemManufacturer","OEMName_Uncleaned":"c:OEMManufacturerName","osVer":"t:OSVersionFull","OSVersionFull":"t:OSVersionFull","PhoneTargetingName":"c:OEMModelName","prccn":"crocessorCores","prccs":"crocessorClockSpeed","prcmf":"crocessorManufacturer","procm":"crocessorModel","ram":"c:TotalPhysicalRAM","ring":"f:FlightRing","sampleId":"topVal","sku":"t:OSSkuId","smbiosdm":"r:SystemProductName","TimestampDelta_19H1Subtract19H1Setup":"a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup","TimestampDelta_20H1Subtract20H1Setup":"a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup","TimestampDelta_21H1Subtract20H1Setup":"a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup","TimestampDelta_CO21H2SubtractCO21H2Setup":"a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup","TimestampDelta_NI22H2SubtractNI22H2Setup":"a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup","TimestampDelta_NI23H2SubtractNI22H2Setup":"a:TimestampEpochString_NI23H2_Subtract_TimestampEpochString_NI22H2Setup"},"Fallback":{"r:AhnlabInstalledKey":"r:AhnlabInstalledWowKey","r:AvastBlackScreen":"r:AvgBlackScreen","r:AvastInstalledKey":"r:AvastInstalledWowKey","r:AVGInstalledKey":"r:AVGInstalledWowKey","r:AviraInstalledKey":"r:AviraInstalledWowKey","a:Bios":"a:Bios_RS3","a:Bios_RS3":"a:Bios_RS4","a:Bios_RS4":"a:Bios_RS5","r:BlockFeatureUpdates":"r:BlockWUUpgrades","r:BlockWUUpgrades":"r:BlockWUUpgradesWow","r:BuildFID":"r:BuildFID_WCOS","r:BuildFID_WCOS":"r:BuildFID_WCOS2","r:BullguardInstalledKey":"v:BullguardInstalledVer","aataExpDateEpoch_CO21H2":"rataExpDateEpoch_CO21H2RegFb","rchuAmdGrfxVen":"rchuAmdGrfxVen2","rchuAmdGrfxVen2":"rchuAmdGrfxDeletePending","rchuIntelGrfxDeletePending":"rchuIntelGrfxNExists","rchuIntelGrfxVen":"rchuIntelGrfxVen2","rchuIntelGrfxVen2":"rchuIntelGrfxDeletePending","rchuNvidiaGrfxVen":"rchuNvidiaGrfxVen2","rchuNvidiaGrfxVen2":"rchuNvidiaGrfxDeletePending","DL_OSVersion":"OSVersion","rriverPartnerRing":"r:OSDataDriverPartnerRing","r:EdgeStableOPV_Native":"r:EdgeStablePV_Native","r:EdgeStablePV_WOW6432":"r:EdgeStableOPV_Native","r:EdgeStableVersion":"r:EdgeStablePV_WOW6432","r:EdgeWithChromiumInstallFailureCount":"r:EdgeWithChromiumInstallFailureCountWow","r:EdgeWithChromiumInstallVersion":"r:EdgeWithChromiumInstallVersionWow","u:EnableWUfBUpgradeGates":"r:EnableWUfBUpgradeGatesRS5","r:ESETInstalledKey":"r:ESETInstalledWowKey","r:ESTSecurityInstalledKey":"r:ESTSecurityInstalledWowKey","f:FlightingBranchName":"c:FlightingBranchName","a:Free":"a:Free_RS3","a:Free_RS3":"a:Free_RS4","a:Free_RS4":"a:Free_RS5","r:FSecureInstalledKey":"r:FSecureInstalledWowKey","a:GatedFeature_NI22H2":"r:Migrated_GatedFeature_NI22H2Setup","a:GStatus_CO21H2":"r:GStatus_CO21H2RegFb","HoloLens":"r:WindowsMixedReality","r:IsEdgeWithChromiumInstalled":"r:IsEdgeWithChromiumInstalledWow","a:ISVM":"a:ISVM_RS3","a:ISVM_RS3":"a:ISVM_RS4","a:ISVM_RS4":"a:ISVM_RS5","r:K7InstalledKey":"r:K7InstalledWowKey","r:KasperskyInstalledKey":"r:KasperskyInstalledWowKey","r:KingsoftInstalledKey":"r:KingsoftInstalledWowKey","r:LenovoInstalledKey":"r:LenovoInstalledWowKey","r:MalwarebytesInstalledKey":"r:MalwarebytesInstalledWowKey","r:McAfeeInstalledKey":"r:McAfeeInstalledWowKey","r:Migrated_GatedFeature_NI22H2Setup":"r:Migrated_GatedFeature_NI22H2","c:OEMModelBaseBoard":"r:OEMModelBaseBoard","randaInstalledKey":"randaInstalledWowKey","randaInstalledWowKey":"vandaInstalledVer","ronchAllow":"ronchAllowKey","ronchAllowKey":"ronchAllowWow","ronchAllowWow":"ronchAllowWowKey","r:QUDeadline":"r:QUDeadlineMDM","r:QuickhealInstalledKey1":"r:QuickhealInstalledKey2","r:SophosInstalledKey1":"r:SophosInstalledKey2","r:SymantecInstalledKey":"r:SymantecInstalledWowKey","v:SymantecVer":"v:SymantecVer64","u:TargetReleaseVersion":"r:TargetReleaseVersionGP","r:TargetReleaseVersionGP":"r:TargetReleaseVersionMDM","r:TencentInstalledKey":"r:TencentInstalledWowKey","r:ThreatTrackInstalledKey":"r:ThreatTrackInstalledWowKey","a:TimestampEpochString_CO21H2":"r:TimestampEpochString_CO21H2RegFb","v:TobiiVer":"v:TobiiVerx86","v:TobiiVerx86":"v:TobiiVer1x86","r:TrendInstalledKey":"r:TrendInstalledWowKey","r:TrendInstalledWowKey":"v:TrendInstalledVer","a:UpgEx_CO21H2":"r:UpgEx_CO21H2RegFb","r:UpgradeAccepted":"r:Win11UpgradeAcceptedWUSeeker","r:WebExperience":"r:WebExperienceWow","r:WebrootInstalledKey":"r:WebrootInstalledWowKey"},"Transform":{"AccountFirstChar":{"SubLength":1},"CX_FlightIds":{"Regex":"CX:[^,]*","RegexDelimiter":","},"FlightingOptOutState":{"Ignore":["0"]},"FX_FlightIds":{"Regex":"FX:[^,]*","RegexDelimiter":","},"IppPrinterBadDefaultPdc":{"Contains":"V4_No_ChangeID_Present"},"aipc":{"Ignore":["0"]},"IsDomainJoined":{"Ignore":["0"]},"IsHybridOrXGpu":{"Ignore":["0"]},"IsMsftOwned":{"Ignore":["0"]},"IsPortableOperatingSystem":{"Ignore":["0"]},"IsRemoteDesktopSessionHost":{"Contains":"ServerRdsh"},"IsTestLab":{"Ignore":["0"]},"IsVM":{"Ignore":["0"]},"IX_FlightIds":{"Regex":"IX:[^,]*","RegexDelimiter":","},"MX_FlightIds":{"Regex":"ME:[^,]*|MD:[^,]*","RegexDelimiter":","},"OEMModel":{"SubLength":100},"OEMName_Uncleaned":{"SubLength":100},"PausedFeatureStatus":{"Ignore":["0"]},"PausedQualityStatus":{"Ignore":["0"]},"PSAKyoceraInstalledName":{"Contains":"A97ECD55.KYOCERAPrintCenter"},"PSATATriumphInstalledName":{"Contains":"TATriumph-AdlerGmbH.TAUTAXPrintCenter"},"SMode":{"Ignore":["0"]},"StayOnWindows10Timestamp":{"SubLength":-3,"Ignore":[""]},"XeroxPsaInstalledName":{"Contains":"XeroxCorp.PrintExperience"}},"Registry":{"AADBrokerPluginNotRegistered":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered","IfExists":true},"ActiveHoursEnd":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"ActiveHoursEnd","RegValueType":"REG_DWORD"},"ActiveHoursStart":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"ActiveHoursStart","RegValueType":"REG_DWORD"},"AdminOptedIntoRebootlessUpdates_Server":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\Hotpatch\\Environment","ValueName":"AllowRebootlessUpdates","RegValueType":"REG_DWORD"},"AhnlabInstalledKey":{"FullPath":"SOFTWARE\\Ahnlab","IfExists":true},"AhnlabInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Ahnlab","IfExists":true},"AhnLabKeyboard":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt","ValueName":"NbTpMsExist"},"AllowInPlaceUpgrade":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"AllowInPlaceUpgrade","RegValueType":"REG_DWORD"},"AllowUpgradesWithUnsupportedTPMOrCPU":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\MoSetup","ValueName":"AllowUpgradesWithUnsupportedTPMOrCPU","RegValueType":"REG_DWORD"},"AndroidUserOptinValue":{"HKey":"HKEY_CURRENT_USER","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\","ValueName":"OptedIn","RegValueType":"REG_DWORD"},"AppChannels":{"FullPath":"SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*","ValueName":"ChannelId","EncodingType":"Json"},"AppRMIDs":{"FullPath":"SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*","ValueName":"ReleaseManagementId","EncodingType":"Json"},"ARCHotpatchAttached_State":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Azure Connected Machine Agent\\Windows\\Licenses\\Features\\Hotpatch","ValueName":"Subscription","RegValueType":"REG_DWORD"},"AutopilotUpdateInProgress":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate","ValueName":"AutopilotUpdateInProgress","RegValueType":"REG_DWORD"},"AvastBlackScreen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters","ValueName":"Win10-1803"},"AvastInstalledKey":{"FullPath":"SOFTWARE\\Avast Software\\Avast","IfExists":true},"AvastInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Avast Software\\Avast","IfExists":true},"AvastReg":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters","ValueName":"QualityCompat"},"AvgBlackScreen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters","ValueName":"Win10-1803"},"AVGInstalledKey":{"FullPath":"SOFTWARE\\AVG\\Antivirus","IfExists":true},"AVGInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\AVG\\Antivirus","IfExists":true},"AvgReg":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters","ValueName":"QualityCompat"},"AviraInstalledKey":{"FullPath":"SOFTWARE\\X-AVCSD\\Workstation\\Antivirus","IfExists":true},"AviraInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus","IfExists":true},"BitDefenderInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}","IfExists":true},"BlockEdgeWithChromiumUpdate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"DoNotUpdateToEdgeWithChromium","RegValueType":"REG_DWORD"},"BlockFeatureUpdates":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade","ValueName":"BlockFeatureUpdates","RegValueType":"REG_DWORD"},"BlockWUUpgrades":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile","ValueName":"BlockWUUpgrades","RegValueType":"REG_DWORD"},"BlockWUUpgradesWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile","ValueName":"BlockWUUpgrades","RegValueType":"REG_DWORD"},"BroadcomInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Symantec\\Symantec Endpoint Protection","IfExists":true},"BuildFID":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BuildFID_WCOS":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BuildFID_WCOS2":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BullguardInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard","IfExists":true},"BypassNRO":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"BypassNRO","RegValueType":"REG_DWORD"},"ChinaTypeApproval_CTA":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess","ValueName":"ActivePolicyCode","RegValueType":"REG_SZ"},"CIOptin":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"IsContinuousInnovationOptedIn","RegValueType":"REG_DWORD"},"CloudFilesFilter":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\","ValueName":"DefaultInstance","RegValueType":"REG_SZ"},"CurrentBranch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"BuildBranch","RegValueType":"REG_SZ"},"DataExpDateEpoch_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"DataExpDateEpoch","RegValueType":"REG_SZ"},"DaysSince19H1FUOffer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin","ValueName":"DaysSinceLastOffer","RegValueType":"REG_QWORD"},"DchuAmdGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","ValueName":"DriverDelete"},"DchuAmdGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","IfExists":true},"DchuAmdGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","ValueName":"DCHUVen"},"DchuAmdGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters","ValueName":"DCHUVen"},"DchuIntelGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","ValueName":"DriverDelete"},"DchuIntelGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","IfExists":true},"DchuIntelGrfxNExists":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfxn","IfExists":true},"DchuIntelGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","ValueName":"DCHUVen"},"DchuIntelGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters","ValueName":"DCHUVen"},"DchuNvidiaGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DriverDelete"},"DchuNvidiaGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","IfExists":true},"DchuNvidiaGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DCHUVen"},"DchuNvidiaGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters","ValueName":"DCHUVen"},"DchuNvidiaGrfxVenTest":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DCHUVenTest","RegValueType":"REG_DWORD"},"DefaultUserRegion":{"HKey":"HKEY_USERS","FullPath":".DEFAULT\\Control Panel\\International\\Geo","ValueName":"Nation","RegValueType":"REG_SZ"},"DeviceInfoGatherSuccessful":

 

More of the same log:

{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing","ValueName":"DeviceInfoGatherSuccessful","RegValueType":"REG_DWORD"},"DisableWUfBOfferBlock":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"DisableWUfBOfferBlock","RegValueType":"REG_DWORD"},"DisconnectedStandby":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\Power","ValueName":"EnforceDisconnectedStandby","RegValueType":"REG_DWORD"},"DotNetMissingComponentsTroubleshooterSuccess":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\.NETFramework","ValueName":"DotNetMissingComponentsTroubleshooterSuccess","RegValueType":"REG_DWORD"},"DriverPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\DriverFlighting\\Partner","ValueName":"TargetRing","RegValueType":"REG_SZ"},"DSS_Enrolled_DF":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\WindowsUpdate","ValueName":"WUfBDF","RegValueType":"REG_DWORD"},"DSS_Enrolled_State":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WufbDS","ValueName":"enrollmenttype","RegValueType":"REG_SZ"},"DUInternal":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\MoSetup","ValueName":"DynamicUpdateInternalTest","RegValueType":"REG_DWORD"},"DurableDeviceRegionGeo":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\DeviceRegion","ValueName":"DeviceRegion","RegValueType":"REG_DWORD"},"EdgeStableOPV_Native":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"opv","RegValueType":"REG_SZ"},"EdgeStablePV_Native":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"pv","RegValueType":"REG_SZ"},"EdgeStablePV_WOW6432":{"FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"pv","RegValueType":"REG_SZ"},"EdgeStableVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"opv","RegValueType":"REG_SZ"},"EdgeWithChromiumInstallFailureCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateAttempts"},"EdgeWithChromiumInstallFailureCountWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateAttempts"},"EdgeWithChromiumInstallVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateVersion"},"EdgeWithChromiumInstallVersionWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateVersion"},"EKB19H2InstallCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\2","ValueName":"Count"},"EKB19H2InstallTimeEpoch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\2","ValueName":"Timestamp"},"EKB19H2UnInstallCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\0","ValueName":"Count"},"EKB19H2UnInstallTimeEpoch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\0","ValueName":"Timestamp"},"EnableWUfBUpgradeGatesRS5":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0","ValueName":"DataRequireGatedScanForFeatureUpdates","RegValueType":"REG_DWORD"},"ESETInstalledKey":{"FullPath":"SOFTWARE\\ESET\\ESET Security","IfExists":true},"ESETInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\ESET\\ESET Security","IfExists":true},"EsetReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters","ValueName":"WindowsCompatibilityLevel","RegValueType":"REG_DWORD"},"ESTSecurityInstalledKey":{"FullPath":"SOFTWARE\\ESTsoft","IfExists":true},"ESTSecurityInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\ESTsoft","IfExists":true},"ExpPkgs":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability","ValueName":"ExpPkgs","RegValueType":"REG_SZ"},"ExpStates":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs","ValueName":"PreviewConfigs","RegValueType":"REG_SZ"},"FeatureUpdateDeadline":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\","ValueName":"ConfigureDeadlineForFeatureUpdates","RegValueType":"REG_DWORD"},"FlightContent":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability","ValueName":"ContentType","RegValueType":"REG_SZ"},"FlightingOptOutState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection","ValueName":"OptOutState","RegValueType":"REG_DWORD"},"FODRetryPending":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing","ValueName":"FODRetry","RegValueType":"REG_DWORD"},"FSecureInstalledKey":{"FullPath":"SOFTWARE\\F-Secure\\OneClient","IfExists":true},"FSecureInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\F-Secure\\OneClient","IfExists":true},"FSRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability","ValueName":"FSRing","RegValueType":"REG_SZ"},"GamingServicesInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\GamingServices","IfExists":true},"GridZoneName":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS","ValueName":"GridZoneName","RegValueType":"REG_SZ","PersistedSourceId":"COAWOSRoot"},"GStatus_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"GStatus","RegValueType":"REG_SZ"},"GStatusBlockIDs_All":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX","ValueName":"SdbEntries","RegValueType":"REG_SZ"},"HidOverGattReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll","ValueName":"Source","RegValueType":"REG_SZ"},"HotPatchEKBInstalled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64","IfExists":true},"IIS_ASPNET":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET","ValueName":"Selection","RegValueType":"REG_DWORD"},"IIS_NetFxExtensibility":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility","ValueName":"Selection","RegValueType":"REG_DWORD"},"InstallDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"InstallDate","RegValueType":"REG_DWORD"},"IntelPlatformId":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0","ValueName":"Platform Specific Field 1","RegValueType":"REG_DWORD"},"IppPrinterBadDefaultPdc":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData","ValueName":"V4_PDC_ChangeID","RegValueType":"REG_SZ","EncodingType":"Json"},"IsAutopilotRegistered":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache","ValueName":"ProfileAvailable","RegValueType":"REG_DWORD"},"IsFlightingEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability","ValueName":"IsBuildFlightingEnabled","RegValueType":"REG_DWORD"},"IsCHCapableBuild":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}","IfExists":true},"IsCldFltSyncRoots":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*","IfExists":true},"IsConfigMgrEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState","ValueName":"ConfigMgrEnabled","RegValueType":"REG_DWORD"},"IsContainerMgrInstalled":{"FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService","IfExists":true},"IsEdgeWithChromiumInstalled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"IsEdgeWithChromiumInstalledWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"IsFeedbackHubSelfhost":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost","IfExists":true},"IsFSOverlay":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\GlobMerger","ValueName":"IsEnabled","RegValueType":"REG_DWORD"},"IsHybridOrXGpu":{"FullPath":"SOFTWARE\\Microsoft\\DirectX","ValueName":"HybridDeviceApplicableForDxDbGpuPreferences"},"IsProcessorMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings","ValueName":"IsProcessorMode","RegValueType":"REG_QWORD"},"IsRemoteDesktopSessionHost":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"EditionID","RegValueType":"REG_SZ"},"IsSpotlightEnabledInOEMTheme":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes","ValueName":"WindowsSpotlight","RegValueType":"REG_DWORD"},"IsSpotlightThemeEnabledByOEM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization","ValueName":"WindowsSpotlightTheme","RegValueType":"REG_DWORD"},"IsVbsEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\ControlSet001\\Control\\DeviceGuard","ValueName":"EnableVirtualizationBasedSecurity","RegValueType":"REG_DWORD"},"IsWDAGEnabled":{"FullPath":"SYSTEM\\ControlSet001\\Services\\hvsics","IfExists":true},"IsWDATPEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status","ValueName":"OnboardingState"},"K7InstalledKey":{"FullPath":"SOFTWARE\\K7 Computing","IfExists":true},"K7InstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\K7 Computing","IfExists":true},"KasperskyInstalledKey":{"FullPath":"SOFTWARE\\KasperskyLab","IfExists":true},"KasperskyInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\KasperskyLab","IfExists":true},"KasperskyReg":{"FullPath":"System\\CurrentControlSet\\Services\\klhk\\Parameters","ValueName":"UseVtHardware"},"KingsoftInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security","IfExists":true},"KingsoftInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security","IfExists":true},"KioskMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount","ValueName":"ConfigSource","RegValueType":"REG_DWORD"},"KnownFoldersBackupStatus":{"HKey":"HKEY_CURRENT_USER","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus","ValueName":"OneDrive","RegValueType":"REG_SZ"},"LaunchOobeInEndUserSession":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"ContinueOobeInEnduserSession"},"LaunchUserOOBE":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"LaunchUserOOBE","RegValueType":"REG_DWORD"},"LCUVer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"LCUVer"},"LenovoInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1","IfExists":true},"LenovoInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1","IfExists":true},"MalwarebytesInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1","IfExists":true},"MalwarebytesInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1","IfExists":true},"McAfeeInstalledKey":{"FullPath":"SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams","IfExists":true},"McAfeeInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams","IfExists":true},"MDE4WSLPluginReleaseRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Microsoft Defender for Endpoint plug-in for WSL","ValueName":"ReleaseRing","RegValueType":"REG_SZ"},"MDEWSLPluginReleaseRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Lxss\\Plugins\\DefenderPlug-in","ValueName":"ReleaseRing","RegValueType":"REG_SZ"},"Migrated_GatedFeature_NI22H2":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2","ValueName":"GatedFeatureSingleString","RegValueType":"REG_SZ"},"Migrated_GatedFeature_NI22H2Setup":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup","ValueName":"GatedFeatureSingleString","RegValueType":"REG_SZ"},"MTPTargetingInfo":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Platform\\MTPTargetingInfo","ValueName":"TargetRing"},"NonSecurityUpdate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"NonSecurityRelease","RegValueType":"REG_DWORD"},"NPUEnabledDevice":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects","ValueName":"EffectsCameraAvailable","RegValueType":"REG_DWORD"},"OEMMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM","ValueName":"OOBEMode","RegValueType":"REG_SZ"},"OEMModelBaseBoard":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\BIOS","ValueName":"BaseBoardProduct","RegValueType":"REG_SZ"},"OemPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Platform\\DeviceTargetingInfo","ValueName":"TargetRing","RegValueType":"REG_SZ"},"OEMSubModel":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\BIOS","ValueName":"SystemSKU","RegValueType":"REG_SZ"},"OobeNdupAcceptedTarget":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates","ValueName":"Target","RegValueType":"REG_SZ"},"OobeNdupFU22621CommitChoice":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621","ValueName":"CommitChoice","RegValueType":"REG_DWORD"},"OobeNdupFUTarget":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22631","ValueName":"Target","RegValueType":"REG_SZ"},"OobeSeeker":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates","ValueName":"OOBEUpdateStarted"},"OSDataDriverPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner","ValueName":"TargetRing","RegValueType":"REG_SZ"},"OSRollbackBuild":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"BuildString","RegValueType":"REG_SZ"},"OSRollbackCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"Count","RegValueType":"REG_DWORD"},"OSRollbackDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"DateStamp","RegValueType":"REG_DWORD"},"PandaInstalledKey":{"FullPath":"SOFTWARE\\Panda Software\\Setup","IfExists":true},"PandaInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Panda Software\\Setup","IfExists":true},"PausedFeatureStatus":{"FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"PausedFeatureStatus"},"PausedQualityStatus":{"FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"PausedQualityStatus"},"PlayFabPartyRelay":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PlayFabPartyRelay","IfExists":true},"PonchAllow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"cadca5fe-87d3-4b96-b7fb-a231484277cc","RegValueType":"REG_DWORD"},"PonchAllowKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc","IfExists":true},"PonchAllowWow":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"cadca5fe-87d3-4b96-b7fb-a231484277cc"},"PonchAllowWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc","IfExists":true},"PonchBlock":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"65d75b03-6f4d-46e9-b870-517731e06cf9","RegValueType":"REG_DWORD"},"PreviewBuildsManagerEnabled":{"FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager","ValueName":"ArePreviewBuildsAllowed"},"ProductType":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\ProductOptions","ValueName":"ProductType"},"PSAKyoceraMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg","IfExists":true},"PSATATriumphMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y","IfExists":true},"PSAXeroxMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8","IfExists":true},"QihooInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity","IfExists":true},"QUDeadline":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"ConfigureDeadlineForQualityUpdates","RegValueType":"REG_DWORD"},"QUDeadlineMDM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update","ValueName":"ConfigureDeadlineForQualityUpdates","RegValueType":"REG_DWORD"},"QuickhealInstalledKey1":{"FullPath":"SYSTEM\\CurrentControlSet\\Servicescatflt","IfExists":true},"QuickhealInstalledKey2":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe","IfExists":true},"RecoveredFromBuild":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom","ValueName":"LastBuild","RegValueType":"REG_DWORD"},"RecoveredOnDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom","ValueName":"DateStamp","RegValueType":"REG_DWORD"},"ReleaseType":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo","ValueName":"ReleaseType","RegValueType":"REG_SZ"},"RobloxPlayer":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"roblox-player","RegValueType":"REG_SZ","IfExists":true},"RobloxStudio":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"roblox-studio","RegValueType":"REG_SZ","IfExists":true},"SetupDisplayedEulaVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\","ValueName":"SetupDisplayedEulaVersion","RegValueType":"REG_DWORD"},"SH_SIPolicyCleanup":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PPI\\Settings","ValueName":"SIPolicyCleanup","RegValueType":"REG_DWORD"},"SmartActiveHoursState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SmartActiveHoursState","RegValueType":"REG_DWORD"},"SophosInstalledKey1":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\SAVService","IfExists":true},"SophosInstalledKey2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc","IfExists":true},"StayOnWindows10Timestamp":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferDeclined","RegValueType":"REG_QWORD"},"Steam":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Classes\\Steam","ValueName":"","RegValueType":"REG_SZ"},"StrictHiveSecurityReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*","ValueName":"StrictHiveSecuritySet"},"SymantecInstalledKey":{"FullPath":"SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}","IfExists":true},"SymantecInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}","IfExists":true},"SystemGuard_Enabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios\\SystemGuard","ValueName":"Enabled","RegValueType":"REG_DWORD"},"SystemManufacturer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\SystemInformation","ValueName":"SystemManufacturer","RegValueType":"REG_SZ"},"SystemProductName":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\SystemInformation","ValueName":"SystemProductName","RegValueType":"REG_SZ"},"TargetReleaseVersionGP":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"TargetReleaseVersionInfo","RegValueType":"REG_SZ"},"TargetReleaseVersionMDM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update","ValueName":"TargetReleaseVersion","RegValueType":"REG_SZ"},"TenantId":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*","ValueName":"TenantId"},"TencentInstalledKey":{"FullPath":"SOFTWARE\\Tencent\\QQPCMgr","IfExists":true},"TencentInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr","IfExists":true},"TencentReg":{"FullPath":"SYSTEM\\CurrentControlSet\\services\\TesSafe","ValueName":"LoadStartTime"},"TencentType":{"FullPath":"SYSTEM\\CurrentControlSet\\services\\TesSafe","ValueName":"Type"},"TestRN":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON","ValueName":"TestRing"},"ThreatTrackInstalledKey":{"FullPath":"SOFTWARE\\SBAMSvc","IfExists":true},"ThreatTrackInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\SBAMSvc","IfExists":true},"TimestampEpochString_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"TimestampEpochString","RegValueType":"REG_SZ"},"TrendInstalledKey":{"FullPath":"SOFTWARE\\TrendMicro","IfExists":true},"TrendInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\TrendMicro","IfExists":true},"UHSEnrolled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"UHSEnrolled","RegValueType":"REG_SZ","IfExists":true},"UninstallActive":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"System\\Setup","ValueName":"UninstallActive","RegValueType":"REG_DWORD"},"UpdateOfferedDays":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\","ValueName":"UpToDateDays","RegValueType":"REG_DWORD"},"UpdatePreference":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"UpdatePreference","RegValueType":"REG_DWORD"},"UpgEx_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"UpgEx","RegValueType":"REG_SZ"},"UpgradeAccepted":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\","ValueName":"UpgradeAccepted","RegValueType":"REG_DWORD","IfExists":true},"UpgradeEligible":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"UpgradeEligible","RegValueType":"REG_DWORD"},"UserInPlaceUpgrade":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"UserInPlaceUpgrade","RegValueType":"REG_DWORD"},"UsoScanMitigation":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator\\Mitigation\\","ValueName":"UsoScanNotStartingMitigationCompleted","RegValueType":"REG_DWORD","IfExists":true},"UtcDataHandlingPolicies":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack","ValueName":"UtcDataHandlingPolicies","RegValueType":"REG_QWORD"},"UUSVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator","ValueName":"LastRunVersion","RegValueType":"REG_SZ"},"WAS_NetFxEnvironment":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment","ValueName":"Selection","RegValueType":"REG_DWORD"},"WCFHTTPActivationNotificationState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation","ValueName":"Selection","RegValueType":"REG_DWORD"},"WCFNonHTTPActivationNotificationState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation","ValueName":"Selection","RegValueType":"REG_DWORD"},"WebExperience":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"WebExperienceWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"WebrootInstalledKey":{"FullPath":"SOFTWARE\\WRData","IfExists":true},"WebrootInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\WRData","IfExists":true},"Win11UpgradeAcceptedTimestamp":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferAccepted","RegValueType":"REG_QWORD"},"Win11UpgradeAcceptedWUSeeker":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferAccepted","RegValueType":"REG_QWORD","IfExists":true},"WindowsAccountSyncConsentApplicable":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT","ValueName":"isApplicable","RegValueType":"REG_DWORD"},"WindowsAccountSyncConsentPromptAllowed":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT","ValueName":"isSystemInitiatedPromptAllowed","RegValueType":"REG_DWORD"},"WindowsAccountSyncConsentState":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT\\DATASHARING","ValueName":"isConsentAccepted","RegValueType":"REG_DWORD"},"WindowsMixedReality":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors","ValueName":"WdfMajorVersion","RegValueType":"REG_DWORD"},"WOSCEndpointsSupported":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent","ValueName":"EndpointsSupported","RegValueType":"REG_SZ"},"WSX_Runtime":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"ExperienceExtensions","RegValueType":"REG_SZ"},"WSX_Windows_AccountControl":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.AccountControl","RegValueType":"REG_SZ"},"WSX_Windows_AppSample":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.AppSample","RegValueType":"REG_SZ"},"WSX_Windows_Settings_Account":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.Settings.Account","RegValueType":"REG_SZ"},"WSX_Windows_Shell_Start":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.Shell.StartMenu","RegValueType":"REG_SZ"}},"FileInfo":{"AvastVer":{"Path":"\\system32\\Drivers\\aswVmm.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"AvgVer":{"Path":"\\system32\\Drivers\\avgVmm.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"BullguardInstalledVer":{"Path":"\\BullGuard Ltd\\BullGuard\\BullGuard.exe","IfExists":true,"FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CortanaAppVer":{"Path":"\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CortanaAppVerTest":{"Path":"\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CrowdStrikeInstalledVer":{"Path":"drivers\\CrowdStrike\\CSAgent.sys","IfExists":true,"FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"DmdHpControlPackageEnUs":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\en-US\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"DmdHpControlPackageMultiloc":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\multiloc\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"DmdHpControlPackageTr":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\tr\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"EsetVer":{"Path":"\\drivers\\ehdrv.sys","FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"FileExistsMscoreeDll":{"Path":"%windir%\\\\system32\\\\mscoree.dll","IfExists":true},"GDataInstalledVer":{"Path":"\\drivers\\MiniIcpt.sys","IfExists":true,"FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"HidparseDriversVer":{"Path":"%windir%\\system32\\drivers\\hidparse.sys"},"HidparseSystem32Ver":{"Path":"%windir%\\system32"},"HidparseSystem32Ver1":{"Path":"%windir%\\system32\\hidparse.sys"},"IsNotepadExePresent":{"Path":"%windir%\\system32\\notepad.exe","IfExists":true},"K7InstalledVer":{"Path":"\\K7 Computing","IfExists":true,"FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"KasperskyVer":{"Path":"\\system32\\Drivers\\klhk.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"OnnxruntimeVer":{"Path":"%windir%\\\\system32\\\\onnxruntime.dll"},"PandaInstalledVer":{"Path":"\\Panda Security","IfExists":true,"FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"SkypeRoomSystem":{"Path":"%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml","IfExists":true},"SymantecVer":{"Path":"\\Symantec\\Shared\\EENGINE\\eeCtrl.sys","FolderGuid":"{DE974D24-D9C6-4D3E-BF91-F4455120B917}"},"SymantecVer64":{"Path":"\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys","FolderGuid":"{DE974D24-D9C6-4D3E-BF91-F4455120B917}"},"TobiiVer":{"Path":"\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"TobiiVer1x86":{"Path":"\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"TobiiVerx86":{"Path":"\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"TrendInstalledVer":{"Path":"\\Trend Micro\\Titanium\\plugin\\plugVizor.dll","IfExists":true,"FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"TrendMicroVer":{"Path":"\\drivers\\TMUMH.sys","FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"WuClientVer":{"Path":"\\system32\\wuaueng.dll","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"XamlCbsActivationStore":{"Path":"%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat","IfExists":true},"XamlCbsActivationStoreArm64":{"Path":"%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat","IfExists":true}},"Licensing":{"UpdateManagementGroup":{"Name":"UpdatePolicy-UpdateManagementGroup"}},"UpdatePolicy":{"AdminOptedIntoRebootlessUpdates":{"PolicyEnum":59,"Enterprise":true},"AllowOptionalContent":{"PolicyEnum":58,"Enterprise":true},"BranchReadinessLevel":{"PolicyEnum":5,"Enterprise":true},"BranchReadinessLevelSource":{"PolicyEnum":5,"Enterprise":true,"UseSource":true},"DeferFeatureUpdatePeriodInDays":{"PolicyEnum":9,"Enterprise":true},"DeferQualityUpdatePeriodInDays":{"PolicyEnum":7,"Enterprise":true},"DisableDualScan":{"PolicyEnum":42,"Enterprise":true},"EnableWUfBUpgradeGates":{"PolicyEnum":51,"Enterprise":true},"TargetProductVersion":{"PolicyEnum":53,"Enterprise":true},"TargetReleaseVersion":{"PolicyEnum":50,"Enterprise":true},"UpdateServiceUrl":{"PolicyEnum":12},"WUfBClientManaged":{"PolicyEnum":32,"Enterprise":true}},"Policy":{"DesiredOcpVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"},"DesiredOsVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"},"DesiredSystemManifestVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"},"DucCustomPackageId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"},"DucDeviceModelId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"},"DucOemPartnerRing":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"},"DucPublisherId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"},"SetPolicyDrivenUpdateSourceForFeatureUpdates":{"LocUri":"./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"},"WSUSconfigured_csp":{"LocUri":"./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"}},"AppInfo":{"WidgetsAppVer":{"Name":"MicrosoftWindows.Client.WebExperience"}},"WMI":{"ElanFingerprintDriverVersion":{"Query":"SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'","Name":"DriverVersion","Timeout":2000},"FirstStorageSpaceDeviceId":{"Query":"SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'","Name":"DeviceID","Timeout":2000},"IIS_ASPNET_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'","Name":"InstallState","Timeout":2000},"IIS_NetFxExtensibility_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'","Name":"InstallState","Timeout":2000},"NetFx3State":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'","Name":"InstallState","Timeout":2000},"PSAKyoceraInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'","Name":"Name","Timeout":2000},"PSATATriumphInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'","Name":"Name","Timeout":2000},"WAS_NetFxEnvironment_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'","Name":"InstallState","Timeout":2000},"WCFHTTPActivationState":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'","Name":"InstallState","Timeout":2000},"WCFNonHTTPActivationState":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'","Name":"InstallState","Timeout":2000},"XeroxPsaInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'","Name":"Name","Timeout":2000}},"RegionPolicy":{"IsCampaignEdgePromotionEnabled":{"ForceEvaluate":false,"PolicyGUID":"{2BF706DE-6DBB-4692-B7EF-84D80C47E927}"},"IsCampaignSegmentTargetingEnabled":{"ForceEvaluate":false,"PolicyGUID":"{36996754-E327-483A-902F-523E2BA03239}"}}}"

 

The log continues:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributesVerified"="{"Version":383,"SchemaVersion":1,"PartA":["App","AppVer","AttrDataVer"],"Default":["DeviceFamily","f:FlightRing","t:OSVersionFull"],"PartB":{"ACSOVERRIDE":["OSArchitecture","c:IsAlwaysOnAlwaysConnectedCapable"],"APPTARGETEDFEATUREDB":["c:FlightingBranchName","f:FlightRing","t:OSVersionFull","DeviceFamily"],"CASSCLIENT":["OSVersion","c:OSEdition","f:FlightRing","c:OSUILocale","f:FlightingBranchName","r:OEMMode"],"CDM":["ChassisTypeId","r:CurrentBranch","DeviceFamily","f:FlightingBranchName","f:FlightRing","c:InstallLanguage","c:IsDomainJoined","t:IsTestLab","OEMModel","OSArchitecture","OSVersion","t:OSSkuId","crocessorIdentifier","c:TelemetryLevel","t:IsMsftOwned","t:WCOSProductId","c:OSUILocale","c:CommercialId","c:ActivationChannel","c:SCCMClientId","c:IsCloudDomainJoined","r:WebExperience","c:FlightIds","AccountFirstChar","r:WSX_Windows_Settings_Account","r:InstallDate","r:WSX_Runtime","refaultUserRegion","a:GatedFeature_NI22H2","r:WSX_Windows_Shell_Start","a:GatedFeature_CU23H2","r:ExpStates","n:MVVersion","r:CIOptin","crocessorCores","c:TotalPhysicalRAM","r:TestRN","u:UpdateServiceUrl","u:WUfBClientManaged","r:UUSVersion","DL_OSVersion","r:ExpPkgs","u:AllowOptionalContent","n:IsMicrosoftAAD","q:WidgetsAppVer","c:IsDeviceRetailDemo","r:IsFSOverlay","a:SdbVer_NI22H2","r:EdgeStableVersion","r:Migrated_GatedFeature_NI22H2Setup","a:SdbVer_21H2","a:GatedFeature_21H2","r:UtcDataHandlingPolicies","v:SkypeRoomSystem","r:BypassNRO","c:IsVirtualDevice"],"CDM_OS":["+CDM","c:FlightIds"],"COMPATLOGGER":["osVer","ring","deviceId"],"CONTENT_DELIVERY_MANAGER":["c:OSEdition","t:OSSkuId","c:OSUILocale","a:UpgEx_CO21H2","a:GStatus_CO21H2","aataExpDateEpoch_CO21H2","a:TimestampEpochString_CO21H2","r:AndroidUserOptinValue","f:FlightingBranchName","f:FlightRing","r:CurrentBranch","procm","r:NPUEnabledDevice","MX_FlightIds","r:KnownFoldersBackupStatus","c:IsDomainJoined","iepe","iste","drgng","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentPromptAllowed","aipc","ram","prccn","prccs","prcmf"],"CORTANA_GATEKEEPER":["r:CurrentBranch","f:FlightRing","f:IsRetailOS"],"CORTANAUWP":["c:OSUILocale","t:OSVersionFull","v:CortanaAppVer"],"CORTANAUWPTEST":["+CORTANAUWP","v:CortanaAppVerTest"],"CTAC":["+FSS"],"DDC":["+WU_STORE","+_WU_PTI"],"DXDB":["DeviceFamily","f:FlightRing","r:IsHybridOrXGpu","t:OSVersionFull","OSVersion"],"EDGE_SERVICEUI":["t:LocalDeviceID","t:LocalUserID"],"FCON":["+CDM"],"FSS":["rreviewBuildsManagerEnabled","f:BranchReadinessLevelRaw","u:BranchReadinessLevelSource","r:BuildFID","teviceFamily","DeviceId","c:EnablePreviewBuilds","f:FlightingPolicyValue","f:IsRetailOS","f:ManagePreviewBuilds","OSVersionFull","t:WCOSProductId","r:SmartActiveHoursState","r:ActiveHoursStart","r:ActiveHoursEnd","r:IsCHCapableBuild","r:FSRing","s:MaxShellVersion","s:MinShellVersion","c:TPMVersion","c:SecureBootCapable","crocessorClockSpeed","crocessorCores","c:TotalPhysicalRAM","t:SMode","c:SystemVolumeTotalCapacity","c:OEMManufacturerName","c:OEMModelNumber","a:ISVM","r:AllowUpgradesWithUnsupportedTPMOrCPU","r:IntelPlatformId","r:IsConfigMgrEnabled","f:IsFlightingEnabled","reviceInfoGatherSuccessful","c:IsVirtualDevice","r:OemPartnerRing","c:FlightingBranchName","a:UpgEx_CO21H2","a:UpgEx_NI22H2","a:UpgEx_GE24H2"],"FXIRISCLIENT":["+IRISCLIENT"],"GS":["t:OSSkuId","t:OSVersionFull","r:CurrentBranch","refaultUserRegion","DeviceFamily","c:FlightIds","f:FlightingBranchName","f:FlightRing","c:IsCloudDomainJoined","t:IsMsftOwned","f:IsRetailOS","c:OSUILocale","c:IsDomainJoined"],"IRISCLIENT":["+IRISCLIENTBASE","c:FlightIds"],"IRISCLIENTBASE":["DeviceFamily","OSVersion","t:OSSkuId","OSArchitecture","c:TelemetryLevel","f:FlightRing","f:FlightingBranchName","OEMModel","c:OSUILocale","c:OSEdition","r:CurrentBranch","t:WCOSProductId","c:InstallationType","r:InstallDate","c:IsDeviceRetailDemo","f:IsRetailOS","prccs","prccn","prcmf","ram","c3DMaxFeatureLevel","c:IsAlwaysOnAlwaysConnectedCapable","t:SMode","t:LocalUserID","r:AndroidUserOptinValue","procm","MX_FlightIds","a:UpgEx_CO21H2","r:KnownFoldersBackupStatus","c:OEMModelSystemFamily","OEMName_Uncleaned","r:IsSpotlightEnabledInOEMTheme","r:IsSpotlightThemeEnabledByOEM","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed","iepe","iste","drgng","aipc","oemname","smbiosdm"],"IRISCLIENTV2":["+IRISCLIENTBASE","IX_FlightIds"],"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE":["t:OSVersionFull","t:IsTestLab","f:FlightRing"],"MITIGATION":["teviceFamily","f:FlightRing","c:FlightIds","c:IsDomainJoined","t:IsMsftOwned","f:IsRetailOS","t:IsTestLab","IsVM","OEMModel","c:OSEdition","t:OSSkuId","t:OSVersionFull","c:OSUILocale","t:SMode","f:IsFlightingEnabled","c:FirmwareVersion","c:TelemetryLevel","f:FlightingBranchName","r:CurrentBranch","OSVersion","w:FirstStorageSpaceDeviceId","r:IsCldFltSyncRoots","c:OSInstallType","v:IsNotepadExePresent","r:StrictHiveSecurityReg","a:GatedBlockId_21H1","r:UpdateOfferedDays","r:UsoScanMitigation","r:GamingServicesInstalledKey","v:FileExistsMscoreeDll","w:NetFx3State","r:WCFHTTPActivationNotificationState","w:WCFHTTPActivationState","r:WCFNonHTTPActivationNotificationState","w:WCFNonHTTPActivationState","rotNetMissingComponentsTroubleshooterSuccess","r:IIS_ASPNET","w:IIS_ASPNET_WMI","r:IIS_NetFxExtensibility","w:IIS_NetFxExtensibility_WMI","r:WAS_NetFxEnvironment","w:WAS_NetFxEnvironment_WMI","v:XamlCbsActivationStore","v:XamlCbsActivationStoreArm64","v:OnnxruntimeVer","w:ElanFingerprintDriverVersion","r:AADBrokerPluginNotRegistered","r:TenantId","r:IppPrinterBadDefaultPdc","r:FlightingOptOutState","r:CloudFilesFilter","rSAKyoceraMissingDEH","rSATATriumphMissingDEH","rSAXeroxMissingDEH","wSAKyoceraInstalledName","wSATATriumphInstalledName","w:XeroxPsaInstalledName","vmdHpControlPackageEnUs","vmdHpControlPackageMultiloc","vmdHpControlPackageTr"],"MLMOD":["ChassisTypeId","teviceFamily","f:FlightingBranchName","f:FlightRing","f:IsRetailOS","t:OSSkuId","t:OSVersionFull","c:OSUILocale","OSVersion","c:TelemetryLevel","r:CurrentBranch","t:IsTestLab","crimaryDiskType","FX_FlightIds"],"MTP":["+_WU_OS_CORE"],"MUSE":["+_WU_FB","ChassisTypeId","deviceClass","deviceId","c:FlightIds","locale","ms","os","osVer","ring","sampleId","sku","raysSince19H1FUOffer","uisableDualScan","u:UpdateServiceUrl","c:CommercialId","f:FlightingBranchName","c:SystemVolumeTotalCapacity","c:IsAlwaysOnAlwaysConnectedCapable","crocessorCores","crimaryDiskType","c:TotalPhysicalRAM","crocessorClockSpeed","crocessorIdentifier","crocessorModel","c:ActivationChannel","c:IsCloudDomainJoined","c:isCommercial","c:IsDomainJoined","c:IsMDMEnrolled","c:SCCMClientID","r:OEMSubModel","c:OEMModelNumber","c:OEMManufacturerName","r:OobeSeeker","refaultUserRegion"],"NARRATORNNV":["+WU_STORE"],"NOISYHAMMER":["+WU_OS"],"PHS":["r:GridZoneName","OEMModel","c:OEMManufacturerName","c:OSUILocale","r:OEMSubModel","DeviceFamily"],"RULESENGINE":["c:OSEdition","t:OSSkuId","c:OSUILocale","a:UpgEx_CO21H2","a:GStatus_CO21H2","aataExpDateEpoch_CO21H2","a:TimestampEpochString_CO21H2","r:AndroidUserOptinValue","f:FlightingBranchName","f:FlightRing","r:CurrentBranch","crocessorModel","r:NPUEnabledDevice","MX_FlightIds","r:KnownFoldersBackupStatus","c:IsDomainJoined","r:WindowsAccountSyncConsentApplicable","r:WindowsAccountSyncConsentState","r:WindowsAccountSyncConsentPromptAllowed"],"RUXIM":["c:ActivationChannel","f:FlightRing","r:InstallDate","f:IsFlightingEnabled","a:ISVM","OEMModel","OSArchitecture","t:OSSkuId","c:SCCMClientID","r:SetupDisplayedEulaVersion","r:KioskMode","r:OobeSeeker","r:UninstallActive","c:OEMManufacturerName","r:OEMSubModel","c:OSUILocale"],"SEDIMENTPACK":["+WU_OS"],"SERVICEEXPERIENCES":["f:FlightingBranchName","f:FlightRing","s:MaxShellVersion","s:MinShellVersion","t:IsTestLab","c:TelemetryLevel","t:OSSkuId","r:CurrentBranch","OSVersion","DeviceFamily","r:WSX_Windows_Settings_Account","c:FlightIds","r:WSX_Runtime","r:WSX_Windows_Shell_Start","r:WSX_Windows_AppSample","r:WSX_Windows_AccountControl"],"SERVICING_CBS":["+WU","osVer"],"SETUP360":["t:OSSkuId","f:FlightRing"],"SMARTOPTOUT":["+CDM"],"STORAGEGROVELER":["a:Free","c:TelemetryLevel","f:FlightRing","f:IsFlightingEnabled","IsVM","t:OSVersionFull"],"UTC":["+UTC_STATIC","osVer","locale","ring","filotRing","f:IsRetailOS","ms","expId","t:SMode","f:FlightingBranchName","c:CommercialId","r:IsFeedbackHubSelfhost","c:AzureVMType","t:IsTestLab","c:TelemetryLevel","c:IsVirtualDevice","r:IsProcessorMode","r:UtcDataHandlingPolicies"],"UTC_STATIC":["os","deviceId","sampleId","deviceClass","sku","OEMModel","OEMName_Uncleaned","crimaryDiskType","crocessorModel","c:TotalPhysicalRAM"],"UUS":["OSVersion","f:FlightRing","t:IsTestLab","t:OSVersionFull","f:FlightingBranchName","r:CurrentBranch","f:IsFlightingEnabled"],"WAASASSESSMENT":["+WU_OS"],"WAASMEDIC":["os","osVer","ring","deviceClass","deviceId","locale","sku","c:ActivationChannel","c:CommercialId","r:CurrentBranch","f:FlightingBranchName","c:IsCloudDomainJoined","c:IsDomainJoined","t:IsTestLab","OSVersion","c:SCCMClientID","c:TelemetryLevel","r:FlightingOptOutState"],"WOSC":["teviceFamily","f:FlightRing","f:IsFlightingEnabled","t:IsMsftOwned","t:LocalDeviceID","t:OSSkuId","c:OSUILocale","t:OSVersionFull","c:TelemetryLevel","r:IsHybridOrXGpu","rlayFabPartyRelay","OSVersion","n:IsMicrosoftAAD","r:WOSCEndpointsSupported"],"WPSHIFT":["+MTP"],"WU":["+WU_OS","rUInternal"],"_WU_AV":["r:AvastReg","r:AvastBlackScreen","v:AvastVer","r:AvgReg","v:AvgVer","r:EsetReg","v:EsetVer","r:KasperskyReg","v:KasperskyVer","v:SymantecVer","r:TencentReg","r:TencentType","r:AhnlabInstalledKey","r:AvastInstalledKey","r:AVGInstalledKey","r:AviraInstalledKey","r:BullguardInstalledKey","r:ESETInstalledKey","r:ESTSecurityInstalledKey","r:FSecureInstalledKey","v:GDataInstalledVer","r:K7InstalledKey","r:KasperskyInstalledKey","r:KingsoftInstalledKey","r:LenovoInstalledKey","r:MalwarebytesInstalledKey","r:McAfeeInstalledKey","randaInstalledKey","r:QuickhealInstalledKey1","r:SophosInstalledKey1","r:SymantecInstalledKey","r:TencentInstalledKey","r:ThreatTrackInstalledKey","r:TrendInstalledKey","r:WebrootInstalledKey","v:K7InstalledVer"],"_WU_COMMON":["r:CurrentBranch","refaultUserRegion","DeviceFamily","rriverPartnerRing","r:FlightContent","f:FlightingBranchName","f:FlightRing","HoloLens","c:InstallationType","c:InstallLanguage","f:IsFlightingEnabled","r:IsFlightingEnabled","c:MobileOperatorCommercialized","OEMModel","OEMName_Uncleaned","r:OemPartnerRing","OSArchitecture","OSVersion","t:OSSkuId","c:OSUILocale","crocessorManufacturer","r:ReleaseType","v:SkypeRoomSystem","t:SMode","c:TelemetryLevel","r:WindowsMixedReality","v:WuClientVer","pucPublisherId","pucDeviceModelId","pucOemPartnerRing","pucCustomPackageId","pesiredOsVersion","pesiredSystemManifestVersion","r:TenantId"],"_WU_FB":["u:BranchReadinessLevel","ueferQualityUpdatePeriodInDays","ueferFeatureUpdatePeriodInDays","rausedFeatureStatus","rausedQualityStatus","u:TargetReleaseVersion","r:QUDeadline","r:UpdatePreference","r:UpdateOfferedDays","u:TargetProductVersion","DSS_Enrolled","r:NonSecurityUpdate","u:AdminOptedIntoRebootlessUpdates"],"WU_OS":["+_WU_OS_CORE","+_WU_FB"],"_WU_OS_CORE":["+_WU_COMMON","+_WU_AV","r:AhnLabKeyboard","a:Bios","r:BlockFeatureUpdates","c:CommercialId","aataVer_RS5","risconnectedStandby","rchuNvidiaGrfxExists","rchuNvidiaGrfxVen","rchuIntelGrfxExists","rchuIntelGrfxVen","rchuAmdGrfxExists","rchuAmdGrfxVen","c:FirmwareVersion","a:Free","a:GStatus_RS3","a:GStatus_RS4","a:GStatus_RS5","r:HidOverGattReg","r:InstallDate","c:IsDeviceRetailDemo","c:IsPortableOperatingSystem","IsVM","c:OEMModelBaseBoard","r:OobeSeeker","r:OSRollbackBuild","r:OSRollbackCount","r:OSRollbackDate","PhoneTargetingName","ronchAllow","ronchBlock","crocessorIdentifier","r:RecoveredFromBuild","r:RecoveredOnDate","r:Steam","v:TobiiVer","v:TrendMicroVer","r:UninstallActive","l:UpdateManagementGroup","a:UpgEx_RS3","a:UpgEx_RS4","a:UpgEx_RS5","a:Version_RS5","risableWUfBOfferBlock","a:UpgEx_19H1","a:SdbVer_19H1","a:GStatus_19H1","a:GStatus_19H1Setup","a:TimestampEpochString_19H1Setup","a:GenTelRunTimestamp_19H1","aataExpDateEpoch_19H1","u:EnableWUfBUpgradeGates","r:GStatusBlockIDs_All","TimestampDelta_19H1Subtract19H1Setup","DataExpDateDelta_19H1Subtract19H1Setup","aataExpDateEpoch_19H1Setup","a:TimestampEpochString_19H1","r:IsContainerMgrInstalled","r:IsWDAGEnabled","r:MTPTargetingInfo","r:EKB19H2InstallCount","r:EKB19H2UnInstallCount","r:EKB19H2InstallTimeEpoch","r:EKB19H2UnInstallTimeEpoch","r:BlockEdgeWithChromiumUpdate","r:IsWDATPEnabled","r:IsAutopilotRegistered","r:EdgeWithChromiumInstallVersion","r:EdgeWithChromiumInstallFailureCount","r:IsEdgeWithChromiumInstalled","r:KioskMode","c:IsCloudDomainJoined","c:IsDomainJoined","aataExpDateEpoch_20H1","aataExpDateEpoch_20H1Setup","a:GStatus_20H1","a:GStatus_20H1Setup","a:SdbVer_20H1","a:TimestampEpochString_20H1","a:TimestampEpochString_20H1Setup","DataExpDateDelta_20H1Subtract20H1Setup","TimestampDelta_20H1Subtract20H1Setup","a:UpgEx_20H1","r:AutopilotUpdateInProgress","r:UHSEnrolled","r:HotPatchEKBInstalled","r:LCUVer","c:isCommercial","c:ActivationChannel","c:IsMDMEnrolled","c:SCCMClientID","r:ChinaTypeApproval_CTA","pesiredOcpVersion","r:UpgradeEligible","r:AllowInPlaceUpgrade","r:SH_SIPolicyCleanup","r:FeatureUpdateDeadline","aataExpDateEpoch_21H1","a:UpgEx_CO21H2","a:GStatus_21H1","DataExpDateDelta_21H1Subtract20H1Setup","TimestampDelta_21H1Subtract20H1Setup","a:TimestampEpochString_21H1","r:OEMSubModel","crocessorModel","c:TPMVersion","r:StayOnWindows10Timestamp","a:GStatus_CO21H2Setup","TimestampDelta_CO21H2SubtractCO21H2Setup","DataExpDateDelta_CO21H2SubtractCO21H2Setup","a:TimestampEpochString_CO21H2Setup","aataExpDateEpoch_CO21H2Setup","a:TimestampEpochString_CO21H2","aataExpDateEpoch_CO21H2","a:GStatus_CO21H2","p:SetPolicyDrivenUpdateSourceForFeatureUpdates","rchuNvidiaGrfxVenTest","aataExpDateDelta_21H2Subtract20H1Setup","a:TimestampEpochString_21H2","a:TimestampDelta_21H2Subtract20H1Setup","a:GStatus_21H2","aataExpDateEpoch_21H2","rSS_Enrolled_DF","r:UpgradeAccepted","r:SetupDisplayedEulaVersion","crocessorCores","crocessorClockSpeed","c:TotalPhysicalRAM","c:SecureBootCapable","crimaryDiskTotalCapacity","r:BitDefenderInstalledKey","r:BroadcomInstalledKey","v:CrowdStrikeInstalledVer","r:QihooInstalledKey","r:Win11UpgradeAcceptedTimestamp","a:UpgEx_NI22H2","r:OobeNdupAcceptedTarget","r:OobeNdupFU22621CommitChoice","aataExpDateEpoch_NI22H2","a:GStatus_NI22H2","a:GStatus_NI22H2Setup","a:TimestampEpochString_NI22H2Setup","TimestampDelta_NI22H2SubtractNI22H2Setup","DataExpDateDelta_NI22H2SubtractNI22H2Setup","aataExpDateEpoch_NI22H2Setup","a:TimestampEpochString_NI22H2","r:IsVbsEnabled","r:FODRetryPending","r:UserInPlaceUpgrade","v:HidparseDriversVer","v:HidparseSystem32Ver","v:HidparseSystem32Ver1","r:CIOptin","r:FlightingOptOutState","p:WSUSconfigured_csp","a:UpgEx_NI22H2Setup","a:UpgEx_CO21H2Setup","u:WUfBClientManaged","u:UpdateServiceUrl","u:AllowOptionalContent","FX_FlightIds","DL_OSVersion","r:ExpPkgs","r:UUSVersion","c:FlightIds","r:OobeNdupFUTarget","a:GStatus_NI23H2","aataExpDateEpoch_NI23H2","a:TimestampEpochString_NI23H2","DataExpDateDelta_NI23H2SubtractNI22H2Setup","TimestampDelta_NI23H2SubtractNI22H2Setup","r:LaunchUserOOBE","r:RobloxPlayer","r:RobloxStudio","c:VBSState","r:ARCHotpatchAttached_State","r:MDEWSLPluginReleaseRing","r:SystemGuard_Enabled","u:AdminOptedIntoRebootlessUpdates","r:LaunchOobeInEndUserSession","r:MDE4WSLPluginReleaseRing","r:AdminOptedIntoRebootlessUpdates_Server","r:IsRemoteDesktopSessionHost","a:UpgEx_GE24H2","s:IsA9CapablePC","a:UpgEx_GE24H2Setup","rroductType"],"_WU_PTI":["c:FrontFacingCameraResolution","c:RearFacingCameraResolution","c:TotalPhysicalRAM","c:NFCProximity","c:Magnetometer","c:Gyroscope","c3DMaxFeatureLevel","c:InternalPrimaryDisplayResolutionHorizontal","c:InternalPrimaryDisplayResolutionVetical"],"WU_STORE":["+_WU_COMMON","r:AppChannels","r:AppRMIDs","u:BranchReadinessLevel"]},"Required":["App","AppVer","AttrDataVer"],"Aliases":{"AccountFirstChar":"c:MSA_Accounts","aipc":"s:IsA9CapablePC","ChassisTypeId":"c:ChassisType","CX_FlightIds":"c:CX_FlightIds","DataExpDateDelta_19H1Subtract19H1Setup":"aataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup","DataExpDateDelta_20H1Subtract20H1Setup":"aataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup","DataExpDateDelta_21H1Subtract20H1Setup":"aataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup","DataExpDateDelta_CO21H2SubtractCO21H2Setup":"aataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup","DataExpDateDelta_NI22H2SubtractNI22H2Setup":"aataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup","DataExpDateDelta_NI23H2SubtractNI22H2Setup":"aataExpDateEpoch_NI23H2_Subtract_DataExpDateEpoch_NI22H2Setup","deviceClass":"DeviceFamily","deviceId":"t:LocalDeviceID","DeviceId":"t:LocalDeviceID","DL_OSVersion2":"DL_OSVersion","drgng":"rurableDeviceRegionGeo","DSS_Enrolled":"rSS_Enrolled_State","EdgeStableVersion":"r:EdgeStableVersion","expId":"c:FlightIds","FlightRing":"f:FlightRing","FX_FlightIds":"c:FlightIds","iepe":"g:IsCampaignEdgePromotionEnabled","iste":"g:IsCampaignSegmentTargetingEnabled","IsVM":"a:ISVM","IX_FlightIds":"c:FlightIds","locale":"c:OSUILocale","ms":"t:IsMsftOwned","MX_FlightIds":"c:FlightIds","OEMModel":"c:OEMModelNumber","oemname":"r:SystemManufacturer","OEMName_Uncleaned":"c:OEMManufacturerName","osVer":"t:OSVersionFull","OSVersionFull":"t:OSVersionFull","PhoneTargetingName":"c:OEMModelName","prccn":"crocessorCores","prccs":"crocessorClockSpeed","prcmf":"crocessorManufacturer","procm":"crocessorModel","ram":"c:TotalPhysicalRAM","ring":"f:FlightRing","sampleId":"topVal","sku":"t:OSSkuId","smbiosdm":"r:SystemProductName","TimestampDelta_19H1Subtract19H1Setup":"a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup","TimestampDelta_20H1Subtract20H1Setup":"a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup","TimestampDelta_21H1Subtract20H1Setup":"a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup","TimestampDelta_CO21H2SubtractCO21H2Setup":"a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup","TimestampDelta_NI22H2SubtractNI22H2Setup":"a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup","TimestampDelta_NI23H2SubtractNI22H2Setup":"a:TimestampEpochString_NI23H2_Subtract_TimestampEpochString_NI22H2Setup"},"Fallback":{"r:AhnlabInstalledKey":"r:AhnlabInstalledWowKey","r:AvastBlackScreen":"r:AvgBlackScreen","r:AvastInstalledKey":"r:AvastInstalledWowKey","r:AVGInstalledKey":"r:AVGInstalledWowKey","r:AviraInstalledKey":"r:AviraInstalledWowKey","a:Bios":"a:Bios_RS3","a:Bios_RS3":"a:Bios_RS4","a:Bios_RS4":"a:Bios_RS5","r:BlockFeatureUpdates":"r:BlockWUUpgrades","r:BlockWUUpgrades":"r:BlockWUUpgradesWow","r:BuildFID":"r:BuildFID_WCOS","r:BuildFID_WCOS":"r:BuildFID_WCOS2","r:BullguardInstalledKey":"v:BullguardInstalledVer","aataExpDateEpoch_CO21H2":"rataExpDateEpoch_CO21H2RegFb","rchuAmdGrfxVen":"rchuAmdGrfxVen2","rchuAmdGrfxVen2":"rchuAmdGrfxDeletePending","rchuIntelGrfxDeletePending":"rchuIntelGrfxNExists","rchuIntelGrfxVen":"rchuIntelGrfxVen2","rchuIntelGrfxVen2":"rchuIntelGrfxDeletePending","rchuNvidiaGrfxVen":"rchuNvidiaGrfxVen2","rchuNvidiaGrfxVen2":"rchuNvidiaGrfxDeletePending","DL_OSVersion":"OSVersion","rriverPartnerRing":"r:OSDataDriverPartnerRing","r:EdgeStableOPV_Native":"r:EdgeStablePV_Native","r:EdgeStablePV_WOW6432":"r:EdgeStableOPV_Native","r:EdgeStableVersion":"r:EdgeStablePV_WOW6432","r:EdgeWithChromiumInstallFailureCount":"r:EdgeWithChromiumInstallFailureCountWow","r:EdgeWithChromiumInstallVersion":"r:EdgeWithChromiumInstallVersionWow","u:EnableWUfBUpgradeGates":"r:EnableWUfBUpgradeGatesRS5","r:ESETInstalledKey":"r:ESETInstalledWowKey","r:ESTSecurityInstalledKey":"r:ESTSecurityInstalledWowKey","f:FlightingBranchName":"c:FlightingBranchName","a:Free":"a:Free_RS3","a:Free_RS3":"a:Free_RS4","a:Free_RS4":"a:Free_RS5","r:FSecureInstalledKey":"r:FSecureInstalledWowKey","a:GatedFeature_NI22H2":"r:Migrated_GatedFeature_NI22H2Setup","a:GStatus_CO21H2":"r:GStatus_CO21H2RegFb","HoloLens":"r:WindowsMixedReality","r:IsEdgeWithChromiumInstalled":"r:IsEdgeWithChromiumInstalledWow","a:ISVM":"a:ISVM_RS3","a:ISVM_RS3":"a:ISVM_RS4","a:ISVM_RS4":"a:ISVM_RS5","r:K7InstalledKey":"r:K7InstalledWowKey","r:KasperskyInstalledKey":"r:KasperskyInstalledWowKey","r:KingsoftInstalledKey":"r:KingsoftInstalledWowKey","r:LenovoInstalledKey":"r:LenovoInstalledWowKey","r:MalwarebytesInstalledKey":"r:MalwarebytesInstalledWowKey","r:McAfeeInstalledKey":"r:McAfeeInstalledWowKey","r:Migrated_GatedFeature_NI22H2Setup":"r:Migrated_GatedFeature_NI22H2","c:OEMModelBaseBoard":"r:OEMModelBaseBoard","randaInstalledKey":"randaInstalledWowKey","randaInstalledWowKey":"vandaInstalledVer","ronchAllow":"ronchAllowKey","ronchAllowKey":"ronchAllowWow","ronchAllowWow":"ronchAllowWowKey","r:QUDeadline":"r:QUDeadlineMDM","r:QuickhealInstalledKey1":"r:QuickhealInstalledKey2","r:SophosInstalledKey1":"r:SophosInstalledKey2","r:SymantecInstalledKey":"r:SymantecInstalledWowKey","v:SymantecVer":"v:SymantecVer64","u:TargetReleaseVersion":"r:TargetReleaseVersionGP","r:TargetReleaseVersionGP":"r:TargetReleaseVersionMDM","r:TencentInstalledKey":"r:TencentInstalledWowKey","r:ThreatTrackInstalledKey":"r:ThreatTrackInstalledWowKey","a:TimestampEpochString_CO21H2":"r:TimestampEpochString_CO21H2RegFb","v:TobiiVer":"v:TobiiVerx86","v:TobiiVerx86":"v:TobiiVer1x86","r:TrendInstalledKey":"r:TrendInstalledWowKey","r:TrendInstalledWowKey":"v:TrendInstalledVer","a:UpgEx_CO21H2":"r:UpgEx_CO21H2RegFb","r:UpgradeAccepted":"r:Win11UpgradeAcceptedWUSeeker","r:WebExperience":"r:WebExperienceWow","r:WebrootInstalledKey":"r:WebrootInstalledWowKey"},"Transform":{"AccountFirstChar":{"SubLength":1},"CX_FlightIds":{"Regex":"CX:[^,]*","RegexDelimiter":","},"FlightingOptOutState":{"Ignore":["0"]},"FX_FlightIds":{"Regex":"FX:[^,]*","RegexDelimiter":","},"IppPrinterBadDefaultPdc":{"Contains":"V4_No_ChangeID_Present"},"aipc":{"Ignore":["0"]},"IsDomainJoined":{"Ignore":["0"]},"IsHybridOrXGpu":{"Ignore":["0"]},"IsMsftOwned":{"Ignore":["0"]},"IsPortableOperatingSystem":{"Ignore":["0"]},"IsRemoteDesktopSessionHost":{"Contains":"ServerRdsh"},"IsTestLab":{"Ignore":["0"]},"IsVM":{"Ignore":["0"]},"IX_FlightIds":{"Regex":"IX:[^,]*","RegexDelimiter":","},"MX_FlightIds":{"Regex":"ME:[^,]*|MD:[^,]*","RegexDelimiter":","},"OEMModel":{"SubLength":100},"OEMName_Uncleaned":{"SubLength":100},"PausedFeatureStatus":{"Ignore":["0"]},"PausedQualityStatus":{"Ignore":["0"]},"PSAKyoceraInstalledName":{"Contains":"A97ECD55.KYOCERAPrintCenter"},"PSATATriumphInstalledName":{"Contains":"TATriumph-AdlerGmbH.TAUTAXPrintCenter"},"SMode":{"Ignore":["0"]},"StayOnWindows10Timestamp":{"SubLength":-3,"Ignore":[""]},"XeroxPsaInstalledName":{"Contains":"XeroxCorp.PrintExperience"}},"Registry":{"AADBrokerPluginNotRegistered":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered","IfExists":true},"ActiveHoursEnd":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"ActiveHoursEnd","RegValueType":"REG_DWORD"},"ActiveHoursStart":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"ActiveHoursStart","RegValueType":"REG_DWORD"},"AdminOptedIntoRebootlessUpdates_Server":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\Hotpatch\\Environment","ValueName":"AllowRebootlessUpdates","RegValueType":"REG_DWORD"},"AhnlabInstalledKey":{"FullPath":"SOFTWARE\\Ahnlab","IfExists":true},"AhnlabInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Ahnlab","IfExists":true},"AhnLabKeyboard":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt","ValueName":"NbTpMsExist"},"AllowInPlaceUpgrade":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"AllowInPlaceUpgrade","RegValueType":"REG_DWORD"},"AllowUpgradesWithUnsupportedTPMOrCPU":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\MoSetup","ValueName":"AllowUpgradesWithUnsupportedTPMOrCPU","RegValueType":"REG_DWORD"},"AndroidUserOptinValue":{"HKey":"HKEY_CURRENT_USER","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\","ValueName":"OptedIn","RegValueType":"REG_DWORD"},"AppChannels":{"FullPath":"SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*","ValueName":"ChannelId","EncodingType":"Json"},"AppRMIDs":{"FullPath":"SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*","ValueName":"ReleaseManagementId","EncodingType":"Json"},"ARCHotpatchAttached_State":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Azure Connected Machine Agent\\Windows\\Licenses\\Features\\Hotpatch","ValueName":"Subscription","RegValueType":"REG_DWORD"},"AutopilotUpdateInProgress":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate","ValueName":"AutopilotUpdateInProgress","RegValueType":"REG_DWORD"},"AvastBlackScreen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters","ValueName":"Win10-1803"},"AvastInstalledKey":{"FullPath":"SOFTWARE\\Avast Software\\Avast","IfExists":true},"AvastInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Avast Software\\Avast","IfExists":true},"AvastReg":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters","ValueName":"QualityCompat"},"AvgBlackScreen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters","ValueName":"Win10-1803"},"AVGInstalledKey":{"FullPath":"SOFTWARE\\AVG\\Antivirus","IfExists":true},"AVGInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\AVG\\Antivirus","IfExists":true},"AvgReg":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters","ValueName":"QualityCompat"},"AviraInstalledKey":{"FullPath":"SOFTWARE\\X-AVCSD\\Workstation\\Antivirus","IfExists":true},"AviraInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus","IfExists":true},"BitDefenderInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}","IfExists":true},"BlockEdgeWithChromiumUpdate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"DoNotUpdateToEdgeWithChromium","RegValueType":"REG_DWORD"},"BlockFeatureUpdates":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade","ValueName":"BlockFeatureUpdates","RegValueType":"REG_DWORD"},"BlockWUUpgrades":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile","ValueName":"BlockWUUpgrades","RegValueType":"REG_DWORD"},"BlockWUUpgradesWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile","ValueName":"BlockWUUpgrades","RegValueType":"REG_DWORD"},"BroadcomInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Symantec\\Symantec Endpoint Protection","IfExists":true},"BuildFID":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BuildFID_WCOS":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BuildFID_WCOS2":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build","ValueName":"EsdFlightData","RegValueType":"REG_SZ"},"BullguardInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard","IfExists":true},"BypassNRO":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"BypassNRO","RegValueType":"REG_DWORD"},"ChinaTypeApproval_CTA":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess","ValueName":"ActivePolicyCode","RegValueType":"REG_SZ"},"CIOptin":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"IsContinuousInnovationOptedIn","RegValueType":"REG_DWORD"},"CloudFilesFilter":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\","ValueName":"DefaultInstance","RegValueType":"REG_SZ"},"CurrentBranch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"BuildBranch","RegValueType":"REG_SZ"},"DataExpDateEpoch_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"DataExpDateEpoch","RegValueType":"REG_SZ"},"DaysSince19H1FUOffer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin","ValueName":"DaysSinceLastOffer","RegValueType":"REG_QWORD"},"DchuAmdGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","ValueName":"DriverDelete"},"DchuAmdGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","IfExists":true},"DchuAmdGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag","ValueName":"DCHUVen"},"DchuAmdGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters","ValueName":"DCHUVen"},"DchuIntelGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","ValueName":"DriverDelete"},"DchuIntelGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","IfExists":true},"DchuIntelGrfxNExists":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfxn","IfExists":true},"DchuIntelGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx","ValueName":"DCHUVen"},"DchuIntelGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters","ValueName":"DCHUVen"},"DchuNvidiaGrfxDeletePending":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DriverDelete"},"DchuNvidiaGrfxExists":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","IfExists":true},"DchuNvidiaGrfxVen":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DCHUVen"},"DchuNvidiaGrfxVen2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters","ValueName":"DCHUVen"},"DchuNvidiaGrfxVenTest":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\nvlddmkm","ValueName":"DCHUVenTest","RegValueType":"REG_DWORD"},"DefaultUserRegion":{"HKey":"HKEY_USERS","FullPath":".DEFAULT\\Control Panel\\International\\Geo","ValueName":"Nation","RegValueType":"REG_SZ"},"DeviceInfoGatherSuccessful":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing","ValueName":"DeviceInfoGatherSuccessful","RegValueType":"REG_DWORD"},"DisableWUfBOfferBlock":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"DisableWUfBOfferBlock","RegValueType":"REG_DWORD"},"DisconnectedStandby":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\Power","ValueName":"EnforceDisconnectedStandby","RegValueType":"REG_DWORD"},"DotNetMissingComponentsTroubleshooterSuccess":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\.NETFramework","ValueName":"DotNetMissingComponentsTroubleshooterSuccess","RegValueType":"REG_DWORD"},"DriverPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\DriverFlighting\\Partner","ValueName":"TargetRing","RegValueType":"REG_SZ"},"DSS_Enrolled_DF":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\WindowsUpdate","ValueName":"WUfBDF","RegValueType":"REG_DWORD"},"DSS_Enrolled_State":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WufbDS","ValueName":"enrollmenttype","RegValueType":"REG_SZ"},"DUInternal":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\MoSetup","ValueName":"DynamicUpdateInternalTest","RegValueType":"REG_DWORD"},"DurableDeviceRegionGeo":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\DeviceRegion","ValueName":"DeviceRegion","RegValueType":"REG_DWORD"},"EdgeStableOPV_Native":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"opv","RegValueType":"REG_SZ"},"EdgeStablePV_Native":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"pv","RegValueType":"REG_SZ"},"EdgeStablePV_WOW6432":{"FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"pv","RegValueType":"REG_SZ"},"EdgeStableVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","ValueName":"opv","RegValueType":"REG_SZ"},"EdgeWithChromiumInstallFailureCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateAttempts"},"EdgeWithChromiumInstallFailureCountWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateAttempts"},"EdgeWithChromiumInstallVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateVersion"},"EdgeWithChromiumInstallVersionWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate","ValueName":"WindowsUpdateVersion"},"EKB19H2InstallCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\2","ValueName":"Count"},"EKB19H2InstallTimeEpoch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\2","ValueName":"Timestamp"},"EKB19H2UnInstallCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\0","ValueName":"Count"},"EKB19H2UnInstallTimeEpoch":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Setup\\FeatureStaging\\20455539\\0","ValueName":"Timestamp"},"EnableWUfBUpgradeGatesRS5":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0","ValueName":"DataRequireGatedScanForFeatureUpdates","RegValueType":"REG_DWORD"},"ESETInstalledKey":{"FullPath":"SOFTWARE\\ESET\\ESET Security","IfExists":true},"ESETInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\ESET\\ESET Security","IfExists":true},"EsetReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters","ValueName":"WindowsCompatibilityLevel","RegValueType":"REG_DWORD"},"ESTSecurityInstalledKey":{"FullPath":"SOFTWARE\\ESTsoft","IfExists":true},"ESTSecurityInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\ESTsoft","IfExists":true},"ExpPkgs":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability","ValueName":"ExpPkgs","RegValueType":"REG_SZ"},"ExpStates":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs","ValueName":"PreviewConfigs","RegValueType":"REG_SZ"},"FeatureUpdateDeadline":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\","ValueName":"ConfigureDeadlineForFeatureUpdates","RegValueType":"REG_DWORD"},"FlightContent":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability","ValueName":"ContentType","RegValueType":"REG_SZ"},"FlightingOptOutState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection","ValueName":"OptOutState","RegValueType":"REG_DWORD"},"FODRetryPending":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing","ValueName":"FODRetry","RegValueType":"REG_DWORD"},"FSecureInstalledKey":{"FullPath":"SOFTWARE\\F-Secure\\OneClient","IfExists":true},"FSecureInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\F-Secure\\OneClient","IfExists":true},"FSRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability","ValueName":"FSRing","RegValueType":"REG_SZ"},"GamingServicesInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Services\\GamingServices","IfExists":true},"GridZoneName":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS","ValueName":"GridZoneName","RegValueType":"REG_SZ","PersistedSourceId":"COAWOSRoot"},"GStatus_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"GStatus","RegValueType":"REG_SZ"},"GStatusBlockIDs_All":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX","ValueName":"SdbEntries","RegValueType":"REG_SZ"},"HidOverGattReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot

 

Here's the last of it:

%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll","ValueName":"Source","RegValueType":"REG_SZ"},"HotPatchEKBInstalled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64","IfExists":true},"IIS_ASPNET":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET","ValueName":"Selection","RegValueType":"REG_DWORD"},"IIS_NetFxExtensibility":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility","ValueName":"Selection","RegValueType":"REG_DWORD"},"InstallDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"InstallDate","RegValueType":"REG_DWORD"},"IntelPlatformId":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0","ValueName":"Platform Specific Field 1","RegValueType":"REG_DWORD"},"IppPrinterBadDefaultPdc":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData","ValueName":"V4_PDC_ChangeID","RegValueType":"REG_SZ","EncodingType":"Json"},"IsAutopilotRegistered":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache","ValueName":"ProfileAvailable","RegValueType":"REG_DWORD"},"IsFlightingEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability","ValueName":"IsBuildFlightingEnabled","RegValueType":"REG_DWORD"},"IsCHCapableBuild":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}","IfExists":true},"IsCldFltSyncRoots":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*","IfExists":true},"IsConfigMgrEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState","ValueName":"ConfigMgrEnabled","RegValueType":"REG_DWORD"},"IsContainerMgrInstalled":{"FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService","IfExists":true},"IsEdgeWithChromiumInstalled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"IsEdgeWithChromiumInstalledWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"IsFeedbackHubSelfhost":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost","IfExists":true},"IsFSOverlay":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\GlobMerger","ValueName":"IsEnabled","RegValueType":"REG_DWORD"},"IsHybridOrXGpu":{"FullPath":"SOFTWARE\\Microsoft\\DirectX","ValueName":"HybridDeviceApplicableForDxDbGpuPreferences"},"IsProcessorMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings","ValueName":"IsProcessorMode","RegValueType":"REG_QWORD"},"IsRemoteDesktopSessionHost":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"EditionID","RegValueType":"REG_SZ"},"IsSpotlightEnabledInOEMTheme":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes","ValueName":"WindowsSpotlight","RegValueType":"REG_DWORD"},"IsSpotlightThemeEnabledByOEM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization","ValueName":"WindowsSpotlightTheme","RegValueType":"REG_DWORD"},"IsVbsEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\ControlSet001\\Control\\DeviceGuard","ValueName":"EnableVirtualizationBasedSecurity","RegValueType":"REG_DWORD"},"IsWDAGEnabled":{"FullPath":"SYSTEM\\ControlSet001\\Services\\hvsics","IfExists":true},"IsWDATPEnabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status","ValueName":"OnboardingState"},"K7InstalledKey":{"FullPath":"SOFTWARE\\K7 Computing","IfExists":true},"K7InstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\K7 Computing","IfExists":true},"KasperskyInstalledKey":{"FullPath":"SOFTWARE\\KasperskyLab","IfExists":true},"KasperskyInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\KasperskyLab","IfExists":true},"KasperskyReg":{"FullPath":"System\\CurrentControlSet\\Services\\klhk\\Parameters","ValueName":"UseVtHardware"},"KingsoftInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security","IfExists":true},"KingsoftInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security","IfExists":true},"KioskMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount","ValueName":"ConfigSource","RegValueType":"REG_DWORD"},"KnownFoldersBackupStatus":{"HKey":"HKEY_CURRENT_USER","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus","ValueName":"OneDrive","RegValueType":"REG_SZ"},"LaunchOobeInEndUserSession":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"ContinueOobeInEnduserSession"},"LaunchUserOOBE":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\OOBE","ValueName":"LaunchUserOOBE","RegValueType":"REG_DWORD"},"LCUVer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"LCUVer"},"LenovoInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1","IfExists":true},"LenovoInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1","IfExists":true},"MalwarebytesInstalledKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1","IfExists":true},"MalwarebytesInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1","IfExists":true},"McAfeeInstalledKey":{"FullPath":"SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams","IfExists":true},"McAfeeInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams","IfExists":true},"MDE4WSLPluginReleaseRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Microsoft Defender for Endpoint plug-in for WSL","ValueName":"ReleaseRing","RegValueType":"REG_SZ"},"MDEWSLPluginReleaseRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Lxss\\Plugins\\DefenderPlug-in","ValueName":"ReleaseRing","RegValueType":"REG_SZ"},"Migrated_GatedFeature_NI22H2":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2","ValueName":"GatedFeatureSingleString","RegValueType":"REG_SZ"},"Migrated_GatedFeature_NI22H2Setup":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup","ValueName":"GatedFeatureSingleString","RegValueType":"REG_SZ"},"MTPTargetingInfo":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Platform\\MTPTargetingInfo","ValueName":"TargetRing"},"NonSecurityUpdate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"NonSecurityRelease","RegValueType":"REG_DWORD"},"NPUEnabledDevice":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects","ValueName":"EffectsCameraAvailable","RegValueType":"REG_DWORD"},"OEMMode":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM","ValueName":"OOBEMode","RegValueType":"REG_SZ"},"OEMModelBaseBoard":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\BIOS","ValueName":"BaseBoardProduct","RegValueType":"REG_SZ"},"OemPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\Platform\\DeviceTargetingInfo","ValueName":"TargetRing","RegValueType":"REG_SZ"},"OEMSubModel":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"HARDWARE\\DESCRIPTION\\System\\BIOS","ValueName":"SystemSKU","RegValueType":"REG_SZ"},"OobeNdupAcceptedTarget":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates","ValueName":"Target","RegValueType":"REG_SZ"},"OobeNdupFU22621CommitChoice":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621","ValueName":"CommitChoice","RegValueType":"REG_DWORD"},"OobeNdupFUTarget":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22631","ValueName":"Target","RegValueType":"REG_SZ"},"OobeSeeker":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates","ValueName":"OOBEUpdateStarted"},"OSDataDriverPartnerRing":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner","ValueName":"TargetRing","RegValueType":"REG_SZ"},"OSRollbackBuild":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"BuildString","RegValueType":"REG_SZ"},"OSRollbackCount":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"Count","RegValueType":"REG_DWORD"},"OSRollbackDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback","ValueName":"DateStamp","RegValueType":"REG_DWORD"},"PandaInstalledKey":{"FullPath":"SOFTWARE\\Panda Software\\Setup","IfExists":true},"PandaInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Panda Software\\Setup","IfExists":true},"PausedFeatureStatus":{"FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"PausedFeatureStatus"},"PausedQualityStatus":{"FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings","ValueName":"PausedQualityStatus"},"PlayFabPartyRelay":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PlayFabPartyRelay","IfExists":true},"PonchAllow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"cadca5fe-87d3-4b96-b7fb-a231484277cc","RegValueType":"REG_DWORD"},"PonchAllowKey":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc","IfExists":true},"PonchAllowWow":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"cadca5fe-87d3-4b96-b7fb-a231484277cc"},"PonchAllowWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc","IfExists":true},"PonchBlock":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat","ValueName":"65d75b03-6f4d-46e9-b870-517731e06cf9","RegValueType":"REG_DWORD"},"PreviewBuildsManagerEnabled":{"FullPath":"SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager","ValueName":"ArePreviewBuildsAllowed"},"ProductType":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\ProductOptions","ValueName":"ProductType"},"PSAKyoceraMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg","IfExists":true},"PSATATriumphMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y","IfExists":true},"PSAXeroxMissingDEH":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8","IfExists":true},"QihooInstalledKey":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity","IfExists":true},"QUDeadline":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"ConfigureDeadlineForQualityUpdates","RegValueType":"REG_DWORD"},"QUDeadlineMDM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update","ValueName":"ConfigureDeadlineForQualityUpdates","RegValueType":"REG_DWORD"},"QuickhealInstalledKey1":{"FullPath":"SYSTEM\\CurrentControlSet\\Servicescatflt","IfExists":true},"QuickhealInstalledKey2":{"FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe","IfExists":true},"RecoveredFromBuild":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom","ValueName":"LastBuild","RegValueType":"REG_DWORD"},"RecoveredOnDate":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom","ValueName":"DateStamp","RegValueType":"REG_DWORD"},"ReleaseType":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo","ValueName":"ReleaseType","RegValueType":"REG_SZ"},"RobloxPlayer":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"roblox-player","RegValueType":"REG_SZ","IfExists":true},"RobloxStudio":{"HKey":"HKEY_CLASSES_ROOT","FullPath":"roblox-studio","RegValueType":"REG_SZ","IfExists":true},"SetupDisplayedEulaVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\","ValueName":"SetupDisplayedEulaVersion","RegValueType":"REG_DWORD"},"SH_SIPolicyCleanup":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PPI\\Settings","ValueName":"SIPolicyCleanup","RegValueType":"REG_DWORD"},"SmartActiveHoursState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SmartActiveHoursState","RegValueType":"REG_DWORD"},"SophosInstalledKey1":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\SAVService","IfExists":true},"SophosInstalledKey2":{"FullPath":"SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc","IfExists":true},"StayOnWindows10Timestamp":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferDeclined","RegValueType":"REG_QWORD"},"Steam":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Classes\\Steam","ValueName":"","RegValueType":"REG_SZ"},"StrictHiveSecurityReg":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*","ValueName":"StrictHiveSecuritySet"},"SymantecInstalledKey":{"FullPath":"SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}","IfExists":true},"SymantecInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}","IfExists":true},"SystemGuard_Enabled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios\\SystemGuard","ValueName":"Enabled","RegValueType":"REG_DWORD"},"SystemManufacturer":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\SystemInformation","ValueName":"SystemManufacturer","RegValueType":"REG_SZ"},"SystemProductName":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\SystemInformation","ValueName":"SystemProductName","RegValueType":"REG_SZ"},"TargetReleaseVersionGP":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"TargetReleaseVersionInfo","RegValueType":"REG_SZ"},"TargetReleaseVersionMDM":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update","ValueName":"TargetReleaseVersion","RegValueType":"REG_SZ"},"TenantId":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*","ValueName":"TenantId"},"TencentInstalledKey":{"FullPath":"SOFTWARE\\Tencent\\QQPCMgr","IfExists":true},"TencentInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr","IfExists":true},"TencentReg":{"FullPath":"SYSTEM\\CurrentControlSet\\services\\TesSafe","ValueName":"LoadStartTime"},"TencentType":{"FullPath":"SYSTEM\\CurrentControlSet\\services\\TesSafe","ValueName":"Type"},"TestRN":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON","ValueName":"TestRing"},"ThreatTrackInstalledKey":{"FullPath":"SOFTWARE\\SBAMSvc","IfExists":true},"ThreatTrackInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\SBAMSvc","IfExists":true},"TimestampEpochString_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"TimestampEpochString","RegValueType":"REG_SZ"},"TrendInstalledKey":{"FullPath":"SOFTWARE\\TrendMicro","IfExists":true},"TrendInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\TrendMicro","IfExists":true},"UHSEnrolled":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion","ValueName":"UHSEnrolled","RegValueType":"REG_SZ","IfExists":true},"UninstallActive":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"System\\Setup","ValueName":"UninstallActive","RegValueType":"REG_DWORD"},"UpdateOfferedDays":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\","ValueName":"UpToDateDays","RegValueType":"REG_DWORD"},"UpdatePreference":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate","ValueName":"UpdatePreference","RegValueType":"REG_DWORD"},"UpgEx_CO21H2RegFb":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2","ValueName":"UpgEx","RegValueType":"REG_SZ"},"UpgradeAccepted":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\","ValueName":"UpgradeAccepted","RegValueType":"REG_DWORD","IfExists":true},"UpgradeEligible":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"UpgradeEligible","RegValueType":"REG_DWORD"},"UserInPlaceUpgrade":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion","ValueName":"UserInPlaceUpgrade","RegValueType":"REG_DWORD"},"UsoScanMitigation":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator\\Mitigation\\","ValueName":"UsoScanNotStartingMitigationCompleted","RegValueType":"REG_DWORD","IfExists":true},"UtcDataHandlingPolicies":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack","ValueName":"UtcDataHandlingPolicies","RegValueType":"REG_QWORD"},"UUSVersion":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator","ValueName":"LastRunVersion","RegValueType":"REG_SZ"},"WAS_NetFxEnvironment":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment","ValueName":"Selection","RegValueType":"REG_DWORD"},"WCFHTTPActivationNotificationState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation","ValueName":"Selection","RegValueType":"REG_DWORD"},"WCFNonHTTPActivationNotificationState":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation","ValueName":"Selection","RegValueType":"REG_DWORD"},"WebExperience":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"WebExperienceWow":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}","IfExists":true},"WebrootInstalledKey":{"FullPath":"SOFTWARE\\WRData","IfExists":true},"WebrootInstalledWowKey":{"FullPath":"SOFTWARE\\WOW6432Node\\WRData","IfExists":true},"Win11UpgradeAcceptedTimestamp":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferAccepted","RegValueType":"REG_QWORD"},"Win11UpgradeAcceptedWUSeeker":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings","ValueName":"SvOfferAccepted","RegValueType":"REG_QWORD","IfExists":true},"WindowsAccountSyncConsentApplicable":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT","ValueName":"isApplicable","RegValueType":"REG_DWORD"},"WindowsAccountSyncConsentPromptAllowed":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT","ValueName":"isSystemInitiatedPromptAllowed","RegValueType":"REG_DWORD"},"WindowsAccountSyncConsentState":{"HKey":"HKEY_CURRENT_USER","FullPath":"Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT\\DATASHARING","ValueName":"isConsentAccepted","RegValueType":"REG_DWORD"},"WindowsMixedReality":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors","ValueName":"WdfMajorVersion","RegValueType":"REG_DWORD"},"WOSCEndpointsSupported":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent","ValueName":"EndpointsSupported","RegValueType":"REG_SZ"},"WSX_Runtime":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"ExperienceExtensions","RegValueType":"REG_SZ"},"WSX_Windows_AccountControl":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.AccountControl","RegValueType":"REG_SZ"},"WSX_Windows_AppSample":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.AppSample","RegValueType":"REG_SZ"},"WSX_Windows_Settings_Account":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.Settings.Account","RegValueType":"REG_SZ"},"WSX_Windows_Shell_Start":{"HKey":"HKEY_LOCAL_MACHINE","FullPath":"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC","ValueName":"Windows.Shell.StartMenu","RegValueType":"REG_SZ"}},"FileInfo":{"AvastVer":{"Path":"\\system32\\Drivers\\aswVmm.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"AvgVer":{"Path":"\\system32\\Drivers\\avgVmm.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"BullguardInstalledVer":{"Path":"\\BullGuard Ltd\\BullGuard\\BullGuard.exe","IfExists":true,"FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CortanaAppVer":{"Path":"\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CortanaAppVerTest":{"Path":"\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"CrowdStrikeInstalledVer":{"Path":"drivers\\CrowdStrike\\CSAgent.sys","IfExists":true,"FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"DmdHpControlPackageEnUs":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\en-US\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"DmdHpControlPackageMultiloc":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\multiloc\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"DmdHpControlPackageTr":{"Path":"%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\tr\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml","IfExists":true},"EsetVer":{"Path":"\\drivers\\ehdrv.sys","FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"FileExistsMscoreeDll":{"Path":"%windir%\\\\system32\\\\mscoree.dll","IfExists":true},"GDataInstalledVer":{"Path":"\\drivers\\MiniIcpt.sys","IfExists":true,"FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"HidparseDriversVer":{"Path":"%windir%\\system32\\drivers\\hidparse.sys"},"HidparseSystem32Ver":{"Path":"%windir%\\system32"},"HidparseSystem32Ver1":{"Path":"%windir%\\system32\\hidparse.sys"},"IsNotepadExePresent":{"Path":"%windir%\\system32\\notepad.exe","IfExists":true},"K7InstalledVer":{"Path":"\\K7 Computing","IfExists":true,"FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"KasperskyVer":{"Path":"\\system32\\Drivers\\klhk.sys","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"OnnxruntimeVer":{"Path":"%windir%\\\\system32\\\\onnxruntime.dll"},"PandaInstalledVer":{"Path":"\\Panda Security","IfExists":true,"FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"SkypeRoomSystem":{"Path":"%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml","IfExists":true},"SymantecVer":{"Path":"\\Symantec\\Shared\\EENGINE\\eeCtrl.sys","FolderGuid":"{DE974D24-D9C6-4D3E-BF91-F4455120B917}"},"SymantecVer64":{"Path":"\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys","FolderGuid":"{DE974D24-D9C6-4D3E-BF91-F4455120B917}"},"TobiiVer":{"Path":"\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"TobiiVer1x86":{"Path":"\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"TobiiVerx86":{"Path":"\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe","FolderGuid":"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"},"TrendInstalledVer":{"Path":"\\Trend Micro\\Titanium\\plugin\\plugVizor.dll","IfExists":true,"FolderGuid":"{905E63B6-C1BF-494E-B29C-65B732D3D21A}"},"TrendMicroVer":{"Path":"\\drivers\\TMUMH.sys","FolderGuid":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"},"WuClientVer":{"Path":"\\system32\\wuaueng.dll","FolderGuid":"{F38BF404-1D43-42F2-9305-67DE0B28FC23}"},"XamlCbsActivationStore":{"Path":"%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat","IfExists":true},"XamlCbsActivationStoreArm64":{"Path":"%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat","IfExists":true}},"Licensing":{"UpdateManagementGroup":{"Name":"UpdatePolicy-UpdateManagementGroup"}},"UpdatePolicy":{"AdminOptedIntoRebootlessUpdates":{"PolicyEnum":59,"Enterprise":true},"AllowOptionalContent":{"PolicyEnum":58,"Enterprise":true},"BranchReadinessLevel":{"PolicyEnum":5,"Enterprise":true},"BranchReadinessLevelSource":{"PolicyEnum":5,"Enterprise":true,"UseSource":true},"DeferFeatureUpdatePeriodInDays":{"PolicyEnum":9,"Enterprise":true},"DeferQualityUpdatePeriodInDays":{"PolicyEnum":7,"Enterprise":true},"DisableDualScan":{"PolicyEnum":42,"Enterprise":true},"EnableWUfBUpgradeGates":{"PolicyEnum":51,"Enterprise":true},"TargetProductVersion":{"PolicyEnum":53,"Enterprise":true},"TargetReleaseVersion":{"PolicyEnum":50,"Enterprise":true},"UpdateServiceUrl":{"PolicyEnum":12},"WUfBClientManaged":{"PolicyEnum":32,"Enterprise":true}},"Policy":{"DesiredOcpVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"},"DesiredOsVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"},"DesiredSystemManifestVersion":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"},"DucCustomPackageId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"},"DucDeviceModelId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"},"DucOemPartnerRing":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"},"DucPublisherId":{"LocUri":"./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"},"SetPolicyDrivenUpdateSourceForFeatureUpdates":{"LocUri":"./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"},"WSUSconfigured_csp":{"LocUri":"./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"}},"AppInfo":{"WidgetsAppVer":{"Name":"MicrosoftWindows.Client.WebExperience"}},"WMI":{"ElanFingerprintDriverVersion":{"Query":"SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'","Name":"DriverVersion","Timeout":2000},"FirstStorageSpaceDeviceId":{"Query":"SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'","Name":"DeviceID","Timeout":2000},"IIS_ASPNET_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'","Name":"InstallState","Timeout":2000},"IIS_NetFxExtensibility_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'","Name":"InstallState","Timeout":2000},"NetFx3State":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'","Name":"InstallState","Timeout":2000},"PSAKyoceraInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'","Name":"Name","Timeout":2000},"PSATATriumphInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'","Name":"Name","Timeout":2000},"WAS_NetFxEnvironment_WMI":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'","Name":"InstallState","Timeout":2000},"WCFHTTPActivationState":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'","Name":"InstallState","Timeout":2000},"WCFNonHTTPActivationState":{"Query":"SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'","Name":"InstallState","Timeout":2000},"XeroxPsaInstalledName":{"Query":"SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'","Name":"Name","Timeout":2000}},"RegionPolicy":{"IsCampaignEdgePromotionEnabled":{"ForceEvaluate":false,"PolicyGUID":"{2BF706DE-6DBB-4692-B7EF-84D80C47E927}"},"IsCampaignSegmentTargetingEnabled":{"ForceEvaluate":false,"PolicyGUID":"{36996754-E327-483A-902F-523E2BA03239}"}}}"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de]

[HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de]


====== End of Search ======

 

Wow! Sorry about all that. Thanks for reading through it, I don't know how you do it!

 

Should I go ahead and reinstall avast, or since FRST found so much in the search do we need to do something else?

 

That's fine. I figured you needed the weekend off (I imagine your life doesn't revolve around my computer issues). Is there something I should be doing that I didn't so that you're notified?

The search log is attached. Thanks!

 

Wow, this sounds very complex. Is this still just to get the last bits of Avast off my computer? If so, can you explain why it is so difficult? I'm questioning the sanity of reinstalling Avast when we are done.

Also, I am very stupid about computers, honestly your instructions scared me a little bit. The first step says "If necessary, download Farbar Recover Scan Tool for 64 bit systems and save it to a USB device". How do I know if it is necessary? What are the odds of me making a mistake and destroying something?

Thanks

 

Thanks, you are very good at posting clear instructions. I'll print the instructions and give it a go.
The last three instructions are: Press Fix button, Click OK to restart your computer, A fixlog.txt file will be saved on the USB drive. Please attach it to your reply

So, I should leave the USB drive in their the whole time until it is restarted for the final time, right?
Once it is restarted this last time, is my computer back to normal or will I need to exit safe mode somehow? (will I be able to use this computer to come back here, or will I need a different one to get next steps?)

Thanks again.

 

Another question I forgot to ask: my recycle bin is getting pretty full, when I scroll through it seems to be particles from my smart defrag etc that we've been clearing out. Would emptying my recycle bin help things, or is it not a good idea until we're all done?

 

Okay, so I haven't done anything yet besides install FRST on a USB.

Now, to be clear, I should do what you most recently told me to do above in normal boot and post the fix log for that and wait for you to respond. This is to avoid a potential issue when I do the complex safe mode instructions you told me to print (and thus should be done first).

Right? I'm confused and will wait for a response before I proceed with anything.

Thanks again for your help.

 

That's fine. I've followed the steps in post 42, is this the right log? It has the right date and time, but is longer than I expected, and mentions Avast a lot. I hope it's right, it's a two parter again:

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2024
Ran by User (23-09-2024 23:09:13) Run:3
Running from C:\Users\User\Desktop
Loaded Profiles: User
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.cat
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.manifest
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.cat
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.manifest
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.cat
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.manifest
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.cat
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.manifest
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.cat
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.manifest
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.cat
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.manifest
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.cat
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.manifest
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.cat
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.manifest
C:\Windows\System32\Tasks_Migrated\Avast Emergency Update
C:\Users\User\Desktop\scans etc\Avast Free Antivirus.lnk
C:\Users\User\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\avast! Antivirus
C:\ProgramData\Intel\ShaderCache\AvastUI_0
C:\ProgramData\Intel\ShaderCache\AvastUI_1
C:\ProgramData\Intel\ShaderCache\AvastUI_2
C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16030.11001.20108.0_x86__8wekyb3d8bbwe\Office16\1060\DataServices\+NovaPovezavaStrežnikaSQL.odc
C:\Program Files\LibreOffice\share\config\soffice.cfg\cui\ui\javastartparametersdialog.ui
2020-09-27 10:19 - 2020-09-27 10:19 _____ C:\Windows\WinSxS\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5
2020-09-27 10:23 - 2020-09-27 10:23 _____ C:\Windows\WinSxS\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128
2020-09-27 10:28 - 2020-09-27 10:28 _____ C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb
2020-09-27 10:29 - 2020-09-27 10:29 _____ C:\Windows\WinSxS\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e
2019-08-14 12:05 - 2020-09-25 22:18 _____ C:\Windows\System32\Tasks_Migrated\Avast Software
2024-09-19 13:55 - 2024-09-19 13:55 _____ C:\Users\User\AppData\Roaming\Avast Software
2024-09-19 13:55 - 2024-09-19 13:55 _____ C:\Users\User\AppData\Roaming\Avast Software\Avast
2024-02-11 19:10 - 2024-02-11 19:10 _____ C:\Users\User\AppData\Local\Temp\_avast_
2018-11-22 13:39 - 2024-09-19 13:57 _____ C:\ProgramData\AVAST Software
2021-02-09 20:55 - 2021-02-10 11:07 _____ C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RNRYCGU\Avast
2021-02-09 21:26 - 2021-02-09 21:26 _____ C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RML15VM\Avast Antivirus
2021-02-09 21:26 - 2021-02-09 21:26 _____ C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RML15VM\Avast Antivirus with BCU
2021-02-09 21:26 - 2021-02-09 21:26 _____ C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RML15VM\Avast Driver Updater
2018-11-22 13:39 - 2024-09-19 13:52 _____ C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RA5WDIU\Avast
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software|DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|AvastUI.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies|x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-4161042128-27025238-194098315-1001|\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe
DeleteValue: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\286135bd_0|""
DeleteValue: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5a2e1c0b_0|""
DeleteValue: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8024366c_0|""
DeleteValue: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ec73648b_0|""
DeleteValue: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\User\Desktop\avast_free_antivirus_setup_online_cnet2.exe
DeleteValue: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Users\User\Desktop\avast_free_antivirus_setup_online.exe
DeleteValue: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MSPaint_8wekyb3d8bbwe\PersistedStorageItemTable\MostRecentlyUsed\{2752C3AB-9C4E-4926-9AC7-A1D4D602F6F4}|FilePath
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-2007.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-downloads.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-hq.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\download-avast.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\www.avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\telecharger-avast.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.mfc_fcc99ee6193ebbca_none_018be6966dc83925
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_eea141d5921f913b
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\com.avast.nativeproxy
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-2007.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-downloads.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-hq.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\download-avast.com
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\www.avast
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\telecharger-avast.com
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\aswbIDSAgent
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\avast! Antivirus
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AvastWscReporter
DeleteKey: HKEY_USERS\.DEFAULT\Software\Avast Software
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-2007.com
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-downloads.com
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-hq.com
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\download-avast.com
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\avast
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\www.avast
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\telecharger-avast.com
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\AVAST Software
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-2007.com
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-downloads.com
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-hq.com
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\download-avast.com
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\avast
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\www.avast
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\telecharger-avast.com
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\avast! Antivirus
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de
DeleteKey: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de
DeleteKey: HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de
cmd: bcdedit /deletevalue {default} safeboot
Reboot:

*****************

C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5.manifest => moved successfully
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128.manifest => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f.manifest => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.cat => moved successfully
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235.manifest => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.cat => moved successfully
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168.manifest => moved successfully
C:\Windows\System32\Tasks_Migrated\Avast Emergency Update => moved successfully
"C:\Users\User\Desktop\scans etc\Avast Free Antivirus.lnk" => not found
"C:\Users\User\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\avast! Antivirus" => not found
C:\ProgramData\Intel\ShaderCache\AvastUI_0 => moved successfully
C:\ProgramData\Intel\ShaderCache\AvastUI_1 => moved successfully
C:\ProgramData\Intel\ShaderCache\AvastUI_2 => moved successfully
C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16030.11001.20108.0_x86__8wekyb3d8bbwe\Office16\1060\DataServices\+NovaPovezavaStrežnikaSQL.odc => moved successfully
C:\Program Files\LibreOffice\share\config\soffice.cfg\cui\ui\javastartparametersdialog.ui => moved successfully

"C:\Windows\WinSxS\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5" Folder move:

C:\Windows\WinSxS\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5 => moved successfully

"C:\Windows\WinSxS\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128" Folder move:

C:\Windows\WinSxS\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128 => moved successfully

"C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb" Folder move:

C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb => moved successfully

"C:\Windows\WinSxS\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e" Folder move:

C:\Windows\WinSxS\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e => moved successfully

"C:\Windows\System32\Tasks_Migrated\Avast Software" Folder move:

C:\Windows\System32\Tasks_Migrated\Avast Software => moved successfully
"C:\Users\User\AppData\Roaming\Avast Software" => not found
"C:\Users\User\AppData\Roaming\Avast Software\Avast" => not found
"C:\Users\User\AppData\Local\Temp\_avast_" => not found

 

And the second part:

"C:\ProgramData\AVAST Software" Folder move:

C:\ProgramData\AVAST Software => moved successfully
"C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RNRYCGU\Avast" => removed successfully
"C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RML15VM\Avast Antivirus" => removed successfully
"C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RML15VM\Avast Antivirus with BCU" => removed successfully
"C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RML15VM\Avast Driver Updater" => removed successfully
"C:\$Recycle.Bin\S-1-5-21-4161042128-27025238-194098315-1001\$RA5WDIU\Avast" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\AVAST Software|DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" => not found
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5e69e83710ea31f5" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\amd64_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_6349ea290dbe6128" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_5158632ac9d8192f" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_5638651cc6ac4862" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_a6171f0e25665afb" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_aaf72100223a8a2e" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.28127.0_none_99059a01de544235" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\IsolatedSxSAssemblies\\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.28127.0_none_9de59bf3db287168" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\UserSettings\S-1-5-21-4161042128-27025238-194098315-1001\\\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastUI.exe" => removed successfully
"HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\286135bd_0\\" => removed successfully
"HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5a2e1c0b_0\\" => removed successfully
"HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\8024366c_0\\" => removed successfully
"HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ec73648b_0\\" => removed successfully
"HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\User\Desktop\avast_free_antivirus_setup_online_cnet2.exe" => not found
"HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Users\User\Desktop\avast_free_antivirus_setup_online.exe" => not found
"HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MSPaint_8wekyb3d8bbwe\PersistedStorageItemTable\MostRecentlyUsed\{2752C3AB-9C4E-4926-9AC7-A1D4D602F6F4}\\FilePath" => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\avast => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvastPersistentStorage => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-2007.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-downloads.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-hq.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\download-avast.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\avast => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\www.avast => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\telecharger-avast.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.mfc_fcc99ee6193ebbca_none_018be6966dc83925 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_eea141d5921f913b => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41 => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Avast Software => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\com.avast.nativeproxy => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-2007.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-downloads.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-hq.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\download-avast.com => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\avast => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\www.avast => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\telecharger-avast.com => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\aswbIDSAgent => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\avast! Antivirus => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\AvastWscReporter => removed successfully
HKEY_USERS\.DEFAULT\Software\Avast Software => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-2007.com => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-downloads.com => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-hq.com => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\download-avast.com => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\avast => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\www.avast => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\telecharger-avast.com => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\AVAST Software => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-2007.com => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-downloads.com => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avast-hq.com => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-avast.com => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\avast => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-software-center.com\www.avast => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\telecharger-avast.com => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-2007.com => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-downloads.com => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avast-hq.com => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\download-avast.com => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\avast => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-software-center.com\www.avast => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\telecharger-avast.com => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\avast! Antivirus => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de => removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aviraa.de => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\wwwavira.de => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aavira.de => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\aviraa.de => removed successfully
HKEY_USERS\S-1-5-21-4161042128-27025238-194098315-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\wwwavira.de => removed successfully

========= bcdedit /deletevalue {default} safeboot =========

An error occurred while attempting to delete the specified data element.
Element not found.


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 23:09:27 ====

 

Okay, so I get out of trying the scary steps in post #37? Phew! Though I was all set and had gathered my courage, if you still think it is best. You referred to other options as less than optimum earlier, so just double checking.

Thanks for your thoughts on antivirus software, too.

Windows Security is what is already on your computer (the default that I've been using the past few days with no avast) right? Is Windows security the only way to avoid bloat ware etc? I had no idea Avast after being uninstalled would have left behind so much stuff.
I haven't used this computer lately as much as I normally do since we're still working on it, but I did notice that the windows security caught some part left from IObit (the defragmenter people I use who like to sneak Advance System Care on my computer against my will). This impressed me some, as Avast never questioned it yet bothers me continually about updates that never work.

You said Windows Security updates itself, will this continue to be the case for windows 10 after they stop supporting windows 10 (in October, I think)? Would Windows Security be safe to use after that, if I chose not to go to Windows 11 yet?

So you're saying Windows Security provides real time protection, as does the paid Malwarebytes (but not free malwarebytes)?

I have a friend who's said he hesitates to use Windows security because that is what people who make malware/viruses/whatever expect everyone to have, and therefore it would be less secure (where as, if you had something different, such as Avast, they might be caught by surprise). But you've had no issues with Windows security. Do you have thoughts on his line of thinking?

Another friend of mine was disappointed when I told her Avast doesn't seem to be open source. She was of the thinking that open source would be most secure since anyone can work on it and catch problems, and that was why she'd chosen Avast. But I wonder, if anyone can work on it, than anyone can mess with it/infect it/whatever. Do you have thoughts on this, and do you know of any open source antivirus software that you would trust?

Avast was obnoxious, but what I hate most of all has been IObit. They make Smart Defrag, which a friend (who's expertise I often question, no offense to him) said was the only way to defragment your computer since you cannot access command prompt as of Windows 10 (which apparently is not true) and therefore are unable to do check disc, which my open source loving friend says in older computers you go to the compand prompt, type chkdsk and then are able to defragment yourself. So, what do you think about defragmenting? How do you do it?

Again, thank you so much for all your help and advice! What you do here is great, and very appreciated!

 

Mechanical drives running windows 7 and above are auto-defragged.

We run four Windows 7 computers and I have never defragged a hard drive on any of them. I just checked for this computer and all partitions are at 0% fragmented. They were last defragged on 25 Sept. 2024.