-- Windows Update will be abbreviated as "WU" in text from myself.
On my home forum Sysnative, a user (wavly) was being assisted with a WU issue, which was going well, aside from the fact that wavly's WU kept getting disabled randomly. It was figured out eventually after using auditpol.exe and registry security auditing (shown below later) that the program that was responsible for disabling WU was Disable_Windowsupdate.exe, which is part of Samsung's SW Update software.
SW Update is your typical OEM updating software that will update your Samsung drivers, the bloatware that came on your Samsung machine, etc. The only difference between other OEM updating software is, Samsung's disables WU.
SW Update will install on:
Windows XP (all Service Packs) - Update service will not be installed whatsoever.
Windows Vista (x86/x64)
Windows 7/SP1 (x86/x64)
Windows 8/8.1 (x86/x64)
Do note that it does check for a Samsung environment, and if one is not detected, the program will in general run really buggy. A lot of its features won't drop or work as intended either, which is why a lot of manual work needs to be done to investigate this program.
What devices does SW Update run on?
Samsung notes:
SW Update allows you to download and install the newest drivers, updates, and software for your Windows PC.So most likely only desktop and laptop type devices that run the Windows OS.
Uninstalling/Removing Samsung’s SW Update
SW Update after install is listed in Windows' Add/Remove (or Uninstall a program) list, which can be uninstalled like any other software on your system. If you uninstall it from Windows' Add/Remove (or Uninstall a program) list, and restart, it doesn’t appear to uninstall properly. The SE Update Service is still active and running, as well as the existence of the \ProgramData\Samsung folder which would still inevitably contain "Disable_Windowsupdate.exe".
First of all, here are the values deleted in the registry after uninstalling it traditionally via Windows' Add/Remove (or Uninstall a program) list:
----------------------------------
Keys deleted: 70
----------------------------------
HKLM\SOFTWARE\Classes\Installer\Features\50BFEFAA89FCCF8489E50FC48DDA26D0
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\SourceList
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\SourceList\Media
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\SourceList\Net
HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\BF3805105D8948C4D93B598B404C92A9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BF3805105D8948C4D93B598B404C92A9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0DD89588326AD3A767F0B2A853508190
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C148F05444C59C77C4B10C19D3805B5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2743799D0992E54F95CE98B046C0DA50
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C09A9696E85054D8222B9DAA596EBA4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31F46FC5C6F4F079EF3DEAE6D77B7E4F
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32AC4FEE0B51D4A7DCA9ECD175DBCE8D
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\36913821D896F26CFE524D2CF45B2DF4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FED0CFA92E373B048A76A4FFDABC0E2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\410D1514271ED729AD17780B0D83EAAB
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42BF0468E6878271870DEBE00F60B05B
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F2B122F92667F0112AFA56C55D97168
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50BFEFAA89FCCF8489E50FC48DDA26D0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\526BE6E44F4A0282DBDCCDB61B1D1F96
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61FCDEBF3F3C6B95E852D42DC56F0E45
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\634E3E665F511732D8C92DBDDE8524FA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6CB7AB329D61775F169850541C8A9C55
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71C5E0C1F6032E24AEDA5C8E68C1C2A5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\756B7856F2B295E3C96A1214374E4CCD
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\771D7B7C706B32A6195498CFD6ADE138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D72F918B6B01D1951D931186D7E3890
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84816104EC2D9D8929C5DCE8735B5A7C
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A4E452809EB1F2C52C8226330BC77F8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CA02F3346C5F988C344BE11F5FD7D9B
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\906A1E5B849F9CA0B708F0FE08FCC0C4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90FE26F6853D6630E4D17DCB786DB17A
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\91E782D5297C7ECAFEE09F76AEE28627
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9807757FFDC9B3E27F6CD95D07A7F563
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C4AFD599F4EEFC4D6AA58EE84E27122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A68479FEBB0792F6A0FD61BCCC2305EA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A842CC8514B9D4777E9F82572D0E872B
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADC5656549BBCE2BD80117792F962635
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4F1E211FE7E322068AE3ADB6B8EF7AA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC765FA58D4784B1A878EFF7DBD6E6D0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BED2580B254ED7EB6B3BB24D34534966
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0394BDFC9BE9490AA3F2B275440414F
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C480E15D829D33098A55CED0B4941434
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3B5E6B7C2720835EB5ECE382616829C
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8646DBB411E4CB0E77FCC277960506C
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EB4EE2B4ECFD5E54B523FA6F3666AE83
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EBA83678BFE00D04DC16E6530439B18B
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC88E3C8004B2AA3E868C7D6EC5C0CB8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB670FA3F31536970E6D6EB1A8441BC
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F21F437625B9B6961D5447B76E0DBC90
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F341467E23AA326A42CDA9550F55BDA3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F469E8DB546B506C0DF80D00EB9848DF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA9DBD5FAFCD8DC5B0F7685C6CC264A2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FEB91838645AC2E197CB380F397FC585
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\Features
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\Patches
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\Usage
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}
HKLM\SOFTWARE\Samsung\CurrentPath
HKLM\SOFTWARE\Samsung\SW Update
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\a
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\a\52C64B7E
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\a
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\a\52C64B7E
----------------------------------
Keys added: 17
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-18
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-18\Extension-List
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-18\Extension-List\{c6dc5466-785a-11d2-84d0-00c04fb169f7}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\b
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\b\52C64B7E
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\b
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\b\52C64B7E
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Group Policy
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt
----------------------------------
Values deleted: 168
----------------------------------
HKLM\SOFTWARE\Classes\Installer\Features\50BFEFAA89FCCF8489E50FC48DDA26D0\DefaultFeature: ""
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\ProductName: "SW Update"
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\PackageCode: "81C476D25742E804D99737468975AE98"
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\Language: 0x00000409
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\Version: 0x02020009
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\Assignment: 0x00000001
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\AdvertiseFlags: 0x00000184
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\ProductIcon: "C:\Windows\Installer\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\_853F67D554F05449430E7E.exe"
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstanceType: 0x00000000
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\AuthorizedLUAApp: 0x00000000
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\DeploymentFlags: 0x00000003
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\Clients: 3A 00 00 00 00 00
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\SourceList\PackageName: "sManagerSetup.msi"
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\SourceList\LastUsedSource: "n;1;C:\ProgramData\Samsung\SWUpdate\Temp\"
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\SourceList\Media\1: ";"
HKLM\SOFTWARE\Classes\Installer\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\SourceList\Net\1: "C:\ProgramData\Samsung\SWUpdate\Temp\"
HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\BF3805105D8948C4D93B598B404C92A9\50BFEFAA89FCCF8489E50FC48DDA26D0: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Samsung\SW Update\Help\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Samsung\SW Update\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Samsung\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Windows\Installer\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BF3805105D8948C4D93B598B404C92A9\50BFEFAA89FCCF8489E50FC48DDA26D0: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0DD89588326AD3A767F0B2A853508190\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_CHS.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0EC6FA80EDB026321117A7F6B0F0D15A\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15953B5AA19E93425B9F5AC47EAD7E02\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\ProgramData\Samsung\SW Update Service\SWMFileDownloadUtil.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C148F05444C59C77C4B10C19D3805B5\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_DUT.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2743799D0992E54F95CE98B046C0DA50\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_SPA.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C09A9696E85054D8222B9DAA596EBA4\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_SLV.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31CB1A99E1A0C020C8CE9D4BDA0C7F44\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\ProgramData\Samsung\SW Update Service\sManager.lang"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31F46FC5C6F4F079EF3DEAE6D77B7E4F\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\SWM_ChangeShortcutToChinese.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32AC4FEE0B51D4A7DCA9ECD175DBCE8D\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_SCR.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\36913821D896F26CFE524D2CF45B2DF4\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\SetupLogCollector.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FED0CFA92E373B048A76A4FFDABC0E2\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_FRE.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\410D1514271ED729AD17780B0D83EAAB\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_THA.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42BF0468E6878271870DEBE00F60B05B\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\License.txt"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43AB0656281C054CDB58C4D029A75D37\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\ProgramData\Samsung\SW Update Service\SWUInterfaceLauncher.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F2B122F92667F0112AFA56C55D97168\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_POR.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50BFEFAA89FCCF8489E50FC48DDA26D0\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\526BE6E44F4A0282DBDCCDB61B1D1F96\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_CZE.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61FCDEBF3F3C6B95E852D42DC56F0E45\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_GRE.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\634E3E665F511732D8C92DBDDE8524FA\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_POL.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6CB7AB329D61775F169850541C8A9C55\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_TUR.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71C5E0C1F6032E24AEDA5C8E68C1C2A5\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\InstallationPathWriter.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\73F2F3C36403B2C3F5F9D6DDA27F4890\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\ProgramData\Samsung\SW Update Service\SWMLauncher.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\756B7856F2B295E3C96A1214374E4CCD\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_KOR.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\771D7B7C706B32A6195498CFD6ADE138\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_CHT-TW.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D72F918B6B01D1951D931186D7E3890\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_RUS.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84816104EC2D9D8929C5DCE8735B5A7C\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\sManager.lang"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A4E452809EB1F2C52C8226330BC77F8\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\sManager.ico"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CA02F3346C5F988C344BE11F5FD7D9B\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_ARA.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\906A1E5B849F9CA0B708F0FE08FCC0C4\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_DAN.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90FE26F6853D6630E4D17DCB786DB17A\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\sManager.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\91E782D5297C7ECAFEE09F76AEE28627\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_IND.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9807757FFDC9B3E27F6CD95D07A7F563\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_BUL.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C4AFD599F4EEFC4D6AA58EE84E27122\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_JPN.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C8677DC5EA1D4277F74A125F9EAF064\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\ProgramData\Samsung\SW Update Service\SWUpdateIF.dll"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A68479FEBB0792F6A0FD61BCCC2305EA\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_SWE.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A842CC8514B9D4777E9F82572D0E872B\50BFEFAA89FCCF8489E50FC48DDA26D0: "02:\SOFTWARE\Samsung\SW Update\AgentPath"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ADC5656549BBCE2BD80117792F962635\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_CHT-HK.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4F1E211FE7E322068AE3ADB6B8EF7AA\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_UKR.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC765FA58D4784B1A878EFF7DBD6E6D0\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_HEB.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BED2580B254ED7EB6B3BB24D34534966\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_GER.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0394BDFC9BE9490AA3F2B275440414F\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_NOR.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C480E15D829D33098A55CED0B4941434\50BFEFAA89FCCF8489E50FC48DDA26D0: "02:\SOFTWARE\Samsung\SW Update\InstallPath"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3B5E6B7C2720835EB5ECE382616829C\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_ENG.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDEA92148D60C395E41837D55A9991D4\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\ProgramData\Samsung\SW Update Service\License.txt"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8646DBB411E4CB0E77FCC277960506C\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\SWMSetupCustomAction.dll"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EB4EE2B4ECFD5E54B523FA6F3666AE83\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_FIN.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EBA83678BFE00D04DC16E6530439B18B\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_SCC.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC88E3C8004B2AA3E868C7D6EC5C0CB8\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_ITA.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB670FA3F31536970E6D6EB1A8441BC\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\ShortcutResource.dll"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F21F437625B9B6961D5447B76E0DBC90\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_SLO.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F341467E23AA326A42CDA9550F55BDA3\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_BRA.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F469E8DB546B506C0DF80D00EB9848DF\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_RUM.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA9DBD5FAFCD8DC5B0F7685C6CC264A2\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\Help\SW_Update_HUN.chm"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FEB91838645AC2E197CB380F397FC585\50BFEFAA89FCCF8489E50FC48DDA26D0: "C:\Program Files\Samsung\SW Update\SecSWMgrGuide.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\Features\DefaultFeature: "xcDgaF)%7f9t=4mF2E{HH9(Q.+5ptw^UZ3=]5^XClRc5A`E8u0Q4caJ][@'J`QsF7[,hD7sk22p('((&EBw1@WMUO=]80@xk,s@6HD-aQWWVrVpY7QQtLy'&U'!bOO80pB9f'JR.ZJ`i-+UYH'A-+hpQB?'$[N7M4zp(IsP7I.V]B`oaGtCa6)gy(k'5dh%vR]gO`b`AbQ_hCn5%SbzY6bX6Q{lB@VDxn1~qUwX77e&K5(o$(*?l%B(^G.?JOoKZ)f(^WwCJX3@38mgSfl`J$w$@uE!%BC_T&PmM,!,,}[EEMeK{yE9toDQ&5Zl[Pl?C3oStQ'Ga`g-+vI5SjH,V{iyUzXOi}%ABNrL{LyMwl%IQa~9J[&nyX^wRE%m2.z]sE1tkVXnPgXK6eUewJ)C)Ue}qp6~*'4K_CuvT~1ET({uOc!PsiyeG9rl_J~N~83B~)WW8YgaE&v~d)3Z$x1rPpETr2Qh2~sY1.?'HY_Kw`!+n`-c!S-2=p}lNc=,hO&yyrou}9[M@bJH2XR.Mh@`b1au(sBz-6ORGeC!Tk&.@7uL8Yb_h'Ci9^0,a_.uXy^@HQyX-rC+Rxd[%r2Zgi`mSkJP5IsZ9aPFR?Xuh=5fGSu=jE1}xEm_YX`-(LKIr+PjLJr,&k9QYgL$*zHBwa~S=05jZ88xe-Yto4uU(402iq6O$,Bd3R9pc)nsQaJ}Dwu*d4gxGvSPpTi(Ng%gds?EGsz+hI^od^SC*cuv6ZJQweEmh_hYm9=!H&oPzdU[=R_0Dd,!IZAvi[}IDcYF!vBanfKI}2?j}u&%aFO)4it1],J+s!2zhh(0Ryec^HpI@&8y-Cx8x?2zo]7bSSC%]o8Prb25{^
]2de^a0SNU`M*=Bog'16u3cu}2y8GwkbDtX}%FyG@k@5DjnvkkRN(f6qhhdJ9+S60R2I@5{sI*f^bO`e]0&H2zlKi$x*$!3vceI67e^VVt7E)+Ej+d7a.Qz&xB'O`$mua0.BO~-AY,XA0fnigwnST.Q@Od6[JT)pLw%!tKz_&nxN?]Htf@tObA'Q'qUDuW7ENR*c`M]CaFbq~-RmCXNEVv+GP'AAD]9"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\LocalPackage: "C:\Windows\Installer\5bfde.msi"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\AuthorizedCDFPrefix: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\Comments: "SW Update Setup"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\Contact: "Samsung Electronics CO., LTD."
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\DisplayVersion: "2.2.9"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\HelpLink: "http://www.samsung.com"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\HelpTelephone: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\InstallDate: "20150624"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\InstallLocation: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\InstallSource: "C:\ProgramData\Samsung\SWUpdate\Temp\"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\ModifyPath: "MsiExec.exe /I{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\Publisher: "Samsung Electronics CO., LTD."
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\Readme: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\Size: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\EstimatedSize: 0x00008172
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\UninstallString: "MsiExec.exe /I{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\URLInfoAbout: "http://www.samsung.com"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\URLUpdateInfo: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\VersionMajor: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\VersionMinor: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\WindowsInstaller: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\Version: 0x02020009
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\Language: 0x00000409
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\InstallProperties\DisplayName: "SW Update"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\50BFEFAA89FCCF8489E50FC48DDA26D0\Patches\AllPatches: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\AuthorizedCDFPrefix: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Comments: "SW Update Setup"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Contact: "Samsung Electronics CO., LTD."
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\DisplayVersion: "2.2.9"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\HelpLink: "http://www.samsung.com"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\HelpTelephone: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\InstallDate: "20150624"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\InstallLocation: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\InstallSource: "C:\ProgramData\Samsung\SWUpdate\Temp\"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\ModifyPath: "MsiExec.exe /I{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Publisher: "Samsung Electronics CO., LTD."
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Readme: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Size: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\EstimatedSize: 0x00008172
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\UninstallString: "MsiExec.exe /I{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\URLInfoAbout: "http://www.samsung.com"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\URLUpdateInfo: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\VersionMajor: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\VersionMinor: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\WindowsInstaller: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Version: 0x02020009
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Language: 0x00000409
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\DisplayName: "SW Update"
HKLM\SOFTWARE\Samsung\CurrentPath\20000: ""C:\Program Files\Samsung\SW Update\sManager.exe""
HKLM\SOFTWARE\Samsung\SW Update\AgentPath: "C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe"
HKLM\SOFTWARE\Samsung\SW Update\InstallPath: "C:\Program Files\Samsung\SW Update\sManager.exe"
HKLM\SOFTWARE\Samsung\SW Update\TrafficDecentralize: "Y"
HKLM\SOFTWARE\Samsung\SW Update\LastORCAServerUpdateDateTime: "2015-06-23T13:02:05"
HKLM\SOFTWARE\Samsung\SW Update\AgentSleepSec: "300"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\a\52C64B7E\LanguageList: 65 00 6E 00 2D 00 55 00 53 00 00 00 65 00 6E 00 00 00 00 00
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@C:\Windows\system32\notepad.exe,-469: "Text Document"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\LanguageList: 65 00 6E 00 2D 00 55 00 53 00 00 00 65 00 6E 00 00 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195: "Compressed (zipped) Folder"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@"%windir%\System32\ie4uinit.exe",-732: "Finds and displays information and Web sites on the Internet."
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@C:\Windows\system32\NetworkExplorer.dll,-1: "Network"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@C:\Windows\system32\prnfldr.dll,-8036: "Printers"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@zipfldr.dll,-10148: "Compressed (zipped) folder"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@sendmail.dll,-21: "Desktop (create shortcut)"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@C:\Windows\system32\FXSRESM.dll,-120: "Fax recipient"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@sendmail.dll,-4: "Mail recipient"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@C:\Windows\system32\notepad.exe,-469: "Text Document"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@%SystemRoot%\system32\qagentrt.dll,-10: "System Health Authentication"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103: "Domain Name System (DNS) Server Trust"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843: "BitLocker Drive Encryption"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844: "BitLocker Data Recovery Agent"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400: "Windows Update"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124: "Document Encryption"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\LanguageList: 65 00 6E 00 2D 00 55 00 53 00 00 00 65 00 6E 00 00 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195: "Compressed (zipped) Folder"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@"%windir%\System32\ie4uinit.exe",-732: "Finds and displays information and Web sites on the Internet."
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@C:\Windows\system32\NetworkExplorer.dll,-1: "Network"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@C:\Windows\system32\prnfldr.dll,-8036: "Printers"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@zipfldr.dll,-10148: "Compressed (zipped) folder"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@sendmail.dll,-21: "Desktop (create shortcut)"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@C:\Windows\system32\FXSRESM.dll,-120: "Fax recipient"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@sendmail.dll,-4: "Mail recipient"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@C:\Windows\system32\notepad.exe,-469: "Text Document"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@%SystemRoot%\system32\qagentrt.dll,-10: "System Health Authentication"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103: "Domain Name System (DNS) Server Trust"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843: "BitLocker Drive Encryption"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844: "BitLocker Data Recovery Agent"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400: "Windows Update"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\a\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124: "Document Encryption"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\a\52C64B7E\LanguageList: 65 00 6E 00 2D 00 55 00 53 00 00 00 65 00 6E 00 00 00 00 00
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\a\52C64B7E\@C:\Windows\system32\notepad.exe,-469: "Text Document"
----------------------------------
Values added: 66
----------------------------------
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\LanguageList: 65 00 6E 00 2D 00 55 00 53 00 00 00 65 00 6E 00 00 00 00 00
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Program Files\windows journal\journal.exe,-62005: "Tablet PC"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\FileManager\PhotosApp.exe,-1001: "Photos"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\FileManager\PhotosApp.exe,-1002: "Photos"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32\twinui.dll,-4513: "Desktop"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\twinui.dll,-4513: "Desktop"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%windir%\system32\speech\speechux\sapi.cpl,-5556: "Dictate text and control your computer by voice."
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\Speech\SpeechUX\sapi.cpl,-5555: "Windows Speech Recognition"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%ProgramFiles%\Windows Journal\Journal.exe,-3075: "Create notes in your own handwriting. You can leave your notes in ink and search your handwriting or convert your notes to typed text."
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Program Files\Windows Journal\Journal.exe,-3074: "Windows Journal"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%systemroot%\system32\XpsRchVw.exe,-103: "View, digitally sign, and set permissions for XPS documents"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\XpsRchVw.exe,-102: "XPS Viewer"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%windir%\system32\FXSRESM.dll,-115: "Send and receive faxes or scan pictures and documents."
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\FXSRESM.dll,-114: "Windows Fax and Scan"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32\SNTSearch.dll,-504: "Create short handwritten or text notes."
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\SNTSearch.dll,-505: "Sticky Notes"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\System32\psr.exe,-1702: "Capture steps with screenshots to save or share."
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\psr.exe,-1701: "Steps Recorder"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32\SoundRecorder.exe,-32790: "Record sound and save it on your computer."
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\SoundRecorder.exe,-100: "Sound Recorder"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}\Count\frg_1207558753_ra-hf: 00 00 00 00 01 00 00 00 00 00 00 00 11 27 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF E0 62 61 FA 99 AE D0 01 00 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{7B81BE6A-CE2B-4676-A29E-EB907A5126C5} {000214E6-0000-0000-C000-000000000046} 0xFFFF: 01 00 00 00 00 00 00 00 44 AD B8 FA 99 AE D0 01
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1: "Programs and Features"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\b\52C64B7E\LanguageList: 65 00 6E 00 2D 00 55 00 53 00 00 00 65 00 6E 00 00 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-165: "Uninstall"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-166: "Uninstall this program."
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-167: "Change"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-168: "Change the installation of this program."
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-169: "Repair"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-170: "Repair the installation of this program."
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-171: "Uninstall/Change"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-172: "Uninstall or change this program."
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\NetworkExplorer.dll,-1: "Network"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\prnfldr.dll,-8036: "Printers"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1: "Programs and Features"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\b\52C64B7E\LanguageList: 65 00 6E 00 2D 00 55 00 53 00 00 00 65 00 6E 00 00 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-165: "Uninstall"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-166: "Uninstall this program."
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-167: "Change"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-168: "Change the installation of this program."
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-169: "Repair"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-170: "Repair the installation of this program."
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-171: "Uninstall/Change"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\b\52C64B7E\@appwiz.cpl,-172: "Uninstall or change this program."
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\NetworkExplorer.dll,-1: "Network"
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\prnfldr.dll,-8036: "Printers"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\LanguageList: 65 00 6E 00 2D 00 55 00 53 00 00 00 65 00 6E 00 00 00 00 00
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Program Files\windows journal\journal.exe,-62005: "Tablet PC"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\FileManager\PhotosApp.exe,-1001: "Photos"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\FileManager\PhotosApp.exe,-1002: "Photos"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32\twinui.dll,-4513: "Desktop"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\twinui.dll,-4513: "Desktop"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%windir%\system32\speech\speechux\sapi.cpl,-5556: "Dictate text and control your computer by voice."
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\Speech\SpeechUX\sapi.cpl,-5555: "Windows Speech Recognition"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%ProgramFiles%\Windows Journal\Journal.exe,-3075: "Create notes in your own handwriting. You can leave your notes in ink and search your handwriting or convert your notes to typed text."
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Program Files\Windows Journal\Journal.exe,-3074: "Windows Journal"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%systemroot%\system32\XpsRchVw.exe,-103: "View, digitally sign, and set permissions for XPS documents"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\XpsRchVw.exe,-102: "XPS Viewer"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%windir%\system32\FXSRESM.dll,-115: "Send and receive faxes or scan pictures and documents."
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\FXSRESM.dll,-114: "Windows Fax and Scan"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32\SNTSearch.dll,-504: "Create short handwritten or text notes."
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\SNTSearch.dll,-505: "Sticky Notes"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\System32\psr.exe,-1702: "Capture steps with screenshots to save or share."
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\psr.exe,-1701: "Steps Recorder"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32\SoundRecorder.exe,-32790: "Record sound and save it on your computer."
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\b\52C64B7E\@C:\Windows\system32\SoundRecorder.exe,-100: "Sound Recorder"
----------------------------------
Values modified: 29
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceSetup\LastActiveTime: D9 3C B7 87 51 A1 D0 01
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\DeviceSetup\LastActiveTime: B9 42 EB F9 99 AE D0 01
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter: 0x00000005
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter: 0x00000006
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile\StartNesting: D4 A4 39 A7 99 AE D0 01
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Volatile\StartNesting: 2B B8 20 FE 99 AE D0 01
HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StreamLog\CurrentStreamLog: 0x00000007
HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StreamLog\CurrentStreamLog: 0x00000008
HKLM\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration: 0x0000000A
HKLM\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration: 0x0000000B
HKLM\SYSTEM\ControlSet001\Services\VSS\Diag\SPP\SppGetSnapshots (Enter): 40 00 00 00 00 00 00 00 A0 05 B3 C7 99 AE D0 01 18 07 00 00 08 07 00 00 D2 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\ControlSet001\Services\VSS\Diag\SPP\SppGetSnapshots (Enter): 40 00 00 00 00 00 00 00 2B B8 20 FE 99 AE D0 01 2C 0E 00 00 60 08 00 00 D2 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\ControlSet001\Services\VSS\Diag\SPP\SppGetSnapshots (Leave): 40 00 00 00 00 00 00 00 70 7B B3 C7 99 AE D0 01 18 07 00 00 08 07 00 00 D2 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\ControlSet001\Services\VSS\Diag\SPP\SppGetSnapshots (Leave): 40 00 00 00 00 00 00 00 35 71 21 FE 99 AE D0 01 2C 0E 00 00 60 08 00 00 D2 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\ControlSet001\Services\VSS\Diag\SPP\SppEnumGroups (Enter): 40 00 00 00 00 00 00 00 70 7B B3 C7 99 AE D0 01 18 07 00 00 08 07 00 00 D1 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\ControlSet001\Services\VSS\Diag\SPP\SppEnumGroups (Enter): 40 00 00 00 00 00 00 00 35 71 21 FE 99 AE D0 01 2C 0E 00 00 60 08 00 00 D1 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\ControlSet001\Services\VSS\Diag\SPP\SppEnumGroups (Leave): 40 00 00 00 00 00 00 00 70 7B B3 C7 99 AE D0 01 18 07 00 00 08 07 00 00 D1 07 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\ControlSet001\Services\VSS\Diag\SPP\SppEnumGroups (Leave): 40 00 00 00 00 00 00 00 97 19 29 FE 99 AE D0 01 2C 0E 00 00 60 08 00 00 D1 07 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore\SrCreateRp (Enter): 40 00 00 00 00 00 00 00 D4 A4 39 A7 99 AE D0 01 2C 0E 00 00 D8 05 00 00 D5 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore\SrCreateRp (Enter): 40 00 00 00 00 00 00 00 2B B8 20 FE 99 AE D0 01 2C 0E 00 00 60 08 00 00 D5 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore\SrCreateRp (Leave): 40 00 00 00 00 00 00 00 0A 5E 04 BC 99 AE D0 01 2C 0E 00 00 D8 05 00 00 D5 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore\SrCreateRp (Leave): 40 00 00 00 00 00 00 00 97 19 29 FE 99 AE D0 01 2C 0E 00 00 60 08 00 00 D5 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings\StringCacheGeneration: 0x0000000A
HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings\StringCacheGeneration: 0x0000000B
HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag\SPP\SppGetSnapshots (Enter): 40 00 00 00 00 00 00 00 A0 05 B3 C7 99 AE D0 01 18 07 00 00 08 07 00 00 D2 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag\SPP\SppGetSnapshots (Enter): 40 00 00 00 00 00 00 00 2B B8 20 FE 99 AE D0 01 2C 0E 00 00 60 08 00 00 D2 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag\SPP\SppGetSnapshots (Leave): 40 00 00 00 00 00 00 00 70 7B B3 C7 99 AE D0 01 18 07 00 00 08 07 00 00 D2 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag\SPP\SppGetSnapshots (Leave): 40 00 00 00 00 00 00 00 35 71 21 FE 99 AE D0 01 2C 0E 00 00 60 08 00 00 D2 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag\SPP\SppEnumGroups (Enter): 40 00 00 00 00 00 00 00 70 7B B3 C7 99 AE D0 01 18 07 00 00 08 07 00 00 D1 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag\SPP\SppEnumGroups (Enter): 40 00 00 00 00 00 00 00 35 71 21 FE 99 AE D0 01 2C 0E 00 00 60 08 00 00 D1 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag\SPP\SppEnumGroups (Leave): 40 00 00 00 00 00 00 00 70 7B B3 C7 99 AE D0 01 18 07 00 00 08 07 00 00 D1 07 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag\SPP\SppEnumGroups (Leave): 40 00 00 00 00 00 00 00 97 19 29 FE 99 AE D0 01 2C 0E 00 00 60 08 00 00 D1 07 00 00 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag\SystemRestore\SrCreateRp (Enter): 40 00 00 00 00 00 00 00 D4 A4 39 A7 99 AE D0 01 2C 0E 00 00 D8 05 00 00 D5 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag\SystemRestore\SrCreateRp (Enter): 40 00 00 00 00 00 00 00 2B B8 20 FE 99 AE D0 01 2C 0E 00 00 60 08 00 00 D5 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag\SystemRestore\SrCreateRp (Leave): 40 00 00 00 00 00 00 00 0A 5E 04 BC 99 AE D0 01 2C 0E 00 00 D8 05 00 00 D5 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag\SystemRestore\SrCreateRp (Leave): 40 00 00 00 00 00 00 00 97 19 29 FE 99 AE D0 01 2C 0E 00 00 60 08 00 00 D5 07 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{088E8DFB-2464-4C21-BAD2-F0AA6DB5D4BC}.check.0\CheckSetting: 23 00 41 00 43 00 42 00 6C 00 6F 00 62 00 00 00 00 00 00 00 01 00 00 00 80 00 00 00 00 00 00 00 FA 6B D6 70 0E 4D D0 01 00 00 00 00 7B 00 30 00 38 00 38 00 45 00 38 00 44 00 46 00 42 00 2D 00 32 00 34 00 36 00 34 00 2D 00 34 00 43 00 32 00 31 00 2D 00 42 00 41 00 44 00 32 00 2D 00 46 00 30 00 41 00 41 00 36 00 44 00 42 00 35 00 44 00 34 00 42 00 43 00 7D 00 2E 00 6E 00 6F 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 2E 00 31 00 00 00 62 00 6C 00 69 00 63 00 00 00 16
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{088E8DFB-2464-4C21-BAD2-F0AA6DB5D4BC}.check.0\CheckSetting: 23 00 41 00 43 00 42 00 6C 00 6F 00 62 00 00 00 00 00 00 00 01 00 00 00 80 00 00 00 F8 73 C3 17 FA 6B D6 70 0E 4D D0 01 00 00 00 00 7B 00 30 00 38 00 38 00 45 00 38 00 44 00 46 00 42 00 2D 00 32 00 34 00 36 00 34 00 2D 00 34 00 43 00 32 00 31 00 2D 00 42 00 41 00 44 00 32 00 2D 00 46 00 30 00 41 00 41 00 36 00 44 00 42 00 35 00 44 00 34 00 42 00 43 00 7D 00 2E 00 6E 00 6F 00 74 00 69 00 66 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 2E 00 31 00 00 00 72 00 74 00 75 00 70 00 00 00 73
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}\Count\HRZR_PGYFRFFVBA: 00 00 00 00 07 00 00 00 00 00 00 00 77 11 01 00 07 00 00 00 00 00 00 00 77 11 01 00 73 00 65 00 74 00 5F 00 33 00 38 00 30 00 36 00 33 00 35 00 32 00 35 00 38 00 30 00 5F 00 65 00 6E 00 2D 00 75 00 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 77 11 01 00 73 00 65 00 74 00 5F 00 33 00 38 00 30 00 36 00 33 00 35 00 32 00 35 00 38 00 30 00 5F 00 65 00 6E 00 2D 00 75 00 73 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 77 11 01 00 73 00 65 00 74 00 5F 00 33 00 38 00 30 00 36 00 33 00 35 00 32 00 35 00 38 00 30 00 5F 00 65 00 6E 00 2D 00 75 00 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{BCB48336-4DDD-48FF-BB0B-D3190DACB3E2}\Count\HRZR_PGYFRFFVBA: 00 00 00 00 08 00 00 00 00 00 00 00 88 38 01 00 07 00 00 00 00 00 00 00 77 11 01 00 73 00 65 00 74 00 5F 00 33 00 38 00 30 00 36 00 33 00 35 00 32 00 35 00 38 00 30 00 5F 00 65 00 6E 00 2D 00 75 00 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 77 11 01 00 73 00 65 00 74 00 5F 00 33 00 38 00 30 00 36 00 33 00 35 00 32 00 35 00 38 00 30 00 5F 00 65 00 6E 00 2D 00 75 00 73 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 77 11 01 00 73 00 65 00 74 00 5F 00 33 00 38 00 30 00 36 00 33 00 35 00 32 00 35 00 38 00 30 00 5F 00 65 00 6E 00 2D 00 75 00 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYFRFFVBA: 00 00 00 00 28 00 00 00 96 00 00 00 E6 FC 70 00 07 00 00 00 06 00 00 00 89 0A 01 00 7B 00 44 00 36 00 35 00 32 00 33 00 31 00 42 00 30 00 2D 00 42 00 32 00 46 00 31 00 2D 00 34 00 38 00 35 00 37 00 2D 00 41 00 34 00 43 00 45 00 2D 00 41 00 38 00 45 00 37 00 43 00 36 00 45 00 41 00 37 00 44 00 32 00 37 00 7D 00 5C 00 77 00 75 00 73 00 61 00 2E 00 65 00 78 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 27 00 00 00 A6 59 0F 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 2E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 2E 00 45 00 78 00 70 00 6C 00 6F 00 72 00 6
5 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 1D 00 00 00 7C 8E 0E 00 33 00 30 00 38 00 30 00 34 00 36 00 42 00 30 00 41 00 46 00 34 00 41 00 33 00 39 00 43 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYFRFFVBA: 00 00 00 00 28 00 00 00 99 00 00 00 C7 D7 71 00 07 00 00 00 06 00 00 00 89 0A 01 00 7B 00 44 00 36 00 35 00 32 00 33 00 31 00 42 00 30 00 2D 00 42 00 32 00 46 00 31 00 2D 00 34 00 38 00 35 00 37 00 2D 00 41 00 34 00 43 00 45 00 2D 00 41 00 38 00 45 00 37 00 43 00 36 00 45 00 41 00 37 00 44 00 32 00 37 00 7D 00 5C 00 77 00 75 00 73 00 61 00 2E 00 65 00 78 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 27 00 00 00 A6 59 0F 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 2E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 2E 00 45 00 78 00 70 00 6C 00 6F 00 72 00 6
5 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 1D 00 00 00 7C 8E 0E 00 33 00 30 00 38 00 30 00 34 00 36 00 42 00 30 00 41 00 46 00 34 00 41 00 33 00 39 00 43 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.PbagebyCnary: 00 00 00 00 00 00 00 00 0C 00 00 00 4A 29 1F 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.PbagebyCnary: 00 00 00 00 00 00 00 00 0D 00 00 00 A9 43 1F 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.JvaqbjfVafgnyyre: 00 00 00 00 00 00 00 00 00 00 00 00 68 06 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.JvaqbjfVafgnyyre: 00 00 00 00 00 00 00 00 01 00 00 00 25 19 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\Fhcresvfu\Qbjaybnqf\Ertfubg-k86-Havpbqr.rkr: 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 40 6D B7 E4 99 AE D0 01 00 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\Fhcresvfu\Qbjaybnqf\Ertfubg-k86-Havpbqr.rkr: 00 00 00 00 01 00 00 00 02 00 00 00 C5 AD 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 40 6D B7 E4 99 AE D0 01 00 00 00 00
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\StateStore\ItemsStateStoreLastWrite: 52 52 13 C6 99 AE D0 01
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\StateStore\ItemsStateStoreLastWrite: 0D 00 E1 01 9A AE D0 01
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx: 01 00 00 00 04 00 00 00 03 00 00 00 00 00 00 00 02 00 00 00 FF FF FF FF
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx: 04 00 00 00 03 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 FF FF FF FF
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx: 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-139515994-2175770748-2564365663-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx: 02 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx: 01 00 00 00 04 00 00 00 03 00 00 00 00 00 00 00 02 00 00 00 FF FF FF FF
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx: 04 00 00 00 03 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 FF FF FF FF
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx: 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
HKU\S-1-5-21-139515994-2175770748-2564365663-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx: 02 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
----------------------------------
Total changes: 350
----------------------------------
As you can see, for example, it’s supposed to delete the value associated with the service:
HKLM\SOFTWARE\Samsung\SW Update\AgentPath: "C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe"
However, if we navigate quickly in regedit to where the value is:
We can see it’s still there.
Remember, as I noted earlier above, this may be due to the uninstall occurring in a non-Samsung environment, therefore the uninstall process may be broken and not working as intended. This is my actual guess, however, it’s possible that this may even occur in a legitimate Samsung environment as well.
Since I don’t have a legitimate Samsung environment to test this in, I cannot comment as to whether or not it’s truly “gone” after its traditional uninstall method via Windows' Add/Remove (or Uninstall a program) list. Let’s hope it is removed, completely.
If you are a Samsung user, with the above said, for now regarding any questions on how to actually get rid of this, I’m going to say just uninstall SW Update traditionally via Windows' Add/Remove (or Uninstall a program) list. If after doing so you notice the same occurs as above, well then that’s a different story and it’ll have to be uninstalled manually, or wait for a tool from Samsung like Lenovo did with Superfish.
UPDATE: I've received confirmation from a Samsung NP350V5C-A06UK user (Windows 8.1) that uninstalling SW Update traditionally has not stopped the forced changes to the way Windows Update's settings are configured to deploy updates, i.e. changing to "let me choose whether to download or install" at every single reboot.
The user still has the Samsung folder like my example above as well located in \ProgramData, which contains the following folders:
First off, here's how it was found:
A registry value was modified.
Subject:
Security ID: SYSTEM
Account Name: PURGED
Account Domain: WORKGROUP
Logon ID: 0x3E7
Object:
Object Name: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
Object Value Name: UpdatesAvailableForDownloadLogon
Handle ID: 0xecc
Operation Type: Registry value deleted
Process Information:
Process ID: 0x5c
Process Name: C:\Windows\System32\svchost.exe
Change Information:
Old Value Type: REG_DWORD
Old Value: 0
New Value Type: -
New Value: -
And then shortly after...
A registry value was modified. Subject: Security ID: SYSTEM Account Name:PURGEDAccount Domain: WORKGROUP Logon ID: 0x3E7 Object: Object Name: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update Object Value Name: UpdatesAvailableForDownloadLogon Handle ID: 0x135c Operation Type: New registry value created Process Information: Process ID: 0x5c Process Name: C:\Windows\System32\svchost.exe Change Information: Old Value Type: - Old Value: - New Value Type: REG_DWORD New Value: 0
Object:
Object Server: Security
Object Type: Key
Object Name: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
Handle ID: 0x144
Resource Attributes: -
Process Information:
Process ID: 0x1ae4
Process Name: C:\ProgramData\SAMSUNG\SWUpdate\Temp\Packages\BASW-A0394A05\64\Disable_Windowsupdate.exe
Access Request Information:
Transaction ID: {00000000-0000-0000-0000-000000000000}
Accesses: DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
Query key value
Set key value
Create sub-key
Enumerate sub-keys
Notify about changes to keys
Create Link
Access Reasons: -
Access Mask: 0xF003F
Privileges Used for Access Check: -
Restricted SID Count: 0
Etc..
There were other Object Value Names, such as:
- CachedAUOptions
- InstallInProgress,
- UpdatesAvailableForInstallLogon
- UpdatesAvailableWithUiLogon
- UpdatesAvailableWithUiOrEulaLogon
- FirmwareUpdatesNotDownloaded
- FirmwareUpdatesNotInstalled
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\AuthorizedCDFPrefix: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Comments: "SW Update Setup"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Contact: "Samsung Electronics CO., LTD."
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\DisplayVersion: "2.2.9"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\HelpLink: "http://www.samsung.com"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\HelpTelephone: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\InstallDate: "20150623"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\InstallLocation: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\InstallSource: "C:\ProgramData\Samsung\SWUpdate\Temp\"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\ModifyPath: "MsiExec.exe /I{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Publisher: "Samsung Electronics CO., LTD."
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Readme: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Size: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\EstimatedSize: 0x00008172
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\UninstallString: "MsiExec.exe /I{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\URLInfoAbout: "http://www.samsung.com"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\URLUpdateInfo: ""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\VersionMajor: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\VersionMinor: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\WindowsInstaller: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Version: 0x02020009
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\Language: 0x00000409
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}\DisplayName: "SW Update"
Here's its basic information from a comparison of registry changes after installation.
HKLM\SOFTWARE\Samsung\CurrentPath\20000: ""C:\Program Files\Samsung\SW Update\sManager.exe""
HKLM\SOFTWARE\Samsung\SW Update\AgentPath: "C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe"
HKLM\SOFTWARE\Samsung\SW Update\InstallPath: "C:\Program Files\Samsung\SW Update\sManager.exe"
HKLM\SOFTWARE\Samsung\SW Update\TrafficDecentralize: "Y"
HKLM\SOFTWARE\Samsung\SW Update\LastORCAServerUpdateDateTime: "2015-06-22T02:28:42"
HKLM\SOFTWARE\Samsung\SW Update\AgentSleepSec: "300"
HKLM\SOFTWARE\Samsung\SWMCommon\FirstAgentExecDateTime: "2015-06-23T01:47:42"
HKLM\SYSTEM\ControlSet001\Services\SWUpdateService\Type: 0x00000110
HKLM\SYSTEM\ControlSet001\Services\SWUpdateService\Start: 0x00000002
HKLM\SYSTEM\ControlSet001\Services\SWUpdateService\ErrorControl: 0x00000001
HKLM\SYSTEM\ControlSet001\Services\SWUpdateService\ImagePath: "C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe /SERVICE"
HKLM\SYSTEM\ControlSet001\Services\SWUpdateService\DisplayName: "SW Update Service"
HKLM\SYSTEM\ControlSet001\Services\SWUpdateService\ObjectName: "LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Services\SWUpdateService\Type: 0x00000110
HKLM\SYSTEM\CurrentControlSet\Services\SWUpdateService\Start: 0x00000002
HKLM\SYSTEM\CurrentControlSet\Services\SWUpdateService\ErrorControl: 0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\SWUpdateService\ImagePath: "C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe /SERVICE"
HKLM\SYSTEM\CurrentControlSet\Services\SWUpdateService\DisplayName: "SW Update Service"
HKLM\SYSTEM\CurrentControlSet\Services\SWUpdateService\ObjectName: "LocalSystem"
Here we can see some more information, such as its agent's sleep is set to 300 seconds, its first execution timestamp, and the creation of the "SW Update" service. I'll break down the service stuff:
Type (0x00000110): As far as I know, this implies it's a Win32 program that can be started by Windows' Service Controller, and that it obeys the service control protocol. This type of Win32 service runs in a process by itself.
Start: (0x00000002): This implies it's set to load or startup automatically for all startups, regardless of the service type. Its loader is the Service Control Manager, where as the 0x0 (boot) would be the kernel, and 0x1 (system) would be the I/O Subsystem.
ErrorControl: (0x00000001): This implies if the driver fails to load or initialize, proceed regardless with startup, however display a warning.
We note that its ImagePath is:
C:\ProgramData\Samsung
If you show hidden files & folder and navigate here, you have two folders - "SW Update Service", and "SWUpdate". If you actually have a Samsung machine, you instead have two "SWUpdate" folders, and they both contain XML files. If we take a look at one (BASW-A0394A05_1B33BCEB.xml):
<?xml version="1.0" encoding="UTF-8"?>
-<MaxList>
-<Head>
<BOMID/>
<CISCode/>
<Product/>
<Project/>
<Model/>
<DevStep/>
<BaseMRT/>
<BaseBOM/>
<Region/>
<OS/>
<Language/>
<ROLString/>
<Date/>
<Time/>
<Test>Yes</Test>
</Head>
-<Item>
<CISCode>BASW-A0394A05</CISCode>
<ItemType>SOFTWARE</ItemType>
<DisplayName>Disable_AutoWindowsUpdate1.0</DisplayName>
<Region>DNC</Region>
<OS>WBPR64/WBSL64/WBST64</OS>
<Lang>DNC</Lang>
<ROLString>ALL</ROLString>
<InstallType>PSTEXE</InstallType>
<InstallPath>BASW-A0394A\BASW-A0394A04.ZIP</InstallPath>
<InstallFile>Inst.exe</InstallFile>
<InstallPara1>/pbr /na</InstallPara1>
<InstallPara2/>
<InstallOrgFileSize>4678908</InstallOrgFileSize>
<InstallFileSize>2055424</InstallFileSize>
<ImageCate>C2P1</ImageCate>
<ImageType>GCP</ImageType>
<ImageSequence/>
<MediaType>SM1</MediaType>
<MediaSubCate>ITMOPT</MediaSubCate>
<MediaSequence/>
<CheckType>NoVerify</CheckType>
<CheckRoot/>
<VerifyAttribute>1.0</VerifyAttribute>
<VerifyPara1/>
<VerifyPara2/>
<System/>
<Selectable>Y</Selectable>
<AND/>
<XOR/>
<DistributionPriority>1</DistributionPriority>
<FURL>http://orcaservice.samsungmobile.com/FileDownloader.aspx?Type=PATCH&FILENAME=BASW-A0394A04.ZIP</FURL>
-<MultiLangDisplayName>
<Default>ENG</Default>
-<Value>
<Lang>ENG</Lang>
<Str>Windows Configuration</Str>
</Value>
-<Value>
<Lang>KOR</Lang>
<Str>Windows Configuration</Str>
</Value>
</MultiLangDisplayName>
<Version>1.0</Version>
-<DDesc>
<Default>ENG</Default>
-<Value>
<Lang>ENG</Lang>
<Str>This program helps your windows configuration settings.</Str>
</Value>
-<Value>
<Lang>KOR</Lang>
<Str>이 프로그램은 Windows configuration 프로그램입니다.</Str>
</Value>
</DDesc>
<RemoveFilePath/>
<RemovePara1/>
<RemovePara2/>
-<RemoveComment>
<Default>ENG</Default>
</RemoveComment>
<UpdatePara1/>
<UpdatePara2/>
<TargetCISCode> </TargetCISCode>
<MutualExclusiveCISCode/>
<SWCate2>Miscellaneous</SWCate2>
<Keyword1>SDR</Keyword1>
<Keyword2>SDR</Keyword2>
<Keyword3>SDR</Keyword3>
<AutoInstall>Y</AutoInstall>
<SingleInstall>Y</SingleInstall>
-<PatchSequence>
-<InstCmd>
<InstCmdType>GENERAL_EXECUTION</InstCmdType>
-<InstCmdParam>
<Name>EXCUTION_FILE_NAME</Name>
<Value>64\Disable_Windowsupdate.exe</Value>
</InstCmdParam>
</InstCmd>
</PatchSequence>
<FromProductDate/>
<ToProductDate/>
<BulletineDate>2015-05-12 17:12:43</BulletineDate>
-<ProcCondition>
-<ProcInfo>
<ProcType>REG_VALUE</ProcType>
-<ProcParam>
<Name>BASE_OP</Name>
<Value>AND</Value>
</ProcParam>
-<ProcParam>
<Name>REG_KEY</Name>
<Value>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update</Value>
</ProcParam>
-<ProcParam>
<Name>REG_VALUE_NAME</Name>
<Value>AUOptions</Value>
</ProcParam>
-<ProcParam>
<Name>REG_VALUE_TYPE</Name>
<Value>REG_DWORD</Value>
</ProcParam>
-<ProcParam>
<Name>REG_VALUE</Name>
<Value>2</Value>
</ProcParam>
-<ProcParam>
<Name>OP_RELATION</Name>
<Value>!=</Value>
</ProcParam>
</ProcInfo>
-<ProcInfo>
<ProcType>REG_VALUE</ProcType>
-<ProcParam>
<Name>BASE_OP</Name>
<Value>AND</Value>
</ProcParam>
-<ProcParam>
<Name>REG_KEY</Name>
<Value>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update</Value>
</ProcParam>
-<ProcParam>
<Name>REG_VALUE_NAME</Name>
<Value>AUOptions</Value>
</ProcParam>
-<ProcParam>
<Name>REG_VALUE_TYPE</Name>
<Value>REG_DWORD</Value>
</ProcParam>
-<ProcParam>
<Name>REG_VALUE</Name>
<Value>4</Value>
</ProcParam>
-<ProcParam>
<Name>OP_RELATION</Name>
<Value>=</Value>
</ProcParam>
</ProcInfo>
</ProcCondition>
<Thumbnail/>
<Screenshot1/>
<Screenshot2/>
<Screenshot3/>
-<AdURL>
<URL/>
<FromDate>1900-01-01 오전 12:00:00</FromDate>
<ToDate>1900-01-01 오전 12:00:00</ToDate>
</AdURL>
</Item>
</MaxList>
Note its installer file.
We can see now how Disable_Windowsupdate.exe begins the process to its "drop", which is downloading the zip its contained in from:
http://orcaservice.samsungmobile.com/FileDownloader.aspx?Type=PATCH&FILENAME=BASW-A0394A04.ZIP
I find this string excerpt particularly funny:
<Str>This program helps your windows configuration settings.</Str>
Once the zip is dropped, we can inspect its contents as well:
If we check the config file for the installer in charge of dropping the WU disable:
;HowTo : The registry location of the installed language....
;[HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language]
;InstallLanguage=????
;%CD%\ = Current Folder Location Variable
;%WinDir% = Windows Folder ex) C:\Windows C:\Winnt
;%ProgramFiles% = Program Files Folder ex) C:\Program Files, C:\Archivo de program, C:\Programme
;%LangID%
;HowTo : The registry location of the installed language....
;[HKLM\SYSTEM\CurrentControlSet\Control\Nls\Language]
;LangID Lang / Export to
;0412 KOR / KOR
;0409 ENG / UK, HKG
;040C FRN / FRN
;0407 GER / GER
;0411 JPN / JPN
;0404 CHT / CHT
;0804 CHS / CHS
;0C0A SPA / SPA
;0816 POR / POR
;0419 RUS / RUS
[BaseSettings]
OSConditional= TRUE
ShowWin = FALSE
RunInAuditMode = TRUE
[32Win8]
Setup1=xcopy 32\Disable_Windowsupdate.exe "%ALLUSERSPROFILE%\Samsung\" /y
Setup2=schtasks /create /XML "%CD%\Dis_AU.xml" /tn "Dis_AU"
[64Win8]
Setup1=xcopy 64\Disable_Windowsupdate.exe "%ALLUSERSPROFILE%\Samsung\" /y
Setup2=schtasks /create /XML "%CD%\Dis_AU.xml" /tn "Dis_AU"
We can see its using the xcopy command to inevitably "drop" Disable_Windowsupdate.exe in \ProgramData\Samsung. %ALLUSERPROFILE% is an environment variable for \ProgramData on >Vista, and \Documents and Settings\All Users on XP.
We can confirm this by checking ourselves:
Note that the exe is actually signed by Samsung themselves:
So a big thing is the question as to how this persistently resets/disables Windows Update after you change it and reboot, and it's actually not SW Update. SW Update is basically just there to genuinely do its job, which is to update Samsung's drivers, software, etc.
What's actually causing Windows Update to persistently become disabled/reset is the fact that Disable_Windowsupdate.exe creates a scheduled task that runs at every logon to ensure that Windows Update is indeed disabled.
We can see the task's contents below:
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2006-12-03T15:11:57.570551</Date>
<Author>Administrator</Author>
</RegistrationInfo>
<Triggers>
<LogonTrigger id="145a3a6c-a630-4ec0-985d-1280512f0ba8">
<Enabled>true</Enabled>
</LogonTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<GroupId>S-1-5-32-545</GroupId>
<RunLevel>HighestAvailable</RunLevel>
</Principal>
</Principals>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>false</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>true</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>"%ALLUSERSPROFILE%\Samsung\Disable_Windowsupdate.exe"</Command>
<WorkingDirectory>%ALLUSERSPROFILE%\Samsung</WorkingDirectory>
</Exec>
</Actions>
</Task>
Let's see it in action
So first off, as I noted earlier in the post, if you're trying to run the Samsung update software + disabler, etc, on a non-Samsung environment, it's really buggy. My VM was going through convulsions trying to just take screenshot examples after frequent restarts, etc, so there's a few minutes in between each screenshot.
Here's what WU looks like directly after installing SW Update:
Note that it's set to 'Check for updates but let me choose whether to download and install them'.
Let's change it to 'Install updates automatically (recommended)':
Cool, let's restart and check again.
Oh, this doesn't look right. Let's check the settings:
Uh...
There's a bit more to it that I'd like to get to eventually, but I suppose this is enough to get the point across. Anyway, with this known, I decided to try Samsung's chat to see if they knew of it:
You are now chatting with 'Rep'. There will be a brief survey at the end of our chat to share feedback on my performance today.Your Issue ID for this chat is *purged*.Rep: Hi, thank you for reaching out to Samsung technical support. How may I assist you?ringzero: Hi Rep, I have a question regarding your SW Update software.Rep: Hi Ringzero, please go ahead with your question.Rep: I'll be glad to assist you.ringzero: Thanks Rep! My question is, why does this software actively monitor the registry and deliberately cripple Windows Update by forcefully disabling it?Rep: SW Update tool helps in automatically detecting the hardware on the laptop and installs the supporting drivers for them. I am afraid; this tool has directly no effect on the registry of your laptop or Windows Updates.ringzero: Rep, I am afraid that you're incorrect. SW Update drops an exe named "Disable_Windowsupdate.exe"ringzero: When SW Update is installed, Windows Update is always disabled. If it's enabled, or set to a setting of your liking, it'll be re-disabled on reboot.ringzero: If SW Update is uninstalled, Windows Update stays enabled persistently throughout reboots.Rep: Thank you for waiting. I'll be with you in just a moment.ringzero: Sure.Rep: When you enable Windows updates, it will install the Default Drivers for all the hardware no laptop which may or may not work. For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.
So thanks to Rep over at Samsung, we now know Samsung's motive to disabling WU.
OEMs, come on... has Superfish taught us nothing?
Upload/report this as malware to Microsoft/MSRC, etc, because that's exactly what it is. Why would you ever disable WU in such a fashion (or in general), in a way a generic user cannot control, leaving them vulnerable?
x86 MD5
3727acd09814c0d5ce8fd3d6be705254
x64 MD5
d0a3a1c266845ef1e2cdf65c226facae
x86 SHA-256
61da7461e8a60a20e9d2b595edff89a0898c8f2d47d2be847c8a7ceff0fc4bd4
x64 SHA-256
7b9547acf8b3792b48fe5a02f7d5f3e0dfba8e57055d60f479bb8adfed99871c
Special thanks: niemiro, tom982, BrianDrab, Tekno Venus, zcomputerwiz, and of course wavly. Without wavly, who knows how long this would have gone unnoticed for. Very big thanks to everybody involved for bringing this to light, especially BrianDrab for his invaluable WU work that helped discover this.
Small edit: I edited out the Samsung rep's real name to just 'Rep'. It was clearly a tier 1/2 support just doing their job, and I of course don't want them getting in any trouble since this appears to be blowing up. After all, as I said, this isn't their fault at all.
Update
According to a few news articles, here's Samsung's latest statement:
"It is not true that we are blocking a Windows 8.1 operating system update on our computers. As part of our commitment to consumer satisfaction, we are providing our users with the option to choose if and when they want to update the Windows software on their products," said Samsung.
"We take product security very seriously and we encourage any Samsung customer with product questions or concerns to contact us directly at 1-800-SAMSUNG."I don't understand what this statement is implying, and it may have been a loss in translation between whichever article reporter/editor got the statement from Samsung, because I never implied it specifically blocked a "Windows 8.1 OS system update", just that their SW Update software is preventing Windows Update from automatically installing updates, and forcing the user to have it set to "let me choose whether to download and install". If you attempt to change it, it'll switch right back on a reboot. Microsoft has openly stated that they do not like the fact that it's persistently changing, or even existing in the first place without the user's consent. It's disabling Windows Update from working as the user intends it to.
However you look at this, Samsung's solution to what we can guess is a device driver workaround was not done in the best way, or a safe way. I mean, come on, the exe is named Disable_Windowsupdate.exe. In any case, if it appears I am acting as an enemy to Samsung, I'm not. I'm just a 22 year old cashier with a love for Windows internals that found a security risk for Windows' Samsung users with a few others. That's it.
I've reported this to the Microsoft security team. Hopefully they'll take action.
ReplyDeleteReported it??? lol..... While many of us Samsung users love the way they are taking back control for us. Forced Updates coming from Microsoft are a tragic mistake, like Music Rights Holders Suing their own customers. Besides ...... the fact that Windows 8.1 forced updates are also blocked by HP!
DeleteBut tell all you Samsung haters that..... because all they really want is to hate on Samsung for any possible reason. I have not been using MS updates just because of the forced update from 8.0 to 8.1 because #1 you can never go back to 8.0 or 7.x anything. I'm also sure that they'll strand 8.1 users where they're at if they simply choose not to update to Windows 10 in the future. It's the whole being forced to reboot after most every update that still makes people's blood boil. Especially when it's over some stupid update people don't even want!
You're right in the middle of some important work and step away from your computer. When you come back it's updated and rebooted on it's own losing all your work and deleting your former setup! .......so it's Microsoft that needs to change how they update, not Samsung or HP and the rest of hardware makers living slaves to Microsoft's whims and mistakes!!!
The Windows Update system gives you a range of options for downloading and installing updates. On my home computers I have it configured to automatically download the updates, but not deploy them until a time that suits me. Therefore, the issue of my computer restarting without warning doesn't arise.
DeleteThis comes from someone who is neither a Samsung-hater (at least, not of their computers) nor a Microsoft employee. I am merely a user of Microsoft Windows in both my home and work environments. Although I have no control over update deployments in my work environment, I (as the owner of one desktop and one laptop) don't think it unreasonable that I should have full control over when updates are downloaded, and when they are deployed.
By including this application in their systems, and then being very cagey about its existence AND making it so difficult to get rid of, Samsung are employing tactics that are not consistent with good customer-service. And more importantly, they've been rumbled.
Feeling more sane now, thanks for this. SW Update has been competing with my Windows Updates on video card related updates for a couple years now (among other updates), and now I know what I will be disabling. Ugh.
ReplyDeleteIs it really downloading that .exe over non-https? Would be lovely if that cert got compromised, but Samsung users wouldn't get the revocation because they're not getting Windows updates...
ReplyDeleteSurface pro for the win(given its MS ,no more problem reporting what innard is for and what it does
ReplyDeleteCan you provide an MD5 of the .exe so it can be reported to the AV vendors?
ReplyDeleteAdded MD5's for its x86 and x64 variants.
DeleteCan you provide a SHA-2 hash of the file so it cannot be trivially collided?
Delete@H110Hawk: The weaknesses in MD5 are collision attacks not pre-image attacks. This means that it's easy enough to generate a pair of files which hash collide, but that it's not at all easy to generate a second file which hash collides with a pre-existing first as we'd need here. MD5 is a hashing algorithm we should be phasing out, especially for password hashing usage where it's far too fast and memory light, but in general it's still reasonably secure for file integrity verification.
DeleteI've added SHA-256 for both x86 and x64.
DeleteHave been using three Samsung Monitors, for several years now, without using any Samsung Software, at all, and with no problems at all either?
ReplyDeleteThink you are inventing problems, that do not exist?
You caught me, Paul.
DeleteGood to know. I will be advising all of our customers to stay well away from Samsung's PC products.
ReplyDeleteI can confirmation the existence of the xml configuration file as my SWUpdate (version 2.2.4 previously) pulled from Samsung's server. However, there is no indication that it has downloaded the actual package and has modified mine Windows Update configuration. There is no executable file at all on my ProgramData\Samsung folder. And it looked like the software has just recently been developed as in the version 1.0 so they might have thought about something when they were doing this.
ReplyDeleteI am not sure if we can consider this is a type of malware or something, even though I know it modifies the registry. For most of Samsung laptops, you must have this in order to download and update drivers and software, for majority of consumers. However, I think we need to tell Samsung about this behavior and other vendors so they need to stay away from this.
This comment has been removed by the author.
ReplyDeletewhat happened to switching your computer on, do your work, then switch the sodding thing off and going home and doing something more interesting..... I came here from the BBC tech page, and computer debates like this are like golf but just not as interesting ..... thfra......
ReplyDeleteI have to agree with Paul. While curious, I don't think this is all that much outside the industry process (HP does much the same and maybe others as well).
ReplyDeleteAs it said in the original article that brought me here, the article is "...affected by the exuberance of youth..." (okay, they said mildly but personally that's a mild understatement).
Did you discover something? Yup
Did you get the canned answer from a T1 phone rep? Yup
Is it the malware to end all malware that is insinuated in the blog txt? (mild exaggeration on my part here). Still, Nope
At worst, Samsung (and HP and others?) are guilty of poor communication (just as users are guilty of not paying enough attention to checking for updates and security in general). Maybe it's stated in the manual/EULA that I'm sure everyone read to the end right?
I find too many of your assumptions are based on testing in a non-native environment (and no, verification from one user is not proper validation) and logic leaps that don't stand up by themselves.
Did anyone try using MSConfig to simply disable "Disable_Windowsupdate" at boot?
A good start but too many questions at this point left to be answered