Sunfish Windows Update Trainee Joined Aug 11, 2023 Posts 372 Apr 17, 2024 #21 Would it be possible to schedule a maintenance window and ensure there are no other users logged in? Once in this state, please try to run updates again using the local administrator account of the system. If it fails, please provide a copy of the CBS logs to review.
Would it be possible to schedule a maintenance window and ensure there are no other users logged in? Once in this state, please try to run updates again using the local administrator account of the system. If it fails, please provide a copy of the CBS logs to review.
F frankwhite Active member Joined Aug 21, 2020 Posts 27 Apr 18, 2024 #22 Sure, I have set up a maintenance window to ensure that no other user except the local administrator was logged in. Then, I restarted the Windows updates; here's a screenshot of the failed updates (including KB5034127) and as requested, a copy of the CBS Folder: CBS.7z Thank you for the support!
Sure, I have set up a maintenance window to ensure that no other user except the local administrator was logged in. Then, I restarted the Windows updates; here's a screenshot of the failed updates (including KB5034127) and as requested, a copy of the CBS Folder: CBS.7z Thank you for the support!
Sunfish Windows Update Trainee Joined Aug 11, 2023 Posts 372 Apr 22, 2024 #23 Would you be able to remove your third-party security software, reboot, then attempt updating again? Thinking you have a similar issue as [SOLVED] - Access denied on components registry keys causing update to roll back
Would you be able to remove your third-party security software, reboot, then attempt updating again? Thinking you have a similar issue as [SOLVED] - Access denied on components registry keys causing update to roll back
F frankwhite Active member Joined Aug 21, 2020 Posts 27 Apr 22, 2024 #24 Alright, so I've completely uninstalled CrowdStrike from the system. I initiated the updates again as the local administrator, and there were no other sessions present during the update process. Unfortunately, the roll-back started again at 24%, as has often been observed. Unasked, I'm attaching the current CBS.log once more: CBS.7z
Alright, so I've completely uninstalled CrowdStrike from the system. I initiated the updates again as the local administrator, and there were no other sessions present during the update process. Unfortunately, the roll-back started again at 24%, as has often been observed. Unasked, I'm attaching the current CBS.log once more: CBS.7z
Sunfish Windows Update Trainee Joined Aug 11, 2023 Posts 372 Apr 23, 2024 #25 Are you using FSlogix? If so, which rules are set?
F frankwhite Active member Joined Aug 21, 2020 Posts 27 Apr 24, 2024 #26 Yes, indeed! %SystemDriveFolder%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools Command Prompt.lnk 0x00000222 %SystemFolder32% cmd.exe 0x00000222 %SystemFolder64% cmd.exe 0x00000222 Click to expand... ##Program ID HKLM\SOFTWARE\Classes\xslfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\xmlfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\svgfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Microsoft.Website 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\mhtmlfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.HTTPS 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.HTTP 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.FTP 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.AssocFile.XHT 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.AssocFile.WEBSITE 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.AssocFile.SVG 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.AssocFile.PARTIAL 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.AssocFile.MHT 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.AssocFile.HTM 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\giffile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\ftp 0x00000221 ##Product Install Directory %ProgramFilesFolder64%\internet explorer 0x00000221 ##Program Shortcut (.lnk) %SystemDriveFolder%\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories Internet Explorer.lnk 0x00000222 ##Program Shortcut (.lnk) %SystemDriveFolder%\Users\*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar Internet Explorer.lnk 0x00000222 Click to expand... ##Product Install Directory %ProgramFilesFolder32%\Microsoft Office 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\dqyfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Addin 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.AddInMacroEnabled 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Backup 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Chart.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.CSV 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Macrosheet 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.OpenDocumentSpreadsheet.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Sheet.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Sheet.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.SheetBinaryMacroEnabled.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.SheetMacroEnabled.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.SLK 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Template 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Template.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.TemplateMacroEnabled 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.UriLink.16 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Workspace 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.XLL 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excelhtmlfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excelhtmltemplate 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\iqyfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\ms-excel 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\ms-word 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\ODCfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.Backup.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.Document.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.Document.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.DocumentMacroEnabled.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.OpenDocumentText.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.RTF.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.Template.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.Template.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.TemplateMacroEnabled.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.UriLink.16 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.Wizard.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\wordhtmlfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\wordhtmltemplate 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\wordxmlfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\xmlfile 0x00000221 ##Open With registration HKCU\SOFTWARE\Classes\Applications\WINWORD.EXE 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{10336656-40D7-4530-BCC0-86CD3D77D25F} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{312AB530-ECC9-496E-AE0E-C9E6C5392499} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{33154C99-BF49-443D-A73C-303A23ABBE97} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{355822FC-86F1-4BE8-B5F0-A33736789641} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{35C5242B-7455-4F9C-962B-369EA43ED6F3} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{4039B326-9F27-4B4A-B460-47A0C6A39D5C} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{4693FF15-B962-420A-9E5D-176F7D4B8321} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{48E73304-E1D6-4330-914C-F5F514E3486C} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{506F4668-F13E-4AA1-BB04-B43203AB3CC0} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{5A98B233-3C59-4B31-944C-0E560D85E6C3} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{6EE84065-8BA3-4a8a-9542-6EC8B56A3378} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{72B66649-3DBF-429F-BD6F-7774A9784B78} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{9FBC2D8F-6F52-4CFA-A86F-096F3E9EB4B2} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{A394DCA9-3727-11D4-BD85-00C04F6B93A4} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{C7DFFDF1-BD1F-450A-B98D-96B6D30BA4C1} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{D66DC78C-4F61-447F-942B-3FB6980118CF} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{DDFE337F-4987-4EC8-BDE3-133FA63D5D85} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{E2F5480E-ED5A-4DDE-B8A8-F9F297479F62} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{E3956DCF-D1C7-4375-AAAA-22FF8191C479} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{FAEA5B46-761B-400E-B53E-E805A97A543E} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{FFFDC614-B694-4AE6-AB38-5D6374584B52} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{000D0E00-0000-0000-C000-000000001157} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02AF6DD2-77E6-44DF-B3E1-57CF1476D8EA} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{04082FC6-E032-49F2-A263-FE64E9DA1FA3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13D557B6-A469-4362-BEAF-52BFD0F180E2} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19FED08E-EFD1-45da-B524-7BE4774A6AEE} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{227B1F3B-C276-4DE0-9FAA-C0AD42ADDCF0} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{312AB530-ECC9-496E-AE0E-C9E6C5392499} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33154C99-BF49-443D-A73C-303A23ABBE97} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{355822FC-86F1-4BE8-B5F0-A33736789641} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35C5242B-7455-4F9C-962B-369EA43ED6F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B0BD075-929C-4E52-AAD1-458C81A10B24} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D0FD779-0C2D-4708-A9BA-62F7458A5A53} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3FD37ABB-F90A-4DE5-AA38-179629E64C2F} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4039B326-9F27-4B4A-B460-47A0C6A39D5C} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4693FF15-B962-420A-9E5D-176F7D4B8321} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{46E31370-3F7A-11CE-BED6-00AA00611080} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4795051A-6429-4D63-BCA0-D706532954AC} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4C599241-6926-101B-9992-00000B65C6F9} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5052A832-2C0F-46c7-B67C-1F1FEC37B280} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{506F4668-F13E-4AA1-BB04-B43203AB3CC0} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5504BE45-A83B-4808-900A-3A5C36E7F77A} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{550D0110-8DCD-11D1-8524-00A02495E426} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D110-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D112-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D114-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D116-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D118-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D11A-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D11C-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D11E-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D122-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D124-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5A1DCFD3-7982-48F2-8A3D-5C35272862DE} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5A98B233-3C59-4B31-944C-0E560D85E6C3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C615ED6-4F9F-48BE-8D84-17409196DE36} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5CBA34AE-E344-40CF-B61D-FBA4D0D1FF54} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5E90CC8B-E402-4350-82D7-996E92010608} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6240EF28-7EAB-4dc7-A5E3-7CFB35EFB34D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{62B4D041-4667-40B6-BB50-4BC0A5043A73} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6939BF8D-FF94-492C-9E4E-BD6439D8F867} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C177EBD-C42D-4728-A04B-4131892EDBF6} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C1B3099-127A-4BE1-93BC-DD4771EEEF90} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E182020-F460-11CE-9BCD-00AA00608E01} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{72B66649-3DBF-429F-BD6F-7774A9784B78} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{787A2D6B-EF66-488D-A303-513C9C75C344} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79176FB0-B7F2-11CE-97EF-00AA006D2776} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7931F65C-2564-4C19-AE71-E7DDFA008F6A} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83C25742-A9F7-49FB-9138-434302C88D07} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86F56B7F-A81B-478d-B231-50FD37CBE761} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BD21D10-EC42-11CE-9E0D-00AA006002F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BD21D20-EC42-11CE-9E0D-00AA006002F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BD21D30-EC42-11CE-9E0D-00AA006002F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BD21D40-EC42-11CE-9E0D-00AA006002F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BD21D50-EC42-11CE-9E0D-00AA006002F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BD21D60-EC42-11CE-9E0D-00AA006002F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9203C2CB-1DC1-482D-967E-597AFF270F0D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9432194C-DF54-4824-8E24-B013BF2B90E3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{978C9E23-D4B0-11CE-BF2D-00AA003F40D0} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9800F18F-3D86-4744-A7D0-540989C86D7B} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9BDAC276-BE24-4F04-BB22-11469B28A496} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9ED13477-E909-45BC-BADC-2106D04D6BD7} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FBC2D8F-6F52-4CFA-A86F-096F3E9EB4B2} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A394DCA9-3727-11D4-BD85-00C04F6B93A4} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BDEADE9E-C265-11D0-BCED-00A0C90AB50F} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CDEC13B2-0B3C-400E-B909-E27EE89C6799} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D66DC78C-4F61-447F-942B-3FB6980118CF} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D7053240-CE69-11CD-A777-00DD01143C57} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DCA0ED3C-B95D-490f-9C60-0FF3726C789A} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD4CB8C5-F540-47ff-84D7-67390D2743CA} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDFE337F-4987-4EC8-BDE3-133FA63D5D85} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFD181E0-5E2F-11CE-A449-00AA004A803D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E2F5480E-ED5A-4DDE-B8A8-F9F297479F62} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E3956DCF-D1C7-4375-AAAA-22FF8191C479} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E9729012-8271-4e1f-BC56-CF85F914915A} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EA778DB4-CE69-4da5-BC1D-34E2168D5EED} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EAE50EB0-4A62-11CE-BED6-00AA00611080} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EFBD9A69-66AF-4D44-BB36-D477E5014216} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F14E8B03-D080-4D3A-AEBA-355E77B20F3D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F8CF7A98-2C45-4c8d-9151-2D716989DDAB} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FB453AD8-2EF4-44D3-98A8-8C6474E63CE4} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FDEA20DB-AC7A-42f8-90EE-82208B9B4FC0} 0x00000221 ##Browser Helper Object HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} 0x00000221 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} 0x00000221 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d} 0x00000221 Click to expand... %SystemFolder32%\WindowsPowerShell\v1.0 powershell.exe 0x00000222 %SystemFolder32%\WindowsPowerShell\v1.0 powershell_ise.exe 0x00000222 %SystemFolder64%\WindowsPowerShell\v1.0 powershell_ise.exe 0x00000222 ##Product Install Directory %SystemFolder32%\WindowsPowerShell\v1.0 0x00000221 ##Product Install Directory %SystemFolder64%\WindowsPowerShell\v1.0 0x00000221 %SystemFolder64%\WindowsPowerShell\v1.0 powershell.exe 0x00000222 ##Program Shortcut (.lnk) %SystemDriveFolder%\Users\default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell Windows PowerShell ISE (x86).lnk 0x00000222 ##Program Shortcut (.lnk) %SystemDriveFolder%\Users\default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell Windows PowerShell (x86).lnk 0x00000222 Click to expand... HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications\Microsoft.Windows.SecHealthUI_10.0.17763.1_neutral__cw5n1h2txyewy 0x00000221 %SystemDriveFolder%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 0x00000221 Click to expand... %WindowsFolder% hh.exe 0x00000222 C:\Windows\System32 compmgmt.msc 0x00000222 C:\Windows\SysWOW64 compmgmt.msc 0x00000222 C:\Windows\System32 control.exe 0x00000222 C:\Windows\SysWOW64 control.exe 0x00000222 C:\Windows\SysWOW64 csc.exe 0x00000222 C:\Windows\System32 csc.exe 0x00000222 C:\Windows\System32 cscript.exe 0x00000222 C:\Windows\SysWOW64 cscript.exe 0x00000222 C:\Windows\System32 devmgmt.msc 0x00000222 C:\Windows\SysWOW64 devmgmt.msc 0x00000222 C:\Windows\System32 findstr.exe 0x00000222 C:\Windows\SysWOW64 findstr.exe 0x00000222 C:\Windows\SysWOW64 ftp.exe 0x00000222 C:\Windows\System32 ftp.exe 0x00000222 C:\Windows\System32 mmc.exe 0x00000222 C:\Windows\SysWOW64 mmc.exe 0x00000222 C:\Windows\SysWOW64 msbuild.exe 0x00000222 C:\Windows\System32 msbuild.exe 0x00000222 C:\Windows\System32 reg.exe 0x00000222 C:\Windows\SysWOW64 reg.exe 0x00000222 C:\Windows\SysWOW64 regarm.exe 0x00000222 C:\Windows\System32 regarm.exe 0x00000222 %WindowsFolder% regedit.exe 0x00000222 C:\Windows\SysWOW64 regedit.exe 0x00000222 C:\Windows\SysWOW64 regsvcs.exe 0x00000222 C:\Windows\System32 regsvcs.exe 0x00000222 C:\Windows\SysWOW64 regsvr32.exe 0x00000222 C:\Windows\System32 regsvr32.exe 0x00000222 C:\Windows\System32 ServerManager.exe 0x00000222 C:\Windows\SysWOW64 ServerManager.exe 0x00000222 C:\Windows\System32 ServerManagerLauncher.exe 0x00000222 C:\Windows\SysWOW64 ServerManagerLauncher.exe 0x00000222 C:\Windows\System32 services.msc 0x00000222 C:\Windows\SysWOW64 services.msc 0x00000222 C:\Windows\System32 tasklist.exe 0x00000222 C:\Windows\SysWOW64 tasklist.exe 0x00000222 C:\Windows\System32 Taskmgr.exe 0x00000222 C:\Windows\SysWOW64 Taskmgr.exe 0x00000222 C:\Windows\SysWOW64 vbscript.exe 0x00000222 C:\Windows\System32 vbscript.exe 0x00000222 C:\Windows\System32 winrs.exe 0x00000222 C:\Windows\SysWOW64 winrs.exe 0x00000222 C:\Windows\System32\wbem WMIC.exe 0x00000222 C:\Windows\SysWOW64\wbem WMIC.exe 0x00000222 C:\Windows\SysWOW64 wmic.exe 0x00000222 C:\Windows\System32 wmic.exe 0x00000222 C:\Windows\System32 wscript.exe 0x00000222 C:\Windows\SysWOW64 wscript.exe 0x00000222 %ProgramFilesFolder64%\FSLogix 0x00000221 C:\Windows\System32 adplus.exe 0x00000222 C:\Windows\System32 Advpack.dll 0x00000222 C:\Windows\System32 AgentExecutor.exe 0x00000222 C:\Windows\System32 AppInstaller.exe 0x00000222 C:\Windows\System32 Appvlp.exe 0x00000222 C:\Windows\System32 At.exe 0x00000222 C:\Windows\System32 Atbroker.exe 0x00000222 C:\Windows\System32 Bash.exe 0x00000222 C:\Windows\System32 Bginfo.exe 0x00000222 C:\Windows\System32 Bitsadmin.exe 0x00000222 C:\Windows\System32 Cdb.exe 0x00000222 C:\Windows\System32 CertReq.exe 0x00000222 C:\Windows\System32 Certutil.exe 0x00000222 C:\Windows\System32 CL_Invocation.ps1 0x00000222 C:\Windows\System32 CL_Mutexverifiers.ps1 0x00000222 C:\Windows\System32 Cmd.exe 0x00000222 C:\Windows\System32 Cmdkey.exe 0x00000222 C:\Windows\System32 Cmstp.exe 0x00000222 C:\Windows\System32 Comsvcs.dll 0x00000222 C:\Windows\System32 ConfigSecurityPolicy.exe 0x00000222 C:\Windows\System32 coregen.exe 0x00000222 C:\Windows\System32 csi.exe 0x00000222 C:\Windows\System32 DataSvcUtil.exe 0x00000222 C:\Windows\System32 DefaultPack.EXE 0x00000222 C:\Windows\System32 Desktopimgdownldr.exe 0x00000222 C:\Windows\System32 Devtoolslauncher.exe 0x00000222 C:\Windows\System32 Dfsvc.exe 0x00000222 C:\Windows\System32 Diantz.exe 0x00000222 C:\Windows\System32 Diskshadow.exe 0x00000222 C:\Windows\System32 Dnscmd.exe 0x00000222 C:\Windows\System32 dnx.exe 0x00000222 C:\Windows\System32 Dotnet.exe 0x00000222 C:\Windows\System32 Dxcap.exe 0x00000222 C:\Windows\System32 Esentutl.exe 0x00000222 C:\Windows\System32 Eventvwr.exe 0x00000222 C:\Windows\System32 Expand.exe 0x00000222 C:\Windows\System32 Extexport.exe 0x00000222 C:\Windows\System32 Extrac32.exe 0x00000222 C:\Windows\System32 Forfiles.exe 0x00000222 C:\Windows\System32 GfxDownloadWrapper.exe 0x00000222 C:\Windows\System32 hh.exe 0x00000222 C:\Windows\System32 Ie4uinit.exe 0x00000222 C:\Windows\System32 Ieadvpack.dll 0x00000222 C:\Windows\System32 Ieaframe.dll 0x00000222 C:\Windows\System32 Ieexec.exe 0x00000222 C:\Windows\System32 Ilasm.exe 0x00000222 C:\Windows\System32 Infdefaultinstall.exe 0x00000222 C:\Windows\System32 Installutil.exe 0x00000222 C:\Windows\System32 Jsc.exe 0x00000222 C:\Windows\System32 Makecab.exe 0x00000222 C:\Windows\System32 Manage-bde.wsf 0x00000222 C:\Windows\System32 Mavinject.exe 0x00000222 C:\Windows\System32 Mftrace.exe 0x00000222 C:\Windows\System32 Microsoft.Workflow.Compiler.exe 0x00000222 C:\Windows\System32 MpCmdRun.exe 0x00000222 C:\Windows\System32 Msconfig.exe 0x00000222 C:\Windows\System32 Msdeploy.exe 0x00000222 C:\Windows\System32 Msdt.exe 0x00000222 C:\Windows\System32 Mshta.exe 0x00000222 C:\Windows\System32 Mshtml.dll 0x00000222 C:\Windows\System32 msxsl.exe 0x00000222 C:\Windows\System32 Netsh.exe 0x00000222 C:\Windows\System32 ntdsutil.exe 0x00000222 C:\Windows\System32 Odbcconf.exe 0x00000222 C:\Windows\System32 Pcalua.exe 0x00000222 C:\Windows\System32 Pcwrun.exe 0x00000222 C:\Windows\System32 Pcwutl.dll 0x00000222 C:\Windows\System32 Pester.bat 0x00000222 C:\Windows\System32 Pktmon.exe 0x00000222 C:\Windows\System32 Pnputil.exe 0x00000222 C:\Windows\System32 Powerpnt.exe 0x00000222 C:\Windows\System32 Presentationhost.exe 0x00000222 C:\Windows\System32 Psr.exe 0x00000222 C:\Windows\System32 Pubprn.vbs 0x00000222 C:\Windows\System32 Rasautou.exe 0x00000222 C:\Windows\System32 rcsi.exe 0x00000222 C:\Windows\System32 Regasm.exe 0x00000222 C:\Windows\System32 Regedit.exe 0x00000222 C:\Windows\System32 Regini.exe 0x00000222 C:\Windows\System32 Register-cimprovider.exe 0x00000222 C:\Windows\System32 Remote.exe 0x00000222 C:\Windows\System32 Replace.exe 0x00000222 C:\Windows\System32 Rpcping.exe 0x00000222 C:\Windows\System32 Runonce.exe 0x00000222 C:\Windows\System32 Runscripthelper.exe 0x00000222 C:\Windows\System32 Sc.exe 0x00000222 C:\Windows\System32 Schtasks.exe 0x00000222 C:\Windows\System32 Scriptrunner.exe 0x00000222 C:\Windows\System32 Setupapi.dll 0x00000222 C:\Windows\System32 Shdocvw.dll 0x00000222 C:\Windows\System32 Slmgr.vbs 0x00000222 C:\Windows\System32 Sqldumper.exe 0x00000222 C:\Windows\System32 Sqlps.exe 0x00000222 C:\Windows\System32 SQLToolsPS.exe 0x00000222 C:\Windows\System32 Squirrel.exe 0x00000222 C:\Windows\System32 SyncAppvPublishingServer.exe 0x00000222 C:\Windows\System32 Syncappvpublishingserver.vbs 0x00000222 C:\Windows\System32 Syssetup.dll 0x00000222 C:\Windows\System32 te.exe 0x00000222 C:\Windows\System32 Tracker.exe 0x00000222 C:\Windows\System32 Ttdinject.exe 0x00000222 C:\Windows\System32 Tttracer.exe 0x00000222 C:\Windows\System32 Update.exe 0x00000222 C:\Windows\System32 Url.dll 0x00000222 C:\Windows\System32 vbc.exe 0x00000222 C:\Windows\System32 Verclsid.exe 0x00000222 C:\Windows\System32 vsjitdebugger.exe 0x00000222 C:\Windows\System32 Wab.exe 0x00000222 C:\Windows\System32 winrm.vbs 0x00000222 C:\Windows\System32 Wsl.exe 0x00000222 C:\Windows\System32 Wsreset.exe 0x00000222 C:\Windows\System32 wuauclt.exe 0x00000222 C:\Windows\System32 Xwizard.exe 0x00000222 C:\Windows\SysWOW64 adplus.exe 0x00000222 C:\Windows\SysWOW64 Advpack.dll 0x00000222 C:\Windows\SysWOW64 AgentExecutor.exe 0x00000222 C:\Windows\SysWOW64 AppInstaller.exe 0x00000222 C:\Windows\SysWOW64 Appvlp.exe 0x00000222 C:\Windows\SysWOW64 At.exe 0x00000222 C:\Windows\SysWOW64 Atbroker.exe 0x00000222 C:\Windows\SysWOW64 Bash.exe 0x00000222 C:\Windows\SysWOW64 Bginfo.exe 0x00000222 C:\Windows\SysWOW64 Bitsadmin.exe 0x00000222 C:\Windows\SysWOW64 Cdb.exe 0x00000222 C:\Windows\SysWOW64 CertReq.exe 0x00000222 C:\Windows\SysWOW64 Certutil.exe 0x00000222 C:\Windows\SysWOW64 CL_Invocation.ps1 0x00000222 C:\Windows\SysWOW64 CL_Mutexverifiers.ps1 0x00000222 C:\Windows\SysWOW64 Cmd.exe 0x00000222 C:\Windows\SysWOW64 Cmdkey.exe 0x00000222 C:\Windows\SysWOW64 Cmstp.exe 0x00000222 C:\Windows\SysWOW64 Comsvcs.dll 0x00000222 C:\Windows\SysWOW64 ConfigSecurityPolicy.exe 0x00000222 C:\Windows\SysWOW64 coregen.exe 0x00000222 C:\Windows\SysWOW64 csi.exe 0x00000222 C:\Windows\SysWOW64 DataSvcUtil.exe 0x00000222 C:\Windows\SysWOW64 DefaultPack.EXE 0x00000222 C:\Windows\SysWOW64 Desktopimgdownldr.exe 0x00000222 C:\Windows\SysWOW64 Devtoolslauncher.exe 0x00000222 C:\Windows\SysWOW64 Dfsvc.exe 0x00000222 C:\Windows\SysWOW64 Diantz.exe 0x00000222 C:\Windows\SysWOW64 Diskshadow.exe 0x00000222 C:\Windows\SysWOW64 Dnscmd.exe 0x00000222 C:\Windows\SysWOW64 dnx.exe 0x00000222 C:\Windows\SysWOW64 Dotnet.exe 0x00000222 C:\Windows\SysWOW64 Dxcap.exe 0x00000222 C:\Windows\SysWOW64 Esentutl.exe 0x00000222 C:\Windows\SysWOW64 Eventvwr.exe 0x00000222 C:\Windows\SysWOW64 Expand.exe 0x00000222 C:\Windows\SysWOW64 Extexport.exe 0x00000222 C:\Windows\SysWOW64 Extrac32.exe 0x00000222 C:\Windows\SysWOW64 Forfiles.exe 0x00000222 C:\Windows\SysWOW64 GfxDownloadWrapper.exe 0x00000222 C:\Windows\SysWOW64 hh.exe 0x00000222 C:\Windows\SysWOW64 Ie4uinit.exe 0x00000222 C:\Windows\SysWOW64 Ieadvpack.dll 0x00000222 C:\Windows\SysWOW64 Ieaframe.dll 0x00000222 C:\Windows\SysWOW64 Ieexec.exe 0x00000222 C:\Windows\SysWOW64 Ilasm.exe 0x00000222 C:\Windows\SysWOW64 Infdefaultinstall.exe 0x00000222 C:\Windows\SysWOW64 Installutil.exe 0x00000222 C:\Windows\SysWOW64 Jsc.exe 0x00000222 C:\Windows\SysWOW64 Makecab.exe 0x00000222 C:\Windows\SysWOW64 Manage-bde.wsf 0x00000222 C:\Windows\SysWOW64 Mavinject.exe 0x00000222 C:\Windows\SysWOW64 Mftrace.exe 0x00000222 C:\Windows\SysWOW64 Microsoft.Workflow.Compiler.exe 0x00000222 C:\Windows\SysWOW64 MpCmdRun.exe 0x00000222 C:\Windows\SysWOW64 Msconfig.exe 0x00000222 C:\Windows\SysWOW64 Msdeploy.exe 0x00000222 C:\Windows\SysWOW64 Msdt.exe 0x00000222 C:\Windows\SysWOW64 Mshta.exe 0x00000222 C:\Windows\SysWOW64 Mshtml.dll 0x00000222 C:\Windows\SysWOW64 msxsl.exe 0x00000222 C:\Windows\SysWOW64 Netsh.exe 0x00000222 C:\Windows\SysWOW64 ntdsutil.exe 0x00000222 C:\Windows\SysWOW64 Odbcconf.exe 0x00000222 C:\Windows\SysWOW64 Pcalua.exe 0x00000222 C:\Windows\SysWOW64 Pcwrun.exe 0x00000222 C:\Windows\SysWOW64 Pcwutl.dll 0x00000222 C:\Windows\SysWOW64 Pester.bat 0x00000222 C:\Windows\SysWOW64 Pktmon.exe 0x00000222 C:\Windows\SysWOW64 Pnputil.exe 0x00000222 C:\Windows\SysWOW64 Powerpnt.exe 0x00000222 C:\Windows\SysWOW64 Presentationhost.exe 0x00000222 C:\Windows\SysWOW64 Psr.exe 0x00000222 C:\Windows\SysWOW64 Pubprn.vbs 0x00000222 C:\Windows\SysWOW64 Rasautou.exe 0x00000222 C:\Windows\SysWOW64 rcsi.exe 0x00000222 C:\Windows\SysWOW64 Regasm.exe 0x00000222 C:\Windows\SysWOW64 Regini.exe 0x00000222 C:\Windows\SysWOW64 Register-cimprovider.exe 0x00000222 C:\Windows\SysWOW64 Remote.exe 0x00000222 C:\Windows\SysWOW64 Replace.exe 0x00000222 C:\Windows\SysWOW64 Rpcping.exe 0x00000222 C:\Windows\SysWOW64 Runonce.exe 0x00000222 C:\Windows\SysWOW64 Runscripthelper.exe 0x00000222 C:\Windows\SysWOW64 Sc.exe 0x00000222 C:\Windows\SysWOW64 Schtasks.exe 0x00000222 C:\Windows\SysWOW64 Scriptrunner.exe 0x00000222 C:\Windows\SysWOW64 Setupapi.dll 0x00000222 C:\Windows\SysWOW64 Shdocvw.dll 0x00000222 C:\Windows\SysWOW64 Slmgr.vbs 0x00000222 C:\Windows\SysWOW64 Sqldumper.exe 0x00000222 C:\Windows\SysWOW64 Sqlps.exe 0x00000222 C:\Windows\SysWOW64 SQLToolsPS.exe 0x00000222 C:\Windows\SysWOW64 Squirrel.exe 0x00000222 C:\Windows\SysWOW64 SyncAppvPublishingServer.exe 0x00000222 C:\Windows\SysWOW64 Syncappvpublishingserver.vbs 0x00000222 C:\Windows\SysWOW64 Syssetup.dll 0x00000222 C:\Windows\SysWOW64 te.exe 0x00000222 C:\Windows\SysWOW64 Tracker.exe 0x00000222 C:\Windows\SysWOW64 Ttdinject.exe 0x00000222 C:\Windows\SysWOW64 Tttracer.exe 0x00000222 C:\Windows\SysWOW64 Update.exe 0x00000222 C:\Windows\SysWOW64 Url.dll 0x00000222 C:\Windows\SysWOW64 vbc.exe 0x00000222 C:\Windows\SysWOW64 Verclsid.exe 0x00000222 C:\Windows\SysWOW64 vsjitdebugger.exe 0x00000222 C:\Windows\SysWOW64 Wab.exe 0x00000222 C:\Windows\SysWOW64 winrm.vbs 0x00000222 C:\Windows\SysWOW64 Wsl.exe 0x00000222 C:\Windows\SysWOW64 Wsreset.exe 0x00000222 C:\Windows\SysWOW64 wuauclt.exe 0x00000222 C:\Windows\SysWOW64 Xwizard.exe 0x00000222 C:\Windows\SysWOW64 msinfo32.exe 0x00000222 C:\Windows\system32 msinfo32.exe 0x00000222 C:\Windows\system32 quser.exe 0x00000222 C:\Windows\system32 ipconfig.exe 0x00000222 C:\Windows\system32 arp.exe 0x00000222 C:\Windows\system32 net.exe 0x00000222 C:\Windows\system32 net1.exe 0x00000222 C:\Windows\system32 nltest.exe 0x00000222 C:\Windows\system32 qprocess.exe 0x00000222 C:\Windows\system32 klist.exe 0x00000222 C:\Windows\system32 robocopy.exe 0x00000222 C:\Windows\SysWOW64 quser.exe 0x00000222 C:\Windows\SysWOW64 ipconfig.exe 0x00000222 C:\Windows\SysWOW64 arp.exe 0x00000222 C:\Windows\SysWOW64 net.exe 0x00000222 C:\Windows\SysWOW64 net1.exe 0x00000222 C:\Windows\SysWOW64 nltest.exe 0x00000222 C:\Windows\SysWOW64 qprocess.exe 0x00000222 C:\Windows\SysWOW64 klist.exe 0x00000222 C:\Windows\SysWOW64 robocopy.exe 0x00000222 C:\Windows\SysWOW64 vssadmin.exe 0x00000222 C:\Windows\System32 vssadmin.exe 0x00000222 C:\Windows\System32 ping.exe 0x00000222 C:\Windows\SysWOW64 ping.exe 0x00000222 C:\Windows\System32 nslookup.exe 0x00000222 C:\Windows\SysWOW64 nslookup.exe 0x00000222 %SystemFolder64% msiexec.exe 0x00000222 Click to expand... The rules that are set are generally very restrictive; however, they do not apply to an AD group that contains admin AD accounts (removed / whitened out in the screenshot here) as well as the local administrator/system. In principle, FSLogix could also be temporarily uninstalled. Last edited: Apr 24, 2024
Yes, indeed! %SystemDriveFolder%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools Command Prompt.lnk 0x00000222 %SystemFolder32% cmd.exe 0x00000222 %SystemFolder64% cmd.exe 0x00000222 Click to expand... ##Program ID HKLM\SOFTWARE\Classes\xslfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\xmlfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\svgfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Microsoft.Website 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\mhtmlfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.HTTPS 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.HTTP 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.FTP 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.AssocFile.XHT 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.AssocFile.WEBSITE 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.AssocFile.SVG 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.AssocFile.PARTIAL 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.AssocFile.MHT 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\IE.AssocFile.HTM 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\giffile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\ftp 0x00000221 ##Product Install Directory %ProgramFilesFolder64%\internet explorer 0x00000221 ##Program Shortcut (.lnk) %SystemDriveFolder%\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories Internet Explorer.lnk 0x00000222 ##Program Shortcut (.lnk) %SystemDriveFolder%\Users\*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar Internet Explorer.lnk 0x00000222 Click to expand... ##Product Install Directory %ProgramFilesFolder32%\Microsoft Office 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\dqyfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Addin 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.AddInMacroEnabled 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Backup 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Chart.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.CSV 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Macrosheet 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.OpenDocumentSpreadsheet.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Sheet.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Sheet.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.SheetBinaryMacroEnabled.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.SheetMacroEnabled.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.SLK 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Template 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Template.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.TemplateMacroEnabled 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.UriLink.16 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.Workspace 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excel.XLL 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excelhtmlfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Excelhtmltemplate 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\iqyfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\ms-excel 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\ms-word 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\ODCfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.Backup.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.Document.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.Document.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.DocumentMacroEnabled.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.OpenDocumentText.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.RTF.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.Template.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.Template.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.TemplateMacroEnabled.12 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.UriLink.16 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\Word.Wizard.8 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\wordhtmlfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\wordhtmltemplate 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\wordxmlfile 0x00000221 ##Program ID HKLM\SOFTWARE\Classes\xmlfile 0x00000221 ##Open With registration HKCU\SOFTWARE\Classes\Applications\WINWORD.EXE 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{10336656-40D7-4530-BCC0-86CD3D77D25F} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{312AB530-ECC9-496E-AE0E-C9E6C5392499} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{33154C99-BF49-443D-A73C-303A23ABBE97} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{355822FC-86F1-4BE8-B5F0-A33736789641} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{35C5242B-7455-4F9C-962B-369EA43ED6F3} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{4039B326-9F27-4B4A-B460-47A0C6A39D5C} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{4693FF15-B962-420A-9E5D-176F7D4B8321} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{48E73304-E1D6-4330-914C-F5F514E3486C} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{506F4668-F13E-4AA1-BB04-B43203AB3CC0} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{5A98B233-3C59-4B31-944C-0E560D85E6C3} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{6EE84065-8BA3-4a8a-9542-6EC8B56A3378} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{72B66649-3DBF-429F-BD6F-7774A9784B78} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{9FBC2D8F-6F52-4CFA-A86F-096F3E9EB4B2} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{A394DCA9-3727-11D4-BD85-00C04F6B93A4} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{C7DFFDF1-BD1F-450A-B98D-96B6D30BA4C1} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{D66DC78C-4F61-447F-942B-3FB6980118CF} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{DDFE337F-4987-4EC8-BDE3-133FA63D5D85} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{E2F5480E-ED5A-4DDE-B8A8-F9F297479F62} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{E3956DCF-D1C7-4375-AAAA-22FF8191C479} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{FAEA5B46-761B-400E-B53E-E805A97A543E} 0x00000221 ##COM object HKLM\SOFTWARE\Classes\CLSID\{FFFDC614-B694-4AE6-AB38-5D6374584B52} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{000D0E00-0000-0000-C000-000000001157} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02AF6DD2-77E6-44DF-B3E1-57CF1476D8EA} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{04082FC6-E032-49F2-A263-FE64E9DA1FA3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13D557B6-A469-4362-BEAF-52BFD0F180E2} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19FED08E-EFD1-45da-B524-7BE4774A6AEE} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20E823C2-62F3-4638-96BD-90F4F6784EBC} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{227B1F3B-C276-4DE0-9FAA-C0AD42ADDCF0} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{312AB530-ECC9-496E-AE0E-C9E6C5392499} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33154C99-BF49-443D-A73C-303A23ABBE97} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{355822FC-86F1-4BE8-B5F0-A33736789641} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35C5242B-7455-4F9C-962B-369EA43ED6F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B0BD075-929C-4E52-AAD1-458C81A10B24} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3D0FD779-0C2D-4708-A9BA-62F7458A5A53} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3FD37ABB-F90A-4DE5-AA38-179629E64C2F} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4039B326-9F27-4B4A-B460-47A0C6A39D5C} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4693FF15-B962-420A-9E5D-176F7D4B8321} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{46E31370-3F7A-11CE-BED6-00AA00611080} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4795051A-6429-4D63-BCA0-D706532954AC} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4C599241-6926-101B-9992-00000B65C6F9} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5052A832-2C0F-46c7-B67C-1F1FEC37B280} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{506F4668-F13E-4AA1-BB04-B43203AB3CC0} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5504BE45-A83B-4808-900A-3A5C36E7F77A} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{550D0110-8DCD-11D1-8524-00A02495E426} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D110-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D112-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D114-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D116-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D118-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D11A-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D11C-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D11E-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D122-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5512D124-5CC6-11CF-8D67-00AA00BDCE1D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5A1DCFD3-7982-48F2-8A3D-5C35272862DE} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5A98B233-3C59-4B31-944C-0E560D85E6C3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5C615ED6-4F9F-48BE-8D84-17409196DE36} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5CBA34AE-E344-40CF-B61D-FBA4D0D1FF54} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5E90CC8B-E402-4350-82D7-996E92010608} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6240EF28-7EAB-4dc7-A5E3-7CFB35EFB34D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{62B4D041-4667-40B6-BB50-4BC0A5043A73} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6939BF8D-FF94-492C-9E4E-BD6439D8F867} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C177EBD-C42D-4728-A04B-4131892EDBF6} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C1B3099-127A-4BE1-93BC-DD4771EEEF90} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E182020-F460-11CE-9BCD-00AA00608E01} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{72B66649-3DBF-429F-BD6F-7774A9784B78} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{787A2D6B-EF66-488D-A303-513C9C75C344} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{79176FB0-B7F2-11CE-97EF-00AA006D2776} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7931F65C-2564-4C19-AE71-E7DDFA008F6A} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83C25742-A9F7-49FB-9138-434302C88D07} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86F56B7F-A81B-478d-B231-50FD37CBE761} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BD21D10-EC42-11CE-9E0D-00AA006002F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BD21D20-EC42-11CE-9E0D-00AA006002F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BD21D30-EC42-11CE-9E0D-00AA006002F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BD21D40-EC42-11CE-9E0D-00AA006002F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BD21D50-EC42-11CE-9E0D-00AA006002F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8BD21D60-EC42-11CE-9E0D-00AA006002F3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9203C2CB-1DC1-482D-967E-597AFF270F0D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9432194C-DF54-4824-8E24-B013BF2B90E3} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{978C9E23-D4B0-11CE-BF2D-00AA003F40D0} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9800F18F-3D86-4744-A7D0-540989C86D7B} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9BDAC276-BE24-4F04-BB22-11469B28A496} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9ED13477-E909-45BC-BADC-2106D04D6BD7} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FBC2D8F-6F52-4CFA-A86F-096F3E9EB4B2} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A394DCA9-3727-11D4-BD85-00C04F6B93A4} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AFE9E2F0-5BBA-4169-A33B-EE3727AC3482} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BDEADE9E-C265-11D0-BCED-00A0C90AB50F} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CDEC13B2-0B3C-400E-B909-E27EE89C6799} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D66DC78C-4F61-447F-942B-3FB6980118CF} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D7053240-CE69-11CD-A777-00DD01143C57} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DCA0ED3C-B95D-490f-9C60-0FF3726C789A} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD4CB8C5-F540-47ff-84D7-67390D2743CA} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDFE337F-4987-4EC8-BDE3-133FA63D5D85} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFD181E0-5E2F-11CE-A449-00AA004A803D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E2F5480E-ED5A-4DDE-B8A8-F9F297479F62} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E3956DCF-D1C7-4375-AAAA-22FF8191C479} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E9729012-8271-4e1f-BC56-CF85F914915A} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EA778DB4-CE69-4da5-BC1D-34E2168D5EED} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EAE50EB0-4A62-11CE-BED6-00AA00611080} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EFBD9A69-66AF-4D44-BB36-D477E5014216} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F14E8B03-D080-4D3A-AEBA-355E77B20F3D} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F8CF7A98-2C45-4c8d-9151-2D716989DDAB} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F90DFE0C-CBDF-41FF-8598-EDD8F222A2C8} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FB453AD8-2EF4-44D3-98A8-8C6474E63CE4} 0x00000221 ##COM object HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FDEA20DB-AC7A-42f8-90EE-82208B9B4FC0} 0x00000221 ##Browser Helper Object HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} 0x00000221 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} 0x00000221 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{138508bc-1e03-49ea-9c8f-ea9e1d05d65d} 0x00000221 Click to expand... %SystemFolder32%\WindowsPowerShell\v1.0 powershell.exe 0x00000222 %SystemFolder32%\WindowsPowerShell\v1.0 powershell_ise.exe 0x00000222 %SystemFolder64%\WindowsPowerShell\v1.0 powershell_ise.exe 0x00000222 ##Product Install Directory %SystemFolder32%\WindowsPowerShell\v1.0 0x00000221 ##Product Install Directory %SystemFolder64%\WindowsPowerShell\v1.0 0x00000221 %SystemFolder64%\WindowsPowerShell\v1.0 powershell.exe 0x00000222 ##Program Shortcut (.lnk) %SystemDriveFolder%\Users\default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell Windows PowerShell ISE (x86).lnk 0x00000222 ##Program Shortcut (.lnk) %SystemDriveFolder%\Users\default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell Windows PowerShell (x86).lnk 0x00000222 Click to expand... HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications\Microsoft.Windows.SecHealthUI_10.0.17763.1_neutral__cw5n1h2txyewy 0x00000221 %SystemDriveFolder%\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs 0x00000221 Click to expand... %WindowsFolder% hh.exe 0x00000222 C:\Windows\System32 compmgmt.msc 0x00000222 C:\Windows\SysWOW64 compmgmt.msc 0x00000222 C:\Windows\System32 control.exe 0x00000222 C:\Windows\SysWOW64 control.exe 0x00000222 C:\Windows\SysWOW64 csc.exe 0x00000222 C:\Windows\System32 csc.exe 0x00000222 C:\Windows\System32 cscript.exe 0x00000222 C:\Windows\SysWOW64 cscript.exe 0x00000222 C:\Windows\System32 devmgmt.msc 0x00000222 C:\Windows\SysWOW64 devmgmt.msc 0x00000222 C:\Windows\System32 findstr.exe 0x00000222 C:\Windows\SysWOW64 findstr.exe 0x00000222 C:\Windows\SysWOW64 ftp.exe 0x00000222 C:\Windows\System32 ftp.exe 0x00000222 C:\Windows\System32 mmc.exe 0x00000222 C:\Windows\SysWOW64 mmc.exe 0x00000222 C:\Windows\SysWOW64 msbuild.exe 0x00000222 C:\Windows\System32 msbuild.exe 0x00000222 C:\Windows\System32 reg.exe 0x00000222 C:\Windows\SysWOW64 reg.exe 0x00000222 C:\Windows\SysWOW64 regarm.exe 0x00000222 C:\Windows\System32 regarm.exe 0x00000222 %WindowsFolder% regedit.exe 0x00000222 C:\Windows\SysWOW64 regedit.exe 0x00000222 C:\Windows\SysWOW64 regsvcs.exe 0x00000222 C:\Windows\System32 regsvcs.exe 0x00000222 C:\Windows\SysWOW64 regsvr32.exe 0x00000222 C:\Windows\System32 regsvr32.exe 0x00000222 C:\Windows\System32 ServerManager.exe 0x00000222 C:\Windows\SysWOW64 ServerManager.exe 0x00000222 C:\Windows\System32 ServerManagerLauncher.exe 0x00000222 C:\Windows\SysWOW64 ServerManagerLauncher.exe 0x00000222 C:\Windows\System32 services.msc 0x00000222 C:\Windows\SysWOW64 services.msc 0x00000222 C:\Windows\System32 tasklist.exe 0x00000222 C:\Windows\SysWOW64 tasklist.exe 0x00000222 C:\Windows\System32 Taskmgr.exe 0x00000222 C:\Windows\SysWOW64 Taskmgr.exe 0x00000222 C:\Windows\SysWOW64 vbscript.exe 0x00000222 C:\Windows\System32 vbscript.exe 0x00000222 C:\Windows\System32 winrs.exe 0x00000222 C:\Windows\SysWOW64 winrs.exe 0x00000222 C:\Windows\System32\wbem WMIC.exe 0x00000222 C:\Windows\SysWOW64\wbem WMIC.exe 0x00000222 C:\Windows\SysWOW64 wmic.exe 0x00000222 C:\Windows\System32 wmic.exe 0x00000222 C:\Windows\System32 wscript.exe 0x00000222 C:\Windows\SysWOW64 wscript.exe 0x00000222 %ProgramFilesFolder64%\FSLogix 0x00000221 C:\Windows\System32 adplus.exe 0x00000222 C:\Windows\System32 Advpack.dll 0x00000222 C:\Windows\System32 AgentExecutor.exe 0x00000222 C:\Windows\System32 AppInstaller.exe 0x00000222 C:\Windows\System32 Appvlp.exe 0x00000222 C:\Windows\System32 At.exe 0x00000222 C:\Windows\System32 Atbroker.exe 0x00000222 C:\Windows\System32 Bash.exe 0x00000222 C:\Windows\System32 Bginfo.exe 0x00000222 C:\Windows\System32 Bitsadmin.exe 0x00000222 C:\Windows\System32 Cdb.exe 0x00000222 C:\Windows\System32 CertReq.exe 0x00000222 C:\Windows\System32 Certutil.exe 0x00000222 C:\Windows\System32 CL_Invocation.ps1 0x00000222 C:\Windows\System32 CL_Mutexverifiers.ps1 0x00000222 C:\Windows\System32 Cmd.exe 0x00000222 C:\Windows\System32 Cmdkey.exe 0x00000222 C:\Windows\System32 Cmstp.exe 0x00000222 C:\Windows\System32 Comsvcs.dll 0x00000222 C:\Windows\System32 ConfigSecurityPolicy.exe 0x00000222 C:\Windows\System32 coregen.exe 0x00000222 C:\Windows\System32 csi.exe 0x00000222 C:\Windows\System32 DataSvcUtil.exe 0x00000222 C:\Windows\System32 DefaultPack.EXE 0x00000222 C:\Windows\System32 Desktopimgdownldr.exe 0x00000222 C:\Windows\System32 Devtoolslauncher.exe 0x00000222 C:\Windows\System32 Dfsvc.exe 0x00000222 C:\Windows\System32 Diantz.exe 0x00000222 C:\Windows\System32 Diskshadow.exe 0x00000222 C:\Windows\System32 Dnscmd.exe 0x00000222 C:\Windows\System32 dnx.exe 0x00000222 C:\Windows\System32 Dotnet.exe 0x00000222 C:\Windows\System32 Dxcap.exe 0x00000222 C:\Windows\System32 Esentutl.exe 0x00000222 C:\Windows\System32 Eventvwr.exe 0x00000222 C:\Windows\System32 Expand.exe 0x00000222 C:\Windows\System32 Extexport.exe 0x00000222 C:\Windows\System32 Extrac32.exe 0x00000222 C:\Windows\System32 Forfiles.exe 0x00000222 C:\Windows\System32 GfxDownloadWrapper.exe 0x00000222 C:\Windows\System32 hh.exe 0x00000222 C:\Windows\System32 Ie4uinit.exe 0x00000222 C:\Windows\System32 Ieadvpack.dll 0x00000222 C:\Windows\System32 Ieaframe.dll 0x00000222 C:\Windows\System32 Ieexec.exe 0x00000222 C:\Windows\System32 Ilasm.exe 0x00000222 C:\Windows\System32 Infdefaultinstall.exe 0x00000222 C:\Windows\System32 Installutil.exe 0x00000222 C:\Windows\System32 Jsc.exe 0x00000222 C:\Windows\System32 Makecab.exe 0x00000222 C:\Windows\System32 Manage-bde.wsf 0x00000222 C:\Windows\System32 Mavinject.exe 0x00000222 C:\Windows\System32 Mftrace.exe 0x00000222 C:\Windows\System32 Microsoft.Workflow.Compiler.exe 0x00000222 C:\Windows\System32 MpCmdRun.exe 0x00000222 C:\Windows\System32 Msconfig.exe 0x00000222 C:\Windows\System32 Msdeploy.exe 0x00000222 C:\Windows\System32 Msdt.exe 0x00000222 C:\Windows\System32 Mshta.exe 0x00000222 C:\Windows\System32 Mshtml.dll 0x00000222 C:\Windows\System32 msxsl.exe 0x00000222 C:\Windows\System32 Netsh.exe 0x00000222 C:\Windows\System32 ntdsutil.exe 0x00000222 C:\Windows\System32 Odbcconf.exe 0x00000222 C:\Windows\System32 Pcalua.exe 0x00000222 C:\Windows\System32 Pcwrun.exe 0x00000222 C:\Windows\System32 Pcwutl.dll 0x00000222 C:\Windows\System32 Pester.bat 0x00000222 C:\Windows\System32 Pktmon.exe 0x00000222 C:\Windows\System32 Pnputil.exe 0x00000222 C:\Windows\System32 Powerpnt.exe 0x00000222 C:\Windows\System32 Presentationhost.exe 0x00000222 C:\Windows\System32 Psr.exe 0x00000222 C:\Windows\System32 Pubprn.vbs 0x00000222 C:\Windows\System32 Rasautou.exe 0x00000222 C:\Windows\System32 rcsi.exe 0x00000222 C:\Windows\System32 Regasm.exe 0x00000222 C:\Windows\System32 Regedit.exe 0x00000222 C:\Windows\System32 Regini.exe 0x00000222 C:\Windows\System32 Register-cimprovider.exe 0x00000222 C:\Windows\System32 Remote.exe 0x00000222 C:\Windows\System32 Replace.exe 0x00000222 C:\Windows\System32 Rpcping.exe 0x00000222 C:\Windows\System32 Runonce.exe 0x00000222 C:\Windows\System32 Runscripthelper.exe 0x00000222 C:\Windows\System32 Sc.exe 0x00000222 C:\Windows\System32 Schtasks.exe 0x00000222 C:\Windows\System32 Scriptrunner.exe 0x00000222 C:\Windows\System32 Setupapi.dll 0x00000222 C:\Windows\System32 Shdocvw.dll 0x00000222 C:\Windows\System32 Slmgr.vbs 0x00000222 C:\Windows\System32 Sqldumper.exe 0x00000222 C:\Windows\System32 Sqlps.exe 0x00000222 C:\Windows\System32 SQLToolsPS.exe 0x00000222 C:\Windows\System32 Squirrel.exe 0x00000222 C:\Windows\System32 SyncAppvPublishingServer.exe 0x00000222 C:\Windows\System32 Syncappvpublishingserver.vbs 0x00000222 C:\Windows\System32 Syssetup.dll 0x00000222 C:\Windows\System32 te.exe 0x00000222 C:\Windows\System32 Tracker.exe 0x00000222 C:\Windows\System32 Ttdinject.exe 0x00000222 C:\Windows\System32 Tttracer.exe 0x00000222 C:\Windows\System32 Update.exe 0x00000222 C:\Windows\System32 Url.dll 0x00000222 C:\Windows\System32 vbc.exe 0x00000222 C:\Windows\System32 Verclsid.exe 0x00000222 C:\Windows\System32 vsjitdebugger.exe 0x00000222 C:\Windows\System32 Wab.exe 0x00000222 C:\Windows\System32 winrm.vbs 0x00000222 C:\Windows\System32 Wsl.exe 0x00000222 C:\Windows\System32 Wsreset.exe 0x00000222 C:\Windows\System32 wuauclt.exe 0x00000222 C:\Windows\System32 Xwizard.exe 0x00000222 C:\Windows\SysWOW64 adplus.exe 0x00000222 C:\Windows\SysWOW64 Advpack.dll 0x00000222 C:\Windows\SysWOW64 AgentExecutor.exe 0x00000222 C:\Windows\SysWOW64 AppInstaller.exe 0x00000222 C:\Windows\SysWOW64 Appvlp.exe 0x00000222 C:\Windows\SysWOW64 At.exe 0x00000222 C:\Windows\SysWOW64 Atbroker.exe 0x00000222 C:\Windows\SysWOW64 Bash.exe 0x00000222 C:\Windows\SysWOW64 Bginfo.exe 0x00000222 C:\Windows\SysWOW64 Bitsadmin.exe 0x00000222 C:\Windows\SysWOW64 Cdb.exe 0x00000222 C:\Windows\SysWOW64 CertReq.exe 0x00000222 C:\Windows\SysWOW64 Certutil.exe 0x00000222 C:\Windows\SysWOW64 CL_Invocation.ps1 0x00000222 C:\Windows\SysWOW64 CL_Mutexverifiers.ps1 0x00000222 C:\Windows\SysWOW64 Cmd.exe 0x00000222 C:\Windows\SysWOW64 Cmdkey.exe 0x00000222 C:\Windows\SysWOW64 Cmstp.exe 0x00000222 C:\Windows\SysWOW64 Comsvcs.dll 0x00000222 C:\Windows\SysWOW64 ConfigSecurityPolicy.exe 0x00000222 C:\Windows\SysWOW64 coregen.exe 0x00000222 C:\Windows\SysWOW64 csi.exe 0x00000222 C:\Windows\SysWOW64 DataSvcUtil.exe 0x00000222 C:\Windows\SysWOW64 DefaultPack.EXE 0x00000222 C:\Windows\SysWOW64 Desktopimgdownldr.exe 0x00000222 C:\Windows\SysWOW64 Devtoolslauncher.exe 0x00000222 C:\Windows\SysWOW64 Dfsvc.exe 0x00000222 C:\Windows\SysWOW64 Diantz.exe 0x00000222 C:\Windows\SysWOW64 Diskshadow.exe 0x00000222 C:\Windows\SysWOW64 Dnscmd.exe 0x00000222 C:\Windows\SysWOW64 dnx.exe 0x00000222 C:\Windows\SysWOW64 Dotnet.exe 0x00000222 C:\Windows\SysWOW64 Dxcap.exe 0x00000222 C:\Windows\SysWOW64 Esentutl.exe 0x00000222 C:\Windows\SysWOW64 Eventvwr.exe 0x00000222 C:\Windows\SysWOW64 Expand.exe 0x00000222 C:\Windows\SysWOW64 Extexport.exe 0x00000222 C:\Windows\SysWOW64 Extrac32.exe 0x00000222 C:\Windows\SysWOW64 Forfiles.exe 0x00000222 C:\Windows\SysWOW64 GfxDownloadWrapper.exe 0x00000222 C:\Windows\SysWOW64 hh.exe 0x00000222 C:\Windows\SysWOW64 Ie4uinit.exe 0x00000222 C:\Windows\SysWOW64 Ieadvpack.dll 0x00000222 C:\Windows\SysWOW64 Ieaframe.dll 0x00000222 C:\Windows\SysWOW64 Ieexec.exe 0x00000222 C:\Windows\SysWOW64 Ilasm.exe 0x00000222 C:\Windows\SysWOW64 Infdefaultinstall.exe 0x00000222 C:\Windows\SysWOW64 Installutil.exe 0x00000222 C:\Windows\SysWOW64 Jsc.exe 0x00000222 C:\Windows\SysWOW64 Makecab.exe 0x00000222 C:\Windows\SysWOW64 Manage-bde.wsf 0x00000222 C:\Windows\SysWOW64 Mavinject.exe 0x00000222 C:\Windows\SysWOW64 Mftrace.exe 0x00000222 C:\Windows\SysWOW64 Microsoft.Workflow.Compiler.exe 0x00000222 C:\Windows\SysWOW64 MpCmdRun.exe 0x00000222 C:\Windows\SysWOW64 Msconfig.exe 0x00000222 C:\Windows\SysWOW64 Msdeploy.exe 0x00000222 C:\Windows\SysWOW64 Msdt.exe 0x00000222 C:\Windows\SysWOW64 Mshta.exe 0x00000222 C:\Windows\SysWOW64 Mshtml.dll 0x00000222 C:\Windows\SysWOW64 msxsl.exe 0x00000222 C:\Windows\SysWOW64 Netsh.exe 0x00000222 C:\Windows\SysWOW64 ntdsutil.exe 0x00000222 C:\Windows\SysWOW64 Odbcconf.exe 0x00000222 C:\Windows\SysWOW64 Pcalua.exe 0x00000222 C:\Windows\SysWOW64 Pcwrun.exe 0x00000222 C:\Windows\SysWOW64 Pcwutl.dll 0x00000222 C:\Windows\SysWOW64 Pester.bat 0x00000222 C:\Windows\SysWOW64 Pktmon.exe 0x00000222 C:\Windows\SysWOW64 Pnputil.exe 0x00000222 C:\Windows\SysWOW64 Powerpnt.exe 0x00000222 C:\Windows\SysWOW64 Presentationhost.exe 0x00000222 C:\Windows\SysWOW64 Psr.exe 0x00000222 C:\Windows\SysWOW64 Pubprn.vbs 0x00000222 C:\Windows\SysWOW64 Rasautou.exe 0x00000222 C:\Windows\SysWOW64 rcsi.exe 0x00000222 C:\Windows\SysWOW64 Regasm.exe 0x00000222 C:\Windows\SysWOW64 Regini.exe 0x00000222 C:\Windows\SysWOW64 Register-cimprovider.exe 0x00000222 C:\Windows\SysWOW64 Remote.exe 0x00000222 C:\Windows\SysWOW64 Replace.exe 0x00000222 C:\Windows\SysWOW64 Rpcping.exe 0x00000222 C:\Windows\SysWOW64 Runonce.exe 0x00000222 C:\Windows\SysWOW64 Runscripthelper.exe 0x00000222 C:\Windows\SysWOW64 Sc.exe 0x00000222 C:\Windows\SysWOW64 Schtasks.exe 0x00000222 C:\Windows\SysWOW64 Scriptrunner.exe 0x00000222 C:\Windows\SysWOW64 Setupapi.dll 0x00000222 C:\Windows\SysWOW64 Shdocvw.dll 0x00000222 C:\Windows\SysWOW64 Slmgr.vbs 0x00000222 C:\Windows\SysWOW64 Sqldumper.exe 0x00000222 C:\Windows\SysWOW64 Sqlps.exe 0x00000222 C:\Windows\SysWOW64 SQLToolsPS.exe 0x00000222 C:\Windows\SysWOW64 Squirrel.exe 0x00000222 C:\Windows\SysWOW64 SyncAppvPublishingServer.exe 0x00000222 C:\Windows\SysWOW64 Syncappvpublishingserver.vbs 0x00000222 C:\Windows\SysWOW64 Syssetup.dll 0x00000222 C:\Windows\SysWOW64 te.exe 0x00000222 C:\Windows\SysWOW64 Tracker.exe 0x00000222 C:\Windows\SysWOW64 Ttdinject.exe 0x00000222 C:\Windows\SysWOW64 Tttracer.exe 0x00000222 C:\Windows\SysWOW64 Update.exe 0x00000222 C:\Windows\SysWOW64 Url.dll 0x00000222 C:\Windows\SysWOW64 vbc.exe 0x00000222 C:\Windows\SysWOW64 Verclsid.exe 0x00000222 C:\Windows\SysWOW64 vsjitdebugger.exe 0x00000222 C:\Windows\SysWOW64 Wab.exe 0x00000222 C:\Windows\SysWOW64 winrm.vbs 0x00000222 C:\Windows\SysWOW64 Wsl.exe 0x00000222 C:\Windows\SysWOW64 Wsreset.exe 0x00000222 C:\Windows\SysWOW64 wuauclt.exe 0x00000222 C:\Windows\SysWOW64 Xwizard.exe 0x00000222 C:\Windows\SysWOW64 msinfo32.exe 0x00000222 C:\Windows\system32 msinfo32.exe 0x00000222 C:\Windows\system32 quser.exe 0x00000222 C:\Windows\system32 ipconfig.exe 0x00000222 C:\Windows\system32 arp.exe 0x00000222 C:\Windows\system32 net.exe 0x00000222 C:\Windows\system32 net1.exe 0x00000222 C:\Windows\system32 nltest.exe 0x00000222 C:\Windows\system32 qprocess.exe 0x00000222 C:\Windows\system32 klist.exe 0x00000222 C:\Windows\system32 robocopy.exe 0x00000222 C:\Windows\SysWOW64 quser.exe 0x00000222 C:\Windows\SysWOW64 ipconfig.exe 0x00000222 C:\Windows\SysWOW64 arp.exe 0x00000222 C:\Windows\SysWOW64 net.exe 0x00000222 C:\Windows\SysWOW64 net1.exe 0x00000222 C:\Windows\SysWOW64 nltest.exe 0x00000222 C:\Windows\SysWOW64 qprocess.exe 0x00000222 C:\Windows\SysWOW64 klist.exe 0x00000222 C:\Windows\SysWOW64 robocopy.exe 0x00000222 C:\Windows\SysWOW64 vssadmin.exe 0x00000222 C:\Windows\System32 vssadmin.exe 0x00000222 C:\Windows\System32 ping.exe 0x00000222 C:\Windows\SysWOW64 ping.exe 0x00000222 C:\Windows\System32 nslookup.exe 0x00000222 C:\Windows\SysWOW64 nslookup.exe 0x00000222 %SystemFolder64% msiexec.exe 0x00000222 Click to expand... The rules that are set are generally very restrictive; however, they do not apply to an AD group that contains admin AD accounts (removed / whitened out in the screenshot here) as well as the local administrator/system. In principle, FSLogix could also be temporarily uninstalled.
Sunfish Windows Update Trainee Joined Aug 11, 2023 Posts 372 Apr 25, 2024 #27 If possible, please remove FSLogix, reboot, then run the System File Checker again with the following command in an elevated prompt. Code: SFC /Scannow Please attach a screen shot of the output and a new copy of the CBS logs in your reply.
If possible, please remove FSLogix, reboot, then run the System File Checker again with the following command in an elevated prompt. Code: SFC /Scannow Please attach a screen shot of the output and a new copy of the CBS logs in your reply.
F frankwhite Active member Joined Aug 21, 2020 Posts 27 Apr 26, 2024 #28 CBS.7z I think, Updates should now be possible.
Sunfish Windows Update Trainee Joined Aug 11, 2023 Posts 372 Apr 28, 2024 #29 Unfortunately, still seeing access denied in the logs. Please do the steps below with FSLogix and Crowdstrike removed while logged in as the Local Administrator. Code: 2024-04-26 10:54:48, Info CSI 0000741d Error STATUS_ACCESS_DENIED while executing operation CreateDirectory on [l:74]'\??\C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs' Please repeat a process monitor capture. Capture Process Monitor Trace 1. Download and run Process Monitor. Leave this running while you perform the next steps. 2. Then run the System File Checker again with the following command in an elevated prompt Code: Code: SFC /Scannow 3. Stop Process Monitor when everything is logged (there could be a delay). You can simply do this by clicking the square (CTRL +E) on the toolbar as shown below. 4. Select the File menu...Save... and save the file to your desktop. This is likely the default location. The name (unless changed) will be LogFile.PML. This is fine. 5. Zip up the LogFile.PML and upload it to WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free and provide the link. 6. Attach also a new copy of the CBS logs for the time stamps.
Unfortunately, still seeing access denied in the logs. Please do the steps below with FSLogix and Crowdstrike removed while logged in as the Local Administrator. Code: 2024-04-26 10:54:48, Info CSI 0000741d Error STATUS_ACCESS_DENIED while executing operation CreateDirectory on [l:74]'\??\C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs' Please repeat a process monitor capture. Capture Process Monitor Trace 1. Download and run Process Monitor. Leave this running while you perform the next steps. 2. Then run the System File Checker again with the following command in an elevated prompt Code: Code: SFC /Scannow 3. Stop Process Monitor when everything is logged (there could be a delay). You can simply do this by clicking the square (CTRL +E) on the toolbar as shown below. 4. Select the File menu...Save... and save the file to your desktop. This is likely the default location. The name (unless changed) will be LogFile.PML. This is fine. 5. Zip up the LogFile.PML and upload it to WeTransfer - Send Large Files & Share Photos Online - Up to 2GB Free and provide the link. 6. Attach also a new copy of the CBS logs for the time stamps.