Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus Infection

Started by ForrestGump , Oct 05 2022 11:38 PM
Virus

  • Please log in to reply

#1
ForrestGump
Posted 05 October 2022 - 11:38 PM

ForrestGump

    Member

  • Member
  • PipPip
  • 91 posts
Hello,
 
Just joined & need assistance to resolve my Infected Laptop,
 
I have ran Malwarebytes with Rootkits selected & AI scan not selected & no Detections reported,
 
I used the Reset this PC function & there was no improvement for the issues of freezing, Further issues & observations are as follows, 
 
Symptoms occuring are,
 
Edge & Google with only 1 tab open use 50-75% of CPU & MEM
 
When using Disk Cleanup if I move the cursor when Disk Cleanup states cleaning, it closes right away & it also gets stuck on removing Defender files that are not required any longer
 
I downloaded then Deleted Miray RAM DISK & Qiling DISK Master RAM 
 
I notice Miray Software AG & Chongqing Xia Soft Tech are listed in Internet Options, Content, Certificates, Trusted Publishers with both having expired Certificates?  
 
I noticed the Windows Security icon on the taskbar had a yellow exclamation indicator, when I opened it, I saw that App & Browser control was disabled and I was prompted to enable the feature.
 
When I enabled it & looked at the Exploit Protection settings, I noticed though that under program settings, all the system settings were set at default, & there are several programs with system overrides,
 
extExport.exe, ie4uinit.exe, ieinstal.exe, ielowutil.exe, ieUnatt.exe, iexplore.exe, msfeedssync.exe, mshta.exe, All had, Force randomization for images(mandatory ASLR) set to Override system settings (on)
 
mscorsvw.exe, ngen.exe, ngentask.exe, printdialog.exe, runtimebroker.exe, systemsettingshost.exe, All Had, Disable extension points Override system settings (on)
 
presentationhost.exe, Had, Data Execution Prevention, Force Randomization for Images(mandatory ASLR), Randomize memory allocations(Bottom up ASLR), Validate exception chains(SEHOP), Validate heap
 
integrity, All set to Override system settings (on)
 
presentationhost.exe, indicated 6 system overrides, yet only the 5 listed above actually were, When I had reviewed this list to see what was missed, there is 1 entry unlike the others,
 
Control Flow Guard(CFG), Is checked on for override system settings but is dark grey not blue.
 
End of issues & observations
 
Please review the issues & observations & FRST scan results & advise further
 
Thank you so much!!
 
BTW I will never download Freeware again for as long as I live               
 
I have scanned with FRST & posted below are the results
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2022
Ran by doher (administrator) on HAL900 (Hewlett-Packard HP G61 Notebook PC) (05-10-2022 18:34:32)
Running from C:\Users\doher\OneDrive\Desktop
Loaded Profiles: doher
Platform: Microsoft Windows 10 Pro Version 21H2 19044.2075 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\doher\AppData\Local\Microsoft\OneDrive\22.191.0911.0001\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-03-31] (Synaptics Incorporated -> Synaptics Incorporated)
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\Run: [Opera Browser Assistant] => C:\Users\doher\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4137936 2022-09-14] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" (No File)
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" (No File)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\106.0.5249.91\Installer\chrmstp.exe [2022-10-05] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{f64945df-4fa9-4068-a2fb-61af319edd33}] -> C:\WINDOWS\system32\rdpcredentialprovider.dll [2022-10-04] (Microsoft Windows -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {52850E0C-86A4-46EE-87CD-569DAF5E6A90} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {627F11A7-DB57-4CAD-9C39-DEBDA5A97B8D} - System32\Tasks\GoogleUpdateTaskMachineCore{CCAD91CA-4D95-45E8-9397-E4D83671A68C} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-05] (Google LLC -> Google LLC)
Task: {777BF150-2027-491E-B78D-5A7D5BE35734} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7E10D5FB-81BF-4247-BAC4-BD5C9686A77A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9047BE8A-DED6-4B7E-8B16-19C21B9DAF3E} - System32\Tasks\GoogleUpdateTaskMachineUA{F4EFA46F-C692-4809-820D-BE5C8CFC2442} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-05] (Google LLC -> Google LLC)
Task: {E84127CA-6F66-4417-BD10-09B319547B94} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F85A7457-4A52-4327-A0F8-93C321BD5539} - System32\Tasks\Opera scheduled Autoupdate 1664946301 => C:\Users\doher\AppData\Local\Programs\Opera\launcher.exe [2534856 2022-09-21] (Opera Norway AS -> Opera Software)
Task: {F8FDA3AB-DDC7-4BE8-AD0C-8AD0846B6A1D} - System32\Tasks\Opera scheduled assistant Autoupdate 1664946315 => C:\Users\doher\AppData\Local\Programs\Opera\launcher.exe [2534856 2022-09-21] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\doher\AppData\Local\Programs\Opera\assistant" $(Arg0)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8ae5b79e-3f17-43ac-9ee0-392aa1379c3a}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{e03cb7c5-df15-4fd3-aee5-d164ca37553e}: [DhcpNameServer] 192.168.2.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-05]
Edge Notifications: Default -> hxxps://www.youtube.com
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (DuckDuckGo) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2022-10-04]
Edge Extension: (uBlock Origin) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-10-04]
Edge Extension: (Enhancer for YouTube™) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlgfaleeejmphhnemjgiaekdbonkagkd [2022-10-04]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-10-04]
Edge Extension: (MSN New Tab) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lklfbkdigihjaaeamncibechhgalldgl [2022-10-04]
Edge Extension: (Privacy Badger) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2022-10-04]
 
Chrome: 
=======
CHR Profile: C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default [2022-10-05]
CHR Extension: (Google Docs Offline) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-10-05]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-10-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-05]
CHR Extension: (Speedtest by Ookla) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjjikdiikihdfpoppgaidccahalehjh [2022-10-05]
CHR Extension: (Enhancer for YouTube™) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2022-10-05]
 
Opera: 
=======
OPR Profile: C:\Users\doher\AppData\Roaming\Opera Software\Opera Stable [2022-10-05]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\doher\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-10-05]
OPR Extension: (Opera Crypto Wallet) - C:\Users\doher\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2022-10-05]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\doher\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2022-10-05]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224192 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 MirayRAMDrive; C:\WINDOWS\System32\drivers\mrdo.sys [65488 2022-02-10] (Miray Software AG -> Miray)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-10-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-10-04] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-05 17:31 - 2022-10-05 18:35 - 000000000 ____D C:\FRST
2022-10-05 14:53 - 2022-10-05 14:53 - 000000000 ____D C:\WINDOWS\Panther
2022-10-05 04:26 - 2022-10-05 04:27 - 000000000 ____D C:\Users\doher\AppData\Local\PlaceholderTileLogoFolder
2022-10-05 01:05 - 2022-10-05 01:05 - 000004406 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1664946315
2022-10-05 01:05 - 2022-10-05 01:05 - 000004152 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1664946301
2022-10-05 01:05 - 2022-10-05 01:05 - 000001405 _____ C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2022-10-05 01:05 - 2022-10-05 01:05 - 000000000 ____D C:\Users\doher\AppData\Local\Opera Software
2022-10-05 01:03 - 2022-10-05 01:03 - 000000000 ____D C:\Users\doher\AppData\Roaming\Opera Software
2022-10-05 00:52 - 2022-10-05 00:52 - 000002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-10-05 00:52 - 2022-10-05 00:52 - 000002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-10-05 00:52 - 2022-10-05 00:52 - 000000000 ____D C:\Program Files\Google
2022-10-05 00:51 - 2022-10-05 17:56 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-05 00:51 - 2022-10-05 01:04 - 000000000 ____D C:\Users\doher\AppData\Local\Google
2022-10-05 00:51 - 2022-10-05 00:51 - 000003496 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{F4EFA46F-C692-4809-820D-BE5C8CFC2442}
2022-10-05 00:51 - 2022-10-05 00:51 - 000003372 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{CCAD91CA-4D95-45E8-9397-E4D83671A68C}
2022-10-04 23:50 - 2022-10-04 23:50 - 000000000 ____D C:\Users\doher\AppData\Local\PeerDistRepub
2022-10-04 22:40 - 2022-10-04 22:40 - 000378531 _____ C:\Users\doher\Downloads\Start_Menu_troubleshooter.zip
2022-10-04 21:12 - 2022-10-04 21:12 - 000000000 ____D C:\Users\doher\AppData\Local\Apps\2.0
2022-10-04 20:54 - 2022-10-04 20:54 - 000000000 ____D C:\Users\doher\AppData\Local\Comms
2022-10-04 20:12 - 2022-10-04 20:12 - 000000000 ____D C:\Users\doher\AppData\Local\OneDrive
2022-10-04 19:21 - 2022-10-04 19:21 - 000000000 ____D C:\Users\doher\OneDrive\Documents\Zoom
2022-10-04 19:21 - 2022-05-02 17:20 - 461187826 _____ C:\Users\doher\OneDrive\Documents\reg back up may 02 2022 518 pm.reg
2022-10-04 19:21 - 2022-04-26 21:22 - 000000000 _____ C:\Users\doher\OneDrive\Documents\Default.rdp
2022-10-04 19:21 - 2022-03-30 20:05 - 000725625 _____ C:\Users\doher\OneDrive\Documents\dism log mar 30 2022.txt
2022-10-04 19:20 - 2022-10-04 19:20 - 000000000 ____D C:\Users\doher\OneDrive\Documents\PCMark 7
2022-10-04 19:20 - 2022-10-04 19:20 - 000000000 ____D C:\Users\doher\OneDrive\Documents\PassMark
2022-10-04 18:47 - 2022-10-04 18:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-04 18:44 - 2022-10-04 18:44 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-10-04 18:43 - 2022-10-04 18:43 - 000001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-10-04 18:43 - 2022-10-04 18:43 - 000000000 ____D C:\Program Files\PCHealthCheck
2022-10-04 18:23 - 2022-10-05 18:24 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1890784580-1000596592-3856219040-1001
2022-10-04 18:23 - 2022-10-05 18:24 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1890784580-1000596592-3856219040-1001
2022-10-04 18:23 - 2022-10-04 18:23 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-04 18:22 - 2022-10-05 13:53 - 000000000 ____D C:\Users\doher\AppData\Local\D3DSCache
2022-10-04 18:20 - 2022-10-05 04:27 - 000000000 ____D C:\Users\doher\AppData\Local\Packages
2022-10-04 18:20 - 2022-10-04 20:54 - 000000000 ____D C:\ProgramData\Packages
2022-10-04 18:20 - 2022-10-04 19:19 - 000000000 ____D C:\Users\doher\AppData\Local\ConnectedDevicesPlatform
2022-10-04 18:20 - 2022-10-04 18:20 - 000000020 ___SH C:\Users\doher\ntuser.ini
2022-10-04 18:20 - 2022-10-04 18:20 - 000000000 ____D C:\Users\doher\AppData\Roaming\Adobe
2022-10-04 18:20 - 2022-10-04 18:20 - 000000000 ____D C:\Users\doher\AppData\Local\VirtualStore
2022-10-04 18:20 - 2022-10-04 18:20 - 000000000 ____D C:\Users\doher\AppData\Local\Publishers
2022-10-04 17:32 - 2022-10-04 17:33 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-04 17:28 - 2022-10-04 17:28 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-10-04 17:28 - 2022-10-04 17:28 - 000000000 ____D C:\ProgramData\ssh
2022-10-04 17:20 - 2022-10-04 17:20 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-10-04 17:20 - 2022-10-04 17:20 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-10-04 17:20 - 2022-10-04 17:20 - 000479744 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000188928 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-10-04 17:19 - 2022-10-04 17:19 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-10-04 17:19 - 2022-10-04 17:19 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000012251 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-04 17:18 - 2022-10-04 17:18 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2022-10-04 17:18 - 2022-10-04 17:18 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-10-04 17:18 - 2022-10-04 17:18 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2022-10-04 17:17 - 2022-10-04 17:17 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2022-10-04 17:17 - 2022-10-04 17:17 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-04 17:17 - 2022-10-04 17:17 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2022-10-04 17:16 - 2022-10-04 17:16 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-10-04 17:16 - 2022-10-04 17:16 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-10-04 17:16 - 2022-10-04 17:16 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-10-04 17:16 - 2022-10-04 17:16 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2022-10-04 17:15 - 2022-10-04 17:15 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2022-10-04 17:03 - 2022-10-04 17:03 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-04 17:03 - 2022-10-04 17:03 - 000000000 ____D C:\Program Files\MSBuild
2022-10-04 17:03 - 2022-10-04 17:03 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-04 17:03 - 2022-10-04 17:03 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-04 17:01 - 2022-10-04 17:01 - 000000000 ____D C:\Program Files\Synaptics
2022-10-04 16:59 - 2022-10-04 16:59 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-04 13:53 - 2022-10-05 14:57 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-04 13:48 - 2022-10-05 14:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-04 13:48 - 2022-10-04 18:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-04 13:48 - 2022-10-04 13:48 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{5D5FA87D-8AD4-4FE3-8C9D-AAC9FBF2FC5C}
2022-10-04 13:48 - 2022-10-04 13:48 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{1CC0C225-8D66-4F90-BB26-44AF4225D386}
2022-10-04 13:43 - 2022-10-05 18:24 - 000002385 _____ C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-04 13:43 - 2022-10-04 18:20 - 000000000 ____D C:\Users\doher
2022-10-04 13:40 - 2022-10-04 13:40 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2022-10-04 13:39 - 2022-10-04 13:49 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-10-04 13:39 - 2022-10-04 13:39 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-10-04 13:39 - 2022-10-04 13:39 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2022-10-04 13:38 - 2022-10-05 16:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-04 13:38 - 2022-10-04 13:38 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-04 12:41 - 2022-10-04 13:46 - 000000000 ___HD C:\$SysReset
2022-10-03 04:54 - 2022-10-03 04:55 - 000000000 ____D C:\Users\doher\AppData\LocalLow\IObit
2022-09-25 23:54 - 2022-09-25 23:56 - 000000000 ___HD C:\$WinREAgent
2022-09-25 21:04 - 2022-10-04 19:20 - 000000000 ____D C:\Users\doher\OneDrive\Documents\New folder
2022-09-22 20:48 - 2022-09-22 20:48 - 000004600 _____ C:\Users\doher\OneDrive\Documents\Attossdbenchres.bmk
2022-09-22 20:23 - 2022-09-22 20:23 - 000000000 ____D C:\ATTO
2022-09-22 20:22 - 2022-09-22 20:22 - 003993048 _____ (ATTO Technology, Inc.) C:\Users\doher\Downloads\win_app_benchmark_4000f2.exe
2022-09-22 02:50 - 2022-09-22 02:50 - 000000000 ____D C:\Users\doher\.wdc
2022-09-22 02:32 - 2022-09-22 02:32 - 003637651 _____ C:\Users\doher\Downloads\c01868653.pdf
2022-09-21 00:02 - 2022-09-21 00:02 - 000001024 ____H C:\SYSTAG.BIN
2022-09-20 23:05 - 2022-09-22 23:31 - 000001024 ____H C:\AMTAG.BIN
2022-09-20 03:49 - 2022-09-20 03:49 - 000000000 _____ C:\cbslog.txt
2022-09-20 00:33 - 2022-09-20 00:33 - 002786040 _____ (Opera Software) C:\Users\doher\Downloads\OperaSetup.exe
2022-09-19 22:44 - 2022-10-03 20:10 - 000000000 ____D C:\AMD
2022-09-19 22:02 - 2022-09-26 03:09 - 000000000 ____D C:\Users\doher\OneDrive\Documents\AIDA64 Reports
2022-09-19 10:44 - 2022-09-19 21:53 - 000000000 ____D C:\Users\doher\Downloads\aida64business675_portable
2022-09-19 10:44 - 2022-09-19 10:44 - 049661152 _____ C:\Users\doher\Downloads\aida64business675_portable.zip
2022-09-19 08:49 - 2022-09-19 08:49 - 001427176 _____ (Google LLC) C:\Users\doher\Downloads\ChromeSetup.exe
2022-09-19 03:15 - 2022-09-19 03:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2022-09-18 17:49 - 2022-10-03 08:37 - 000000000 ___HD C:\OneDriveTemp
2022-09-18 17:49 - 2022-09-18 17:49 - 000000000 ____D C:\Users\doher\OneDrive\Documents\Windows Imaging and Configuration Designer (WICD)
2022-09-18 17:49 - 2022-09-18 17:49 - 000000000 ____D C:\Users\doher\OneDrive\Documents\Windows Assessment Console
2022-09-18 17:49 - 2022-09-18 17:49 - 000000000 ____D C:\Users\doher\OneDrive\Documents\Sigcheck
2022-09-18 17:49 - 2022-09-18 17:49 - 000000000 ____D C:\Users\doher\OneDrive\Documents\Assessment Results
2022-09-18 17:49 - 2022-09-13 23:49 - 000000000 _____ C:\Users\doher\OneDrive\Documents\disk results.txt
2022-09-18 17:49 - 2022-03-21 11:23 - 000000552 _____ C:\Users\doher\OneDrive\Documents\cc_20220321_112309.reg
2022-09-18 17:49 - 2022-03-21 11:21 - 000039364 _____ C:\Users\doher\OneDrive\Documents\cc_20220321_112000.reg
2022-09-18 17:48 - 2022-10-05 18:24 - 000000000 ___RD C:\Users\doher\OneDrive
2022-09-18 17:44 - 2022-10-04 18:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-09-18 17:44 - 2022-10-04 18:20 - 000000000 ___RD C:\Users\doher\3D Objects
2022-09-18 07:41 - 2022-09-18 07:41 - 000000000 _SHDL C:\Documents and Settings
2022-09-18 07:40 - 2022-09-18 07:40 - 000000000 ____D C:\WINDOWS\CSC
2022-09-18 07:31 - 2022-10-04 13:49 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-18 07:26 - 2022-10-05 14:52 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-16 17:10 - 2016-03-31 02:24 - 000772104 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000622784 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2022-09-16 17:10 - 2016-03-31 02:24 - 000430256 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000274968 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000267440 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo31-1.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000052904 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2022-09-16 17:10 - 2016-03-31 02:24 - 000052400 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-05 15:09 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-05 15:03 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-05 14:57 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-10-05 14:52 - 2019-12-07 05:03 - 000065536 _____ C:\WINDOWS\system32\config\BBI
2022-10-05 04:38 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-10-05 04:32 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-05 04:26 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-05 00:36 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-05 00:36 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-04 18:44 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-10-04 18:43 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-10-04 17:35 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-04 17:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-04 17:28 - 2019-12-07 05:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2022-10-04 17:28 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-10-04 17:28 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-10-04 17:28 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-10-04 17:28 - 2019-12-07 05:51 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-10-04 17:28 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2022-10-04 17:26 - 2019-12-07 05:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2022-10-04 17:26 - 2019-12-07 05:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2022-10-04 17:26 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-04 17:26 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-04 17:03 - 2019-12-07 05:52 - 000000000 ____D C:\WINDOWS\OCR
2022-10-04 13:56 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-04 13:55 - 2019-12-07 05:51 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-10-04 13:55 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-10-04 13:55 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-04 13:48 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-10-04 13:39 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-09-12 21:56 - 2021-04-25 23:13 - 000000000 __RHD C:\MSOCache
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2022
Ran by doher (05-10-2022 18:40:33)
Running from C:\Users\doher\OneDrive\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.2075 (X64) (2022-10-04 17:55:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1890784580-1000596592-3856219040-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1890784580-1000596592-3856219040-503 - Limited - Disabled)
doher (S-1-5-21-1890784580-1000596592-3856219040-1001 - Administrator - Enabled) => C:\Users\doher
Guest (S-1-5-21-1890784580-1000596592-3856219040-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1890784580-1000596592-3856219040-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 106.0.5249.91 - Google LLC)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 106.0.1370.34 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\OneDriveSetup.exe) (Version: 22.191.0911.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Opera Stable 91.0.4516.20 (HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\Opera 91.0.4516.20) (Version: 91.0.4516.20 - Opera Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
 
Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-10-05] (Microsoft Studios) [MS Ad]
Speedtest by Ookla -> C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.15.163.0_x64__43tkc6nmykmb6 [2022-10-05] (Ookla)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\doher\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E9CB6A2D-F399-44C7-886B-8194EAA5FDC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D234F914-1F7A-437E-A5D1-DE6C92E8278B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1ED7D18D-C951-42F4-B1F3-FE8D986EBAA1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2572A349-E0A7-45D4-B7E2-B870501CF275}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.88.3401.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C7CF151E-4CE4-4F16-AA68-E3545A18CD5F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
04-10-2022 18:43:14 Windows Modules Installer
04-10-2022 21:52:44 RESET PC RESTORE POINT
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/05/2022 12:32:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.2075, time stamp: 0x4aa1ce82
Faulting module name: SystemSettings.DataModel.dll, version: 10.0.19041.746, time stamp: 0xcea263fa
Exception code: 0xc00000fd
Fault offset: 0x00000000000079df
Faulting process id: 0xdf0
Faulting application start time: 0x01d8d8737130c6b1
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\SystemSettings.DataModel.dll
Report Id: abbf1953-3e39-49a8-8350-09e24fbdc1c6
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (10/05/2022 12:31:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.2075, time stamp: 0x4aa1ce82
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc000041d
Fault offset: 0x000000000000ddda
Faulting process id: 0xa10
Faulting application start time: 0x01d8d87354fb1109
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 94a4598c-5207-4f6f-8b7d-a454ca34773f
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (10/05/2022 12:28:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.2075, time stamp: 0x4aa1ce82
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc000041d
Fault offset: 0x000000000000e109
Faulting process id: 0x7ac
Faulting application start time: 0x01d8d872e95e290d
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 257ea25f-e797-4775-b33b-cbcb40ecc4d7
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (10/05/2022 12:25:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.2075, time stamp: 0x4aa1ce82
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc00000fd
Fault offset: 0x000000000000ddda
Faulting process id: 0x132c
Faulting application start time: 0x01d8d8727d2d8b05
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 0d364c7b-1ae7-4df9-9fc8-c7f4b28c863f
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (10/05/2022 12:21:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.2075, time stamp: 0x4aa1ce82
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc000041d
Fault offset: 0x0000000000015c3d
Faulting process id: 0x1f54
Faulting application start time: 0x01d8d871ef50b72d
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: ed15d6cc-0dfd-49fc-9657-16ff61faf793
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (10/05/2022 12:20:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.2075, time stamp: 0x4aa1ce82
Faulting module name: ucrtbase.dll, version: 10.0.19041.789, time stamp: 0x2bd748bf
Exception code: 0xc000041d
Fault offset: 0x000000000000e109
Faulting process id: 0x1188
Faulting application start time: 0x01d8d8716914899f
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 4c6c954b-d361-4def-8810-0314a3efebc9
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (10/05/2022 12:17:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.19041.2075, time stamp: 0x4aa1ce82
Faulting module name: SystemSettings.DataModel.dll, version: 10.0.19041.746, time stamp: 0xcea263fa
Exception code: 0xc000041d
Fault offset: 0x000000000000dec8
Faulting process id: 0x2a0
Faulting application start time: 0x01d8d853d55c8c3d
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\SystemSettings.DataModel.dll
Report Id: f2903c2d-6928-48e4-9737-edbdfcac88d7
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (10/04/2022 09:32:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchApp.exe version 10.0.19041.2075 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: c84
 
Start Time: 01d8d85a3dfdfa79
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
 
Report Id: 1092ad83-34bb-4aa6-a30b-91dce0479bcf
 
Faulting package full name: Microsoft.Windows.Search_1.14.7.19041_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: ShellFeedsUI
 
Hang type: Quiesce
 
 
System errors:
=============
Error: (10/05/2022 02:52:09 PM) (Source: DCOM) (EventID: 10010) (User: HAL900)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (10/05/2022 02:52:09 PM) (Source: DCOM) (EventID: 10010) (User: HAL900)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (10/05/2022 02:52:09 PM) (Source: DCOM) (EventID: 10010) (User: HAL900)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (10/05/2022 02:52:08 PM) (Source: DCOM) (EventID: 10010) (User: HAL900)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (10/05/2022 01:09:55 PM) (Source: DCOM) (EventID: 10010) (User: HAL900)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (10/05/2022 01:09:55 PM) (Source: DCOM) (EventID: 10010) (User: HAL900)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (10/04/2022 07:49:40 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (10/04/2022 02:15:10 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard F.15 05/17/2010
Motherboard: Hewlett-Packard 363F
Processor: AMD Athlon™ II Dual-Core M300
Percentage of memory in use: 49%
Total physical RAM: 7932.2 MB
Available physical RAM: 4027.02 MB
Total Virtual: 9852.2 MB
Available Virtual: 6024.08 MB
 
==================== Drives ================================
 
Drive c: (C ) (Fixed) (Total:323.26 GB) (Free:275.14 GB) (Model: WD Blue SA510 2.5 500GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: () (Removable) (Total:59.45 GB) (Free:54.98 GB) exFAT
Drive f: (RECOVERY) (Fixed) (Total:21.1 GB) (Free:9.61 GB) (Model: WD Blue SA510 2.5 500GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: WD Blue SA510 2.5 500GB) FAT32
Drive h: (ESD-USB (D:)) (Removable) (Total:28.65 GB) (Free:17.08 GB) NTFS
 
\\?\Volume{7dda13fc-0000-0000-0000-100000000000}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7DDA13FC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=323.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=108 MB) - (Type=0C)
 
==========================================================
Disk: 1 (Size: 59.5 GB) (Disk ID: 9403A996)
Partition 1: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)
 
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 28.7 GB) (Disk ID: 9A17DA42)
Partition 1: (Not Active) - (Size=28.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================
 
Sorry but unable to work with this laptop as it is not responding
Please help me if you are able

Edited by ForrestGump, 06 October 2022 - 08:54 PM.

  • 0

Advertisements

#2
RKinner
Posted 12 October 2022 - 06:48 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Not sure what you meant with your last statement.  Can you still run FRST?  If so try this:

 

 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   4.13KB   280 downloads
 
Run FRST and press Fix.  This will check your system files and hopefully repair any that are broken.  Usually takes about 25 minutes to complete but may time out after one hour if the PC is super slow.  Will reboot when done.
 
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 

  • 0

#3
ForrestGump
Posted 13 October 2022 - 02:40 AM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

.


Edited by ForrestGump, 13 October 2022 - 02:42 AM.

  • 0

#4
ForrestGump
Posted 13 October 2022 - 02:45 AM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

 

Not sure what you meant with your last statement.  Can you still run FRST?  If so try this:

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix.  This will check your system files and hopefully repair any that are broken.  Usually takes about 25 minutes to complete but may time out after one hour if the PC is super slow.  Will reboot when done.
 
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 

 

 

 

.

 

 

 

Not sure what you meant with your last statement.  Can you still run FRST?  If so try this:

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix.  This will check your system files and hopefully repair any that are broken.  Usually takes about 25 minutes to complete but may time out after one hour if the PC is super slow.  Will reboot when done.
 
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 

 

 

 

Not sure what you meant with your last statement.  Can you still run FRST?  If so try this:

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix.  This will check your system files and hopefully repair any that are broken.  Usually takes about 25 minutes to complete but may time out after one hour if the PC is super slow.  Will reboot when done.
 
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2022
Ran by doher (administrator) on HAL900 (Hewlett-Packard HP G61 Notebook PC) (13-10-2022 02:56:28)
Running from C:\Users\doher\OneDrive\Desktop
Loaded Profiles: doher
Platform: Microsoft Windows 10 Pro Version 21H2 19044.2130 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(services.exe ->) (Microsoft Windows -> ) C:\Windows\System32\OpenSSH\ssh-agent.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-03-31] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\Software\...\Authentication\Credential Providers: [{f64945df-4fa9-4068-a2fb-61af319edd33}] -> C:\WINDOWS\system32\rdpcredentialprovider.dll [2022-10-04] (Microsoft Windows -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03EC6479-8F8A-4D7C-83AD-B1CD92525A99} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\doher\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-10-07] (ESET, spol. s r.o. -> ESET)
Task: {1EE213B4-B02E-49F0-8947-708819DF68F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3C7D335C-0590-4CDA-9BCD-7EBD1813A3BF} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\doher\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-10-07] (ESET, spol. s r.o. -> ESET)
Task: {73124902-6910-493C-AC5B-97F525149130} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9E053CAD-5806-41CF-9D8C-6E5FE928ADC0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B5E3E18D-577F-4503-95E0-B96581B2040B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{021fd832-feba-48e3-a654-c7a10dc0b2a2}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{021fd832-feba-48e3-a654-c7a10dc0b2a2}: [DhcpNameServer] 192.168.2.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-13]
Edge Notifications: Default -> hxxps://www.youtube.com
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (DuckDuckGo) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2022-10-04]
Edge Extension: (uBlock Origin) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-10-04]
Edge Extension: (Enhancer for YouTube™) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlgfaleeejmphhnemjgiaekdbonkagkd [2022-10-07]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-10-11]
Edge Extension: (MSN New Tab) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lklfbkdigihjaaeamncibechhgalldgl [2022-10-04]
Edge Extension: (Privacy Badger) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2022-10-04]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224192 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [277232 2022-09-28] (Wondershare Technology Group Co.,Ltd -> Wondershare)
S2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [X]
S2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\ElevationService.exe [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\DriverInstall.exe [X]
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [80280 2022-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [205552 2021-02-12] (RH Software Ltd -> Ray Hinchliffe)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-10-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-10-04] (Microsoft Windows -> Microsoft Corporation)
S1 npcap; \SystemRoot\system32\DRIVERS\npcap.sys [X]
U4 npcap_wifi; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-13 02:08 - 2022-10-13 02:09 - 030831256 _____ (Proton Technologies AG) C:\Users\doher\Downloads\ProtonVPN_win_v2.1.1.exe
2022-10-13 00:41 - 2022-10-13 00:41 - 000000000 _____ C:\Users\doher\whoami
2022-10-13 00:36 - 2022-10-13 00:38 - 000000000 _____ C:\WINDOWS\system32\whoami
2022-10-12 02:53 - 2022-10-12 02:53 - 000000000 ____D C:\Ultfone
2022-10-12 02:43 - 2022-10-12 02:43 - 000000000 ____D C:\Users\doher\AppData\Roaming\TSMonitor
2022-10-12 02:43 - 2022-10-12 02:43 - 000000000 ____D C:\Users\doher\AppData\Roaming\Apple Computer
2022-10-12 02:42 - 2022-10-12 02:42 - 000000000 ____D C:\Program Files (x86)\UltFone
2022-10-12 01:10 - 2022-10-12 02:26 - 000000000 ___HD C:\Wondershare_DrFone_IOSRepair
2022-10-12 00:48 - 2022-10-12 00:48 - 000000016 _____ C:\ProgramData\mntemp
2022-10-12 00:37 - 2022-10-12 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-10-12 00:36 - 2022-10-12 20:13 - 000000000 ____D C:\Users\doher\AppData\Roaming\Wondershare
2022-10-12 00:36 - 2022-10-12 20:13 - 000000000 ____D C:\ProgramData\Wondershare
2022-10-11 18:56 - 2022-10-11 18:56 - 000000000 ____D C:\WINDOWS\Panther
2022-10-11 15:25 - 2022-10-11 16:51 - 000000000 ____D C:\Users\doher\AppData\Roaming\Wireshark
2022-10-11 13:31 - 2022-10-11 13:31 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-11 13:31 - 2022-10-11 13:31 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-11 13:18 - 2022-10-11 13:20 - 000000000 ___HD C:\$WinREAgent
2022-10-11 05:52 - 2022-10-11 05:52 - 000000000 ____D C:\Users\Public\Desktop\CC Support
2022-10-10 02:28 - 2022-10-10 02:28 - 000000000 ___HD C:\$Windows.~WS
2022-10-09 19:29 - 2022-10-09 19:29 - 001666080 _____ (O&O Software GmbH) C:\Users\doher\Downloads\OOSU10.exe
2022-10-09 19:16 - 2022-10-09 19:20 - 000000008 __RSH C:\ProgramData\ntuser.pol
2022-10-09 17:14 - 2022-10-09 17:18 - 000000000 ____D C:\Users\doher\OneDrive\Documents\Security
2022-10-09 13:31 - 2022-10-09 13:31 - 000000000 ____D C:\ProgramData\Package Cache
2022-10-09 09:28 - 2022-10-09 09:28 - 000000000 ____D C:\Users\doher\AppData\Local\OO Software
2022-10-09 08:45 - 2022-10-09 08:45 - 000000000 ____D C:\ProgramData\Sophos
2022-10-09 08:37 - 2022-10-12 02:18 - 000000000 ____D C:\Users\doher\AppData\Local\CrashDumps
2022-10-09 08:37 - 2022-10-09 09:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-10-09 08:26 - 2021-02-12 13:24 - 000205552 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX64.sys
2022-10-09 05:04 - 2022-10-09 05:04 - 000007452 _____ C:\WINDOWS\system32\networksettings.txt
2022-10-08 23:54 - 2022-10-08 23:54 - 000000112 ___SH C:\bootTel.dat
2022-10-08 03:32 - 2022-10-11 17:54 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-10-08 02:43 - 2022-10-08 02:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-10-07 11:38 - 2022-10-07 11:38 - 000003840 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2022-10-07 11:38 - 2022-10-07 11:38 - 000003398 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2022-10-07 11:20 - 2022-10-07 13:49 - 000001384 _____ C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-10-07 11:20 - 2022-10-07 11:20 - 000000000 ____D C:\Users\doher\AppData\Local\ESET
2022-10-07 10:09 - 2022-10-12 23:19 - 000004150 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{E4EC256C-9C8A-4C52-84CF-751FCEF1DC04}
2022-10-07 10:08 - 2022-10-07 10:14 - 000000000 ____D C:\Users\doher\AppData\Local\ElevatedDiagnostics
2022-10-07 09:22 - 2022-10-07 09:22 - 000000000 ____D C:\WINDOWS\pss
2022-10-07 08:07 - 2022-10-07 08:07 - 000000017 _____ C:\Users\doher\AppData\Local\resmon.resmoncfg
2022-10-07 04:29 - 2019-12-07 05:12 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2022-10-07 04:28 - 2022-10-07 20:41 - 000000000 ____D C:\Program Files (x86)\AntiWebMiner
2022-10-07 03:24 - 2022-10-07 03:24 - 000080280 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2022-10-05 17:31 - 2022-10-13 02:57 - 000000000 ____D C:\FRST
2022-10-05 04:26 - 2022-10-11 18:49 - 000000000 ____D C:\Users\doher\AppData\Local\PlaceholderTileLogoFolder
2022-10-05 01:05 - 2022-10-08 03:35 - 000000000 ____D C:\Users\doher\AppData\Local\Opera Software
2022-10-05 01:03 - 2022-10-08 03:35 - 000000000 ____D C:\Users\doher\AppData\Roaming\Opera Software
2022-10-05 00:51 - 2022-10-08 03:33 - 000000000 ____D C:\Users\doher\AppData\Local\Google
2022-10-04 23:50 - 2022-10-04 23:50 - 000000000 ____D C:\Users\doher\AppData\Local\PeerDistRepub
2022-10-04 21:12 - 2022-10-04 21:12 - 000000000 ____D C:\Users\doher\AppData\Local\Apps\2.0
2022-10-04 20:54 - 2022-10-10 22:06 - 000000000 ____D C:\Users\doher\AppData\Local\Comms
2022-10-04 20:12 - 2022-10-04 20:12 - 000000000 ____D C:\Users\doher\AppData\Local\OneDrive
2022-10-04 19:21 - 2022-10-07 13:48 - 000000268 _____ C:\Users\doher\OneDrive\Documents\dism log mar 30 2022.txt
2022-10-04 19:21 - 2022-05-02 17:20 - 461187826 _____ C:\Users\doher\OneDrive\Documents\reg back up may 02 2022 518 pm.reg
2022-10-04 19:21 - 2022-04-26 21:22 - 000000000 _____ C:\Users\doher\OneDrive\Documents\Default.rdp
2022-10-04 19:20 - 2022-10-04 19:20 - 000000000 ____D C:\Users\doher\OneDrive\Documents\PCMark 7
2022-10-04 19:20 - 2022-10-04 19:20 - 000000000 ____D C:\Users\doher\OneDrive\Documents\PassMark
2022-10-04 18:47 - 2022-10-11 13:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-04 18:44 - 2022-10-04 18:44 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-10-04 18:23 - 2022-10-06 18:24 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1890784580-1000596592-3856219040-1001
2022-10-04 18:23 - 2022-10-06 18:24 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1890784580-1000596592-3856219040-1001
2022-10-04 18:23 - 2022-10-04 18:23 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-04 18:22 - 2022-10-11 18:49 - 000000000 ____D C:\Users\doher\AppData\Local\D3DSCache
2022-10-04 18:20 - 2022-10-11 18:44 - 000000000 ____D C:\Users\doher\AppData\Local\Packages
2022-10-04 18:20 - 2022-10-09 07:55 - 000000000 ____D C:\ProgramData\Packages
2022-10-04 18:20 - 2022-10-04 19:19 - 000000000 ____D C:\Users\doher\AppData\Local\ConnectedDevicesPlatform
2022-10-04 18:20 - 2022-10-04 18:20 - 000000020 ___SH C:\Users\doher\ntuser.ini
2022-10-04 18:20 - 2022-10-04 18:20 - 000000000 ____D C:\Users\doher\AppData\Roaming\Adobe
2022-10-04 18:20 - 2022-10-04 18:20 - 000000000 ____D C:\Users\doher\AppData\Local\VirtualStore
2022-10-04 18:20 - 2022-10-04 18:20 - 000000000 ____D C:\Users\doher\AppData\Local\Publishers
2022-10-04 17:32 - 2022-10-04 17:33 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-04 17:28 - 2022-10-04 17:28 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-10-04 17:28 - 2022-10-04 17:28 - 000000000 ____D C:\ProgramData\ssh
2022-10-04 17:20 - 2022-10-04 17:20 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-10-04 17:20 - 2022-10-04 17:20 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-10-04 17:20 - 2022-10-04 17:20 - 000479744 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000188928 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-10-04 17:19 - 2022-10-04 17:19 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-10-04 17:19 - 2022-10-04 17:19 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-10-04 17:18 - 2022-10-04 17:18 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2022-10-04 17:18 - 2022-10-04 17:18 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-10-04 17:18 - 2022-10-04 17:18 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2022-10-04 17:17 - 2022-10-04 17:17 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2022-10-04 17:17 - 2022-10-04 17:17 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2022-10-04 17:16 - 2022-10-04 17:16 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-10-04 17:16 - 2022-10-04 17:16 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-10-04 17:16 - 2022-10-04 17:16 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-10-04 17:16 - 2022-10-04 17:16 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2022-10-04 17:15 - 2022-10-04 17:15 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2022-10-04 17:03 - 2022-10-04 17:03 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-04 17:03 - 2022-10-04 17:03 - 000000000 ____D C:\Program Files\MSBuild
2022-10-04 17:03 - 2022-10-04 17:03 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-04 17:03 - 2022-10-04 17:03 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-04 17:01 - 2022-10-04 17:01 - 000000000 ____D C:\Program Files\Synaptics
2022-10-04 16:59 - 2022-10-04 16:59 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-04 13:53 - 2022-10-13 02:47 - 000776042 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-04 13:48 - 2022-10-13 02:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-04 13:48 - 2022-10-04 18:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-04 13:48 - 2022-10-04 13:48 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{5D5FA87D-8AD4-4FE3-8C9D-AAC9FBF2FC5C}
2022-10-04 13:48 - 2022-10-04 13:48 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{1CC0C225-8D66-4F90-BB26-44AF4225D386}
2022-10-04 13:43 - 2022-10-13 00:41 - 000000000 ____D C:\Users\doher
2022-10-04 13:43 - 2022-10-06 18:24 - 000002385 _____ C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-04 13:40 - 2022-10-04 13:40 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2022-10-04 13:39 - 2022-10-04 13:39 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-10-04 13:39 - 2022-10-04 13:39 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2022-10-04 13:38 - 2022-10-12 20:26 - 000266200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-04 13:38 - 2022-10-12 20:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-04 12:41 - 2022-10-04 13:46 - 000000000 ___HD C:\$SysReset
2022-10-03 04:54 - 2022-10-03 04:55 - 000000000 ____D C:\Users\doher\AppData\LocalLow\IObit
2022-09-25 21:04 - 2022-10-04 19:20 - 000000000 ____D C:\Users\doher\OneDrive\Documents\New folder
2022-09-22 20:48 - 2022-09-22 20:48 - 000004600 _____ C:\Users\doher\OneDrive\Documents\Attossdbenchres.bmk
2022-09-22 20:23 - 2022-09-22 20:23 - 000000000 ____D C:\ATTO
2022-09-22 20:22 - 2022-09-22 20:22 - 003993048 _____ (ATTO Technology, Inc.) C:\Users\doher\Downloads\win_app_benchmark_4000f2.exe
2022-09-22 02:50 - 2022-09-22 02:50 - 000000000 ____D C:\Users\doher\.wdc
2022-09-22 02:32 - 2022-09-22 02:32 - 003637651 _____ C:\Users\doher\Downloads\c01868653.pdf
2022-09-21 00:02 - 2022-09-21 00:02 - 000001024 ____H C:\SYSTAG.BIN
2022-09-20 23:05 - 2022-09-22 23:31 - 000001024 ____H C:\AMTAG.BIN
2022-09-19 22:02 - 2022-09-26 03:09 - 000000000 ____D C:\Users\doher\OneDrive\Documents\AIDA64 Reports
2022-09-19 10:44 - 2022-09-19 21:53 - 000000000 ____D C:\Users\doher\Downloads\aida64business675_portable
2022-09-19 10:44 - 2022-09-19 10:44 - 049661152 _____ C:\Users\doher\Downloads\aida64business675_portable.zip
2022-09-19 03:15 - 2022-09-19 03:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2022-09-18 17:49 - 2022-10-03 08:37 - 000000000 ___HD C:\OneDriveTemp
2022-09-18 17:49 - 2022-09-18 17:49 - 000000000 ____D C:\Users\doher\OneDrive\Documents\Windows Imaging and Configuration Designer (WICD)
2022-09-18 17:49 - 2022-09-18 17:49 - 000000000 ____D C:\Users\doher\OneDrive\Documents\Windows Assessment Console
2022-09-18 17:49 - 2022-09-18 17:49 - 000000000 ____D C:\Users\doher\OneDrive\Documents\Sigcheck
2022-09-18 17:49 - 2022-09-13 23:49 - 000000000 _____ C:\Users\doher\OneDrive\Documents\disk results.txt
2022-09-18 17:49 - 2022-03-21 11:23 - 000000552 _____ C:\Users\doher\OneDrive\Documents\cc_20220321_112309.reg
2022-09-18 17:49 - 2022-03-21 11:21 - 000039364 _____ C:\Users\doher\OneDrive\Documents\cc_20220321_112000.reg
2022-09-18 17:48 - 2022-10-09 08:37 - 000000000 ___RD C:\Users\doher\OneDrive
2022-09-18 17:44 - 2022-10-04 18:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-09-18 17:44 - 2022-10-04 18:20 - 000000000 ___RD C:\Users\doher\3D Objects
2022-09-18 07:41 - 2022-09-18 07:41 - 000000000 _SHDL C:\Documents and Settings
2022-09-18 07:40 - 2022-09-18 07:40 - 000000000 ____D C:\WINDOWS\CSC
2022-09-18 07:31 - 2022-10-11 17:54 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-18 07:26 - 2022-10-13 02:43 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-16 17:10 - 2016-03-31 02:24 - 000772104 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000622784 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2022-09-16 17:10 - 2016-03-31 02:24 - 000430256 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000274968 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000267440 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo31-1.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000052904 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2022-09-16 17:10 - 2016-03-31 02:24 - 000052400 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-13 02:58 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-10-13 02:47 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-10-13 02:45 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-13 02:42 - 2019-12-07 05:03 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2022-10-13 02:31 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-12 20:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-10-11 19:19 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-11 19:19 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-11 18:47 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-10-11 18:47 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-10-11 18:47 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-10-11 18:47 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-10-11 18:47 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-10-11 18:47 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2022-10-11 13:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-11 13:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-11 13:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-11 13:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-11 13:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-09 19:13 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-10-09 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Registration
2022-10-07 20:52 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-10-07 20:52 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-10-07 09:30 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-10-07 08:07 - 2019-12-07 05:14 - 000000000 ____D C:\PerfLogs
2022-10-05 04:38 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-10-05 00:36 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-04 18:43 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-10-04 17:35 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-04 17:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-04 17:28 - 2019-12-07 05:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2022-10-04 17:28 - 2019-12-07 05:51 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2022-10-04 17:26 - 2019-12-07 05:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2022-10-04 17:26 - 2019-12-07 05:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2022-10-04 17:26 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-04 17:26 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-04 17:03 - 2019-12-07 05:52 - 000000000 ____D C:\WINDOWS\OCR
2022-10-04 13:56 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-04 13:55 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-10-04 13:48 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
 
==================== Files in the root of some directories ========
 
2022-10-07 08:07 - 2022-10-07 08:07 - 000000017 _____ () C:\Users\doher\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

  • 0

#5
ForrestGump
Posted 13 October 2022 - 02:48 AM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

 

Not sure what you meant with your last statement.  Can you still run FRST?  If so try this:

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix.  This will check your system files and hopefully repair any that are broken.  Usually takes about 25 minutes to complete but may time out after one hour if the PC is super slow.  Will reboot when done.
 
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2022
Ran by doher (13-10-2022 03:02:08)
Running from C:\Users\doher\OneDrive\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.2130 (X64) (2022-10-04 17:55:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1890784580-1000596592-3856219040-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1890784580-1000596592-3856219040-503 - Limited - Disabled)
doher (S-1-5-21-1890784580-1000596592-3856219040-1001 - Administrator - Enabled) => C:\Users\doher
Guest (S-1-5-21-1890784580-1000596592-3856219040-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1890784580-1000596592-3856219040-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 106.0.1370.42 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.42 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\OneDriveSetup.exe) (Version: 22.196.0918.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-10-07 19:47 - 2022-10-09 14:38 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\doher\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SynTPEnhService => 2
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [TCP Query User{57B47C20-9029-4761-AD7A-A6C2E6D10F33}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{3E8784C4-6284-43DE-B1A2-63A0F2F38DD8}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BC4ECF8C-745F-42D4-8A1D-AAB5B0B99C7D}] => (Allow) C:\Users\doher\Downloads\ios-system-repair.exe => No File
FirewallRules: [{6A070120-A38C-4E1E-A56F-D81717C1E114}] => (Allow) C:\Users\doher\Downloads\ios-system-repair.exe => No File
FirewallRules: [{CC10AA43-FD25-4E58-AD1C-E3859C98B10F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.42\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
07-10-2022 20:48:35 Removed Windows PC Health Check
08-10-2022 23:33:36 Restore Point Created by FRST
09-10-2022 08:25:39 TRON v12.0.3: Pre-run checkpoint
11-10-2022 07:18:17 Removed Windows PC Health Check
11-10-2022 13:20:54 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
 
System errors:
=============
Error: (10/13/2022 02:45:23 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Microsoft App-V Client service terminated with the following service-specific error: 
There is no MTS object context
 
Error: (10/13/2022 02:43:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
Error: (10/13/2022 02:43:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WsDrvInst service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (10/13/2022 02:43:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ElevationService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (10/13/2022 02:43:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DFWSIDService service failed to start due to the following error: 
The system cannot find the file specified.
 
 
Windows Defender:
================
Date: 2022-10-13 03:02:17
Description: 
C:\Windows\System32\rundll32.exe has been blocked from modifying %userprofile%\Favorites by Controlled Folder Access.
Detection time: 2022-10-13T07:02:17.685Z
Path: %userprofile%\Favorites
Process Name: C:\Windows\System32\rundll32.exe
Security intelligence Version: 1.377.146.0
Engine Version: 1.1.19700.3
Product Version: 4.18.2207.7
 
Date: 2022-10-13 03:02:17
Description: 
C:\Windows\System32\rundll32.exe has been blocked from modifying %userprofile%\Favorites by Controlled Folder Access.
Detection time: 2022-10-13T07:02:17.683Z
Path: %userprofile%\Favorites
Process Name: C:\Windows\System32\rundll32.exe
Security intelligence Version: 1.377.146.0
Engine Version: 1.1.19700.3
Product Version: 4.18.2207.7
 
Date: 2022-10-13 03:02:17
Description: 
C:\Windows\System32\rundll32.exe has been blocked from modifying %userprofile%\Favorites by Controlled Folder Access.
Detection time: 2022-10-13T07:02:17.679Z
Path: %userprofile%\Favorites
Process Name: C:\Windows\System32\rundll32.exe
Security intelligence Version: 1.377.146.0
Engine Version: 1.1.19700.3
Product Version: 4.18.2207.7
 
Date: 2022-10-13 03:02:17
Description: 
C:\Windows\System32\rundll32.exe has been blocked from modifying %userprofile%\Favorites by Controlled Folder Access.
Detection time: 2022-10-13T07:02:17.676Z
Path: %userprofile%\Favorites
Process Name: C:\Windows\System32\rundll32.exe
Security intelligence Version: 1.377.146.0
Engine Version: 1.1.19700.3
Product Version: 4.18.2207.7
Event[0]:
 
Date: 2022-10-13 02:53:54
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.377.146.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.19700.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard F.15 05/17/2010
Motherboard: Hewlett-Packard 363F
Processor: AMD Athlon™ II Dual-Core M300
Percentage of memory in use: 44%
Total physical RAM: 7932.2 MB
Available physical RAM: 4391.67 MB
Total Virtual: 9212.2 MB
Available Virtual: 5832.68 MB
 
==================== Drives ================================
 
Drive c: (C ) (Fixed) (Total:444.36 GB) (Free:383.34 GB) (Model: WD Blue SA510 2.5 500GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (RECOVERY) (Fixed) (Total:21.1 GB) (Free:9.64 GB) (Model: WD Blue SA510 2.5 500GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: WD Blue SA510 2.5 500GB) FAT32
 
\\?\Volume{7dda13fc-0000-0000-0000-100000000000}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7DDA13FC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=108 MB) - (Type=0C)
 
==================== End of Addition.txt =======================

  • 0

#6
ForrestGump
Posted 13 October 2022 - 02:53 AM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

 

Not sure what you meant with your last statement.  Can you still run FRST?  If so try this:

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix.  This will check your system files and hopefully repair any that are broken.  Usually takes about 25 minutes to complete but may time out after one hour if the PC is super slow.  Will reboot when done.
 
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2022
Ran by doher (13-10-2022 02:23:51) Run:2
Running from C:\Users\doher\OneDrive\Desktop
Loaded Profiles: doher
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" (No File)
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\doher\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" (No File)
Edge Extension: (Enhancer for YouTube™) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlgfaleeejmphhnemjgiaekdbonkagkd [2022-10-04]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-10-04]
Edge Extension: (MSN New Tab) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lklfbkdigihjaaeamncibechhgalldgl [2022-10-04]
Edge Extension: (Privacy Badger) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2022-10-04]
CHR Extension: (Enhancer for YouTube™) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2022-10-05]
S3 MirayRAMDrive; C:\WINDOWS\System32\drivers\mrdo.sys [65488 2022-02-10] (Miray Software AG -> Miray)
CMD: ping google.com
CMD: tracert -d google.com
CMD: netstat -rn
CMD: ipconfig /all
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
"HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => not found
"HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => not found
"HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 21.220.1024.0005\amd64" => not found
"HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 21.220.1024.0005" => not found
Edge Extension: (Enhancer for YouTube™) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlgfaleeejmphhnemjgiaekdbonkagkd [2022-10-04] => Error: No automatic fix found for this entry.
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-10-04] => Error: No automatic fix found for this entry.
Edge Extension: (MSN New Tab) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lklfbkdigihjaaeamncibechhgalldgl [2022-10-04] => Error: No automatic fix found for this entry.
Edge Extension: (Privacy Badger) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2022-10-04] => Error: No automatic fix found for this entry.
CHR Extension: (Enhancer for YouTube™) - C:\Users\doher\AppData\Local\Google\Chrome\User Data\Default\Extensions\ponfpcnoihfmfllpaingbgckeeldkhle [2022-10-05] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\MirayRAMDrive => removed successfully
MirayRAMDrive => service removed successfully
 
========= ping google.com =========
 
 
Pinging google.com [172.217.1.110] with 32 bytes of data:
Reply from 172.217.1.110: bytes=32 time=13ms TTL=57
Reply from 172.217.1.110: bytes=32 time=13ms TTL=57
Reply from 172.217.1.110: bytes=32 time=13ms TTL=57
Reply from 172.217.1.110: bytes=32 time=13ms TTL=57
 
Ping statistics for 172.217.1.110:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 13ms, Average = 13ms
 
========= End of CMD: =========
 
 
========= tracert -d google.com =========
 
 
Tracing route to google.com [172.217.1.110]
over a maximum of 30 hops:
 
  1    <1 ms    <1 ms    <1 ms  192.168.2.1 
  2     6 ms     1 ms    10 ms  10.11.7.73 
  3     *        *        *     Request timed out.
  4     3 ms     3 ms     3 ms  64.230.59.204 
  5     4 ms     3 ms     3 ms  142.124.127.215 
  6     2 ms     2 ms     1 ms  64.230.97.179 
  7     2 ms     5 ms     2 ms  72.14.218.134 
  8     3 ms     2 ms     2 ms  74.125.244.167 
  9    15 ms    15 ms    15 ms  172.253.64.252 
 10    15 ms    16 ms    15 ms  216.239.59.150 
 11    13 ms    13 ms    13 ms  108.170.244.1 
 12    14 ms    13 ms    13 ms  142.251.231.247 
 13    13 ms    12 ms    12 ms  172.217.1.110 
 
Trace complete.
 
========= End of CMD: =========
 
 
========= netstat -rn =========
 
===========================================================================
Interface List
  6...0c ee e6 c9 1e 50 ......Qualcomm Atheros AR9285 802.11b|g|n WiFi Adapter
  7...1e ee e6 c9 1e 50 ......Microsoft Wi-Fi Direct Virtual Adapter
  5...2e ee e6 c9 1e 50 ......Microsoft Wi-Fi Direct Virtual Adapter #2
  2...00 26 9e 74 03 8b ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.11     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.2.0    255.255.255.0         On-link      192.168.2.11    291
     192.168.2.11  255.255.255.255         On-link      192.168.2.11    291
    192.168.2.255  255.255.255.255         On-link      192.168.2.11    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.2.11    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.2.11    291
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  2    291 fe80::/64                On-link
  2    291 fe80::bc40:9791:2540:1fa3/128
                                    On-link
  1    331 ff00::/8                 On-link
  2    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
========= End of CMD: =========
 
 
========= ipconfig /all =========
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : HAL900
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR9285 802.11b|g|n WiFi Adapter
   Physical Address. . . . . . . . . : 0C-EE-E6-C9-1E-50
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 8:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 1E-EE-E6-C9-1E-50
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 10:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 2E-EE-E6-C9-1E-50
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-26-9E-74-03-8B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bc40:9791:2540:1fa3%2(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.2.11(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, 12 October 2022 8:26:38 PM
   Lease Expires . . . . . . . . . . : Saturday, 15 October 2022 8:26:37 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 100673182
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-CE-28-4B-00-26-9E-74-03-8B
   DNS Servers . . . . . . . . . . . : 1.1.1.1
                                       1.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
========= End of CMD: =========
 
 
========= DISM /Online /Cleanup-Image /RestoreHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.19041.844
 
Image Version: 10.0.19044.2130
 
 
[==                         3.8%                           ] 
 
[==                         4.0%                           ] 
 
[==                         4.5%                           ] 
 
[==                         4.9%                           ] 
 
[===                        5.4%                           ] 
 
[===                        5.9%                           ] 
 
[===                        6.4%                           ] 
 
[====                       7.2%                           ] 
 
[====                       8.2%                           ] 
 
[====                       8.5%                           ] 
 
[=====                      9.4%                           ] 
 
[======                     10.4%                          ] 
 
[======                     11.4%                          ] 
 
[=======                    12.4%                          ] 
 
[=======                    13.3%                          ] 
 
[========                   14.0%                          ] 
 
[========                   14.4%                          ] 
 
[========                   15.2%                          ] 
 
[=========                  16.2%                          ] 
 
[=========                  16.8%                          ] 
 
[=========                  17.1%                          ] 
 
[==========                 17.8%                          ] 
 
[==========                 18.0%                          ] 
 
[==========                 18.0%                          ] 
 
[==========                 18.3%                          ] 
 
[==========                 18.7%                          ] 
 
[==========                 18.9%                          ] 
 
[===========                19.3%                          ] 
 
[===========                19.4%                          ] 
 
[===========                19.4%                          ] 
 
[===========                19.5%                          ] 
 
[===========                19.5%                          ] 
 
[===========                19.5%                          ] 
 
[===========                19.6%                          ] 
 
[===========                19.9%                          ] 
 
[===========                20.2%                          ] 
 
[===========                20.5%                          ] 
 
[============               20.8%                          ] 
 
[============               20.8%                          ] 
 
[============               21.7%                          ] 
 
[=============              22.7%                          ] 
 
[=============              23.7%                          ] 
 
[==============             24.6%                          ] 
 
[==============             25.5%                          ] 
 
[===============            26.2%                          ] 
 
[===============            27.2%                          ] 
 
[===============            27.3%                          ] 
 
[===============            27.5%                          ] 
 
[================           27.9%                          ] 
 
[================           28.3%                          ] 
 
[================           28.8%                          ] 
 
[=================          29.7%                          ] 
 
[=================          29.7%                          ] 
 
[=================          29.9%                          ] 
 
[=================          30.0%                          ] 
 
[=================          30.1%                          ] 
 
[=================          30.5%                          ] 
 
[==================         31.5%                          ] 
 
[==================         31.7%                          ] 
 
[==================         31.8%                          ] 
 
[==================         32.0%                          ] 
 
[==================         32.2%                          ] 
 
[==================         32.2%                          ] 
 
[==================         32.6%                          ] 
 
[===================        32.8%                          ] 
 
[===================        32.9%                          ] 
 
[===================        32.9%                          ] 
 
[===================        33.0%                          ] 
 
[===================        33.1%                          ] 
 
[===================        33.2%                          ] 
 
[===================        33.3%                          ] 
 
[===================        33.4%                          ] 
 
[===================        33.4%                          ] 
 
[===================        33.5%                          ] 
 
[===================        33.6%                          ] 
 
[===================        33.7%                          ] 
 
[===================        33.9%                          ] 
 
[===================        34.0%                          ] 
 
[===================        34.1%                          ] 
 
[===================        34.2%                          ] 
 
[===================        34.3%                          ] 
 
[===================        34.3%                          ] 
 
[===================        34.4%                          ] 
 
[====================       34.5%                          ] 
 
[====================       34.5%                          ] 
 
[====================       34.6%                          ] 
 
[====================       34.8%                          ] 
 
[====================       34.9%                          ] 
 
[====================       34.9%                          ] 
 
[====================       35.1%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.2%                          ] 
 
[====================       35.5%                          ] 
 
[====================       35.5%                          ] 
 
[====================       35.7%                          ] 
 
[====================       35.9%                          ] 
 
[====================       36.2%                          ] 
 
[=====================      36.5%                          ] 
 
[=====================      37.1%                          ] 
 
[=====================      37.1%                          ] 
 
[=====================      37.5%                          ] 
 
[=====================      37.7%                          ] 
 
[======================     38.0%                          ] 
 
[======================     38.1%                          ] 
 
[======================     38.2%                          ] 
 
[======================     38.3%                          ] 
 
[======================     38.4%                          ] 
 
[======================     38.4%                          ] 
 
[======================     38.9%                          ] 
 
[======================     39.0%                          ] 
 
[======================     39.5%                          ] 
 
[=======================    40.0%                          ] 
 
[=======================    41.0%                          ] 
 
[========================   42.0%                          ] 
 
[========================   42.8%                          ] 
 
[=========================  43.8%                          ] 
 
[=========================  44.8%                          ] 
 
[========================== 45.4%                          ] 
 
[========================== 46.4%                          ] 
 
[===========================47.4%                          ] 
 
[===========================48.4%                          ] 
 
[===========================49.4%                          ] 
 
[===========================50.3%                          ] 
 
[===========================51.3%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.3%                          ] 
 
[===========================52.4%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.5%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.6%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.8%                          ] 
 
[===========================52.9%                          ] 
 
[===========================52.9%                          ] 
 
[===========================53.0%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.1%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.2%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.3%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.4%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.5%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.7%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.8%                          ] 
 
[===========================53.9%                          ] 
 
[===========================53.9%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.0%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.1%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.2%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.3%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.4%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.6%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.7%                          ] 
 
[===========================54.8%                          ] 
 
[===========================54.9%                          ] 
 
[===========================55.0%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.1%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.2%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.3%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.4%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.5%                          ] 
 
[===========================55.6%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.7%                          ] 
 
[===========================55.8%                          ] 
 
[===========================56.0%                          ] 
 
[===========================56.2%                          ] 
 
[===========================56.8%                          ] 
 
[===========================57.2%=                         ] 
 
[===========================57.4%=                         ] 
 
[===========================58.3%=                         ] 
 
[===========================59.3%==                        ] 
 
[===========================59.8%==                        ] 
 
[===========================62.3%====                      ] 
 
[===========================84.9%=================         ] 
 
[==========================100.0%==========================] 
The restore operation completed successfully.
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= SFC /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
 
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 7% complete.
Verification 8% complete.
Verification 9% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 11% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 21% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 23% complete.
Verification 24% complete.
Verification 25% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 35% complete.
Verification 36% complete.
Verification 37% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 39% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 49% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 51% complete.
Verification 52% complete.
Verification 53% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 63% complete.
Verification 64% complete.
Verification 65% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 67% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 77% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 79% complete.
Verification 80% complete.
Verification 81% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 91% complete.
Verification 92% complete.
Verification 93% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 98% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
 
 
Windows Resource Protection did not find any integrity violations.
 
 
========= End of CMD: =========
 
 
========= findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log =========
 
2022-10-13 02:32:07, Info                  CSI    00000013 [SR] Verifying 100 components
2022-10-13 02:32:07, Info                  CSI    00000014 [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:07, Info                  CSI    00000015 [SR] Verify complete
2022-10-13 02:32:08, Info                  CSI    00000016 [SR] Verifying 100 components
2022-10-13 02:32:08, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:08, Info                  CSI    00000018 [SR] Verify complete
2022-10-13 02:32:09, Info                  CSI    00000019 [SR] Verifying 100 components
2022-10-13 02:32:09, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:09, Info                  CSI    0000001b [SR] Verify complete
2022-10-13 02:32:10, Info                  CSI    0000001c [SR] Verifying 100 components
2022-10-13 02:32:10, Info                  CSI    0000001d [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:12, Info                  CSI    0000001e [SR] Verify complete
2022-10-13 02:32:12, Info                  CSI    0000001f [SR] Verifying 100 components
2022-10-13 02:32:12, Info                  CSI    00000020 [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:13, Info                  CSI    00000021 [SR] Verify complete
2022-10-13 02:32:14, Info                  CSI    00000022 [SR] Verifying 100 components
2022-10-13 02:32:14, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:16, Info                  CSI    00000024 [SR] Verify complete
2022-10-13 02:32:16, Info                  CSI    00000025 [SR] Verifying 100 components
2022-10-13 02:32:16, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:20, Info                  CSI    00000027 [SR] Verify complete
2022-10-13 02:32:20, Info                  CSI    00000028 [SR] Verifying 100 components
2022-10-13 02:32:20, Info                  CSI    00000029 [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:29, Info                  CSI    0000002a [SR] Verify complete
2022-10-13 02:32:29, Info                  CSI    0000002b [SR] Verifying 100 components
2022-10-13 02:32:29, Info                  CSI    0000002c [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:41, Info                  CSI    0000002d [SR] Verify complete
2022-10-13 02:32:41, Info                  CSI    0000002e [SR] Verifying 100 components
2022-10-13 02:32:41, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:43, Info                  CSI    00000030 [SR] Verify complete
2022-10-13 02:32:44, Info                  CSI    00000031 [SR] Verifying 100 components
2022-10-13 02:32:44, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:44, Info                  CSI    00000033 [SR] Verify complete
2022-10-13 02:32:45, Info                  CSI    00000034 [SR] Verifying 100 components
2022-10-13 02:32:45, Info                  CSI    00000035 [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:47, Info                  CSI    00000037 [SR] Verify complete
2022-10-13 02:32:47, Info                  CSI    00000038 [SR] Verifying 100 components
2022-10-13 02:32:47, Info                  CSI    00000039 [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:49, Info                  CSI    0000003b [SR] Verify complete
2022-10-13 02:32:50, Info                  CSI    0000003c [SR] Verifying 100 components
2022-10-13 02:32:50, Info                  CSI    0000003d [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:51, Info                  CSI    0000003e [SR] Verify complete
2022-10-13 02:32:51, Info                  CSI    0000003f [SR] Verifying 100 components
2022-10-13 02:32:51, Info                  CSI    00000040 [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:53, Info                  CSI    00000041 [SR] Verify complete
2022-10-13 02:32:53, Info                  CSI    00000042 [SR] Verifying 100 components
2022-10-13 02:32:53, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:55, Info                  CSI    00000045 [SR] Verify complete
2022-10-13 02:32:55, Info                  CSI    00000046 [SR] Verifying 100 components
2022-10-13 02:32:55, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
2022-10-13 02:32:57, Info                  CSI    0000004a [SR] Verify complete
2022-10-13 02:32:57, Info                  CSI    0000004b [SR] Verifying 100 components
2022-10-13 02:32:57, Info                  CSI    0000004c [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:00, Info                  CSI    0000004f [SR] Verify complete
2022-10-13 02:33:01, Info                  CSI    00000050 [SR] Verifying 100 components
2022-10-13 02:33:01, Info                  CSI    00000051 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:04, Info                  CSI    00000055 [SR] Verify complete
2022-10-13 02:33:04, Info                  CSI    00000056 [SR] Verifying 100 components
2022-10-13 02:33:04, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:06, Info                  CSI    00000058 [SR] Verify complete
2022-10-13 02:33:06, Info                  CSI    00000059 [SR] Verifying 100 components
2022-10-13 02:33:06, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:08, Info                  CSI    0000005b [SR] Verify complete
2022-10-13 02:33:08, Info                  CSI    0000005c [SR] Verifying 100 components
2022-10-13 02:33:08, Info                  CSI    0000005d [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:10, Info                  CSI    0000005e [SR] Verify complete
2022-10-13 02:33:10, Info                  CSI    0000005f [SR] Verifying 100 components
2022-10-13 02:33:10, Info                  CSI    00000060 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:12, Info                  CSI    00000061 [SR] Verify complete
2022-10-13 02:33:12, Info                  CSI    00000062 [SR] Verifying 100 components
2022-10-13 02:33:12, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:15, Info                  CSI    00000065 [SR] Verify complete
2022-10-13 02:33:15, Info                  CSI    00000066 [SR] Verifying 100 components
2022-10-13 02:33:15, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:17, Info                  CSI    00000068 [SR] Verify complete
2022-10-13 02:33:17, Info                  CSI    00000069 [SR] Verifying 100 components
2022-10-13 02:33:17, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:19, Info                  CSI    0000006b [SR] Verify complete
2022-10-13 02:33:19, Info                  CSI    0000006c [SR] Verifying 100 components
2022-10-13 02:33:19, Info                  CSI    0000006d [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:21, Info                  CSI    0000006e [SR] Verify complete
2022-10-13 02:33:21, Info                  CSI    0000006f [SR] Verifying 100 components
2022-10-13 02:33:21, Info                  CSI    00000070 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:22, Info                  CSI    00000071 [SR] Verify complete
2022-10-13 02:33:23, Info                  CSI    00000072 [SR] Verifying 100 components
2022-10-13 02:33:23, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:25, Info                  CSI    00000075 [SR] Verify complete
2022-10-13 02:33:25, Info                  CSI    00000076 [SR] Verifying 100 components
2022-10-13 02:33:25, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:26, Info                  CSI    00000078 [SR] Verify complete
2022-10-13 02:33:26, Info                  CSI    00000079 [SR] Verifying 100 components
2022-10-13 02:33:26, Info                  CSI    0000007a [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:28, Info                  CSI    0000007b [SR] Verify complete
2022-10-13 02:33:28, Info                  CSI    0000007c [SR] Verifying 100 components
2022-10-13 02:33:28, Info                  CSI    0000007d [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:29, Info                  CSI    0000007e [SR] Verify complete
2022-10-13 02:33:29, Info                  CSI    0000007f [SR] Verifying 100 components
2022-10-13 02:33:29, Info                  CSI    00000080 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:30, Info                  CSI    00000081 [SR] Verify complete
2022-10-13 02:33:30, Info                  CSI    00000082 [SR] Verifying 100 components
2022-10-13 02:33:30, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:31, Info                  CSI    00000084 [SR] Verify complete
2022-10-13 02:33:32, Info                  CSI    00000085 [SR] Verifying 100 components
2022-10-13 02:33:32, Info                  CSI    00000086 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:33, Info                  CSI    00000087 [SR] Verify complete
2022-10-13 02:33:33, Info                  CSI    00000088 [SR] Verifying 100 components
2022-10-13 02:33:33, Info                  CSI    00000089 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:35, Info                  CSI    0000008b [SR] Verify complete
2022-10-13 02:33:36, Info                  CSI    0000008c [SR] Verifying 100 components
2022-10-13 02:33:36, Info                  CSI    0000008d [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:38, Info                  CSI    0000008f [SR] Verify complete
2022-10-13 02:33:38, Info                  CSI    00000090 [SR] Verifying 100 components
2022-10-13 02:33:38, Info                  CSI    00000091 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:40, Info                  CSI    00000092 [SR] Verify complete
2022-10-13 02:33:40, Info                  CSI    00000093 [SR] Verifying 100 components
2022-10-13 02:33:40, Info                  CSI    00000094 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:42, Info                  CSI    00000096 [SR] Verify complete
2022-10-13 02:33:42, Info                  CSI    00000097 [SR] Verifying 100 components
2022-10-13 02:33:42, Info                  CSI    00000098 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:46, Info                  CSI    00000099 [SR] Verify complete
2022-10-13 02:33:46, Info                  CSI    0000009a [SR] Verifying 100 components
2022-10-13 02:33:46, Info                  CSI    0000009b [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:48, Info                  CSI    000000a0 [SR] Verify complete
2022-10-13 02:33:48, Info                  CSI    000000a1 [SR] Verifying 100 components
2022-10-13 02:33:48, Info                  CSI    000000a2 [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:54, Info                  CSI    000000ad [SR] Verify complete
2022-10-13 02:33:54, Info                  CSI    000000ae [SR] Verifying 100 components
2022-10-13 02:33:54, Info                  CSI    000000af [SR] Beginning Verify and Repair transaction
2022-10-13 02:33:56, Info                  CSI    000000b1 [SR] Verify complete
2022-10-13 02:33:56, Info                  CSI    000000b2 [SR] Verifying 100 components
2022-10-13 02:33:56, Info                  CSI    000000b3 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:01, Info                  CSI    000000ba [SR] Verify complete
2022-10-13 02:34:01, Info                  CSI    000000bb [SR] Verifying 100 components
2022-10-13 02:34:01, Info                  CSI    000000bc [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:03, Info                  CSI    000000bd [SR] Verify complete
2022-10-13 02:34:03, Info                  CSI    000000be [SR] Verifying 100 components
2022-10-13 02:34:03, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:04, Info                  CSI    000000c0 [SR] Verify complete
2022-10-13 02:34:04, Info                  CSI    000000c1 [SR] Verifying 100 components
2022-10-13 02:34:04, Info                  CSI    000000c2 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:07, Info                  CSI    000000c4 [SR] Verify complete
2022-10-13 02:34:07, Info                  CSI    000000c5 [SR] Verifying 100 components
2022-10-13 02:34:07, Info                  CSI    000000c6 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:08, Info                  CSI    000000c7 [SR] Verify complete
2022-10-13 02:34:08, Info                  CSI    000000c8 [SR] Verifying 100 components
2022-10-13 02:34:08, Info                  CSI    000000c9 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:09, Info                  CSI    000000ca [SR] Verify complete
2022-10-13 02:34:09, Info                  CSI    000000cb [SR] Verifying 100 components
2022-10-13 02:34:09, Info                  CSI    000000cc [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:11, Info                  CSI    000000ce [SR] Verify complete
2022-10-13 02:34:12, Info                  CSI    000000cf [SR] Verifying 100 components
2022-10-13 02:34:12, Info                  CSI    000000d0 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:16, Info                  CSI    000000d3 [SR] Verify complete
2022-10-13 02:34:17, Info                  CSI    000000d4 [SR] Verifying 100 components
2022-10-13 02:34:17, Info                  CSI    000000d5 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:21, Info                  CSI    000000d9 [SR] Verify complete
2022-10-13 02:34:21, Info                  CSI    000000da [SR] Verifying 100 components
2022-10-13 02:34:21, Info                  CSI    000000db [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:24, Info                  CSI    000000de [SR] Verify complete
2022-10-13 02:34:24, Info                  CSI    000000df [SR] Verifying 100 components
2022-10-13 02:34:24, Info                  CSI    000000e0 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:26, Info                  CSI    000000e1 [SR] Verify complete
2022-10-13 02:34:26, Info                  CSI    000000e2 [SR] Verifying 100 components
2022-10-13 02:34:26, Info                  CSI    000000e3 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:27, Info                  CSI    000000e4 [SR] Verify complete
2022-10-13 02:34:27, Info                  CSI    000000e5 [SR] Verifying 100 components
2022-10-13 02:34:27, Info                  CSI    000000e6 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:28, Info                  CSI    000000e7 [SR] Verify complete
2022-10-13 02:34:29, Info                  CSI    000000e8 [SR] Verifying 100 components
2022-10-13 02:34:29, Info                  CSI    000000e9 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:30, Info                  CSI    000000ea [SR] Verify complete
2022-10-13 02:34:30, Info                  CSI    000000eb [SR] Verifying 100 components
2022-10-13 02:34:30, Info                  CSI    000000ec [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:36, Info                  CSI    000000ee [SR] Verify complete
2022-10-13 02:34:36, Info                  CSI    000000ef [SR] Verifying 100 components
2022-10-13 02:34:36, Info                  CSI    000000f0 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:37, Info                  CSI    000000f1 [SR] Verify complete
2022-10-13 02:34:37, Info                  CSI    000000f2 [SR] Verifying 100 components
2022-10-13 02:34:37, Info                  CSI    000000f3 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:39, Info                  CSI    000000f5 [SR] Verify complete
2022-10-13 02:34:39, Info                  CSI    000000f6 [SR] Verifying 100 components
2022-10-13 02:34:39, Info                  CSI    000000f7 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:43, Info                  CSI    000000fa [SR] Verify complete
2022-10-13 02:34:43, Info                  CSI    000000fb [SR] Verifying 100 components
2022-10-13 02:34:43, Info                  CSI    000000fc [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:45, Info                  CSI    000000fe [SR] Verify complete
2022-10-13 02:34:45, Info                  CSI    000000ff [SR] Verifying 100 components
2022-10-13 02:34:45, Info                  CSI    00000100 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:47, Info                  CSI    00000101 [SR] Verify complete
2022-10-13 02:34:47, Info                  CSI    00000102 [SR] Verifying 100 components
2022-10-13 02:34:47, Info                  CSI    00000103 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:48, Info                  CSI    00000105 [SR] Verify complete
2022-10-13 02:34:49, Info                  CSI    00000106 [SR] Verifying 100 components
2022-10-13 02:34:49, Info                  CSI    00000107 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:51, Info                  CSI    0000010a [SR] Verify complete
2022-10-13 02:34:51, Info                  CSI    0000010b [SR] Verifying 100 components
2022-10-13 02:34:51, Info                  CSI    0000010c [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:53, Info                  CSI    0000010e [SR] Verify complete
2022-10-13 02:34:54, Info                  CSI    0000010f [SR] Verifying 100 components
2022-10-13 02:34:54, Info                  CSI    00000110 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:55, Info                  CSI    00000111 [SR] Verify complete
2022-10-13 02:34:56, Info                  CSI    00000112 [SR] Verifying 100 components
2022-10-13 02:34:56, Info                  CSI    00000113 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:58, Info                  CSI    00000115 [SR] Verify complete
2022-10-13 02:34:58, Info                  CSI    00000116 [SR] Verifying 100 components
2022-10-13 02:34:58, Info                  CSI    00000117 [SR] Beginning Verify and Repair transaction
2022-10-13 02:34:59, Info                  CSI    00000118 [SR] Verify complete
2022-10-13 02:34:59, Info                  CSI    00000119 [SR] Verifying 100 components
2022-10-13 02:34:59, Info                  CSI    0000011a [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:00, Info                  CSI    0000011b [SR] Verify complete
2022-10-13 02:35:01, Info                  CSI    0000011c [SR] Verifying 100 components
2022-10-13 02:35:01, Info                  CSI    0000011d [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:03, Info                  CSI    00000122 [SR] Verify complete
2022-10-13 02:35:04, Info                  CSI    00000123 [SR] Verifying 100 components
2022-10-13 02:35:04, Info                  CSI    00000124 [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:05, Info                  CSI    00000125 [SR] Verify complete
2022-10-13 02:35:05, Info                  CSI    00000126 [SR] Verifying 100 components
2022-10-13 02:35:05, Info                  CSI    00000127 [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:08, Info                  CSI    00000129 [SR] Verify complete
2022-10-13 02:35:08, Info                  CSI    0000012a [SR] Verifying 100 components
2022-10-13 02:35:08, Info                  CSI    0000012b [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:10, Info                  CSI    0000012c [SR] Verify complete
2022-10-13 02:35:11, Info                  CSI    0000012d [SR] Verifying 100 components
2022-10-13 02:35:11, Info                  CSI    0000012e [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:13, Info                  CSI    0000012f [SR] Verify complete
2022-10-13 02:35:13, Info                  CSI    00000130 [SR] Verifying 100 components
2022-10-13 02:35:13, Info                  CSI    00000131 [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:14, Info                  CSI    00000132 [SR] Verify complete
2022-10-13 02:35:15, Info                  CSI    00000133 [SR] Verifying 100 components
2022-10-13 02:35:15, Info                  CSI    00000134 [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:16, Info                  CSI    00000135 [SR] Verify complete
2022-10-13 02:35:16, Info                  CSI    00000136 [SR] Verifying 100 components
2022-10-13 02:35:16, Info                  CSI    00000137 [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:18, Info                  CSI    00000138 [SR] Verify complete
2022-10-13 02:35:18, Info                  CSI    00000139 [SR] Verifying 100 components
2022-10-13 02:35:18, Info                  CSI    0000013a [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:20, Info                  CSI    0000013b [SR] Verify complete
2022-10-13 02:35:20, Info                  CSI    0000013c [SR] Verifying 100 components
2022-10-13 02:35:20, Info                  CSI    0000013d [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:22, Info                  CSI    0000013e [SR] Verify complete
2022-10-13 02:35:22, Info                  CSI    0000013f [SR] Verifying 100 components
2022-10-13 02:35:22, Info                  CSI    00000140 [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:26, Info                  CSI    00000142 [SR] Verify complete
2022-10-13 02:35:27, Info                  CSI    00000143 [SR] Verifying 100 components
2022-10-13 02:35:27, Info                  CSI    00000144 [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:28, Info                  CSI    00000146 [SR] Verify complete
2022-10-13 02:35:29, Info                  CSI    00000147 [SR] Verifying 100 components
2022-10-13 02:35:29, Info                  CSI    00000148 [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:32, Info                  CSI    0000014d [SR] Verify complete
2022-10-13 02:35:33, Info                  CSI    0000014e [SR] Verifying 100 components
2022-10-13 02:35:33, Info                  CSI    0000014f [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:36, Info                  CSI    00000153 [SR] Verify complete
2022-10-13 02:35:36, Info                  CSI    00000154 [SR] Verifying 100 components
2022-10-13 02:35:36, Info                  CSI    00000155 [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:40, Info                  CSI    0000015b [SR] Verify complete
2022-10-13 02:35:41, Info                  CSI    0000015c [SR] Verifying 100 components
2022-10-13 02:35:41, Info                  CSI    0000015d [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:43, Info                  CSI    0000015e [SR] Verify complete
2022-10-13 02:35:44, Info                  CSI    0000015f [SR] Verifying 100 components
2022-10-13 02:35:44, Info                  CSI    00000160 [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:49, Info                  CSI    0000016b [SR] Verify complete
2022-10-13 02:35:50, Info                  CSI    0000016c [SR] Verifying 100 components
2022-10-13 02:35:50, Info                  CSI    0000016d [SR] Beginning Verify and Repair transaction
2022-10-13 02:35:58, Info                  CSI    00000171 [SR] Verify complete
2022-10-13 02:35:59, Info                  CSI    00000172 [SR] Verifying 100 components
2022-10-13 02:35:59, Info                  CSI    00000173 [SR] Beginning Verify and Repair transaction
2022-10-13 02:36:02, Info                  CSI    00000176 [SR] Verify complete
2022-10-13 02:36:02, Info                  CSI    00000177 [SR] Verifying 100 components
2022-10-13 02:36:02, Info                  CSI    00000178 [SR] Beginning Verify and Repair transaction
2022-10-13 02:36:05, Info                  CSI    0000017c [SR] Verify complete
2022-10-13 02:36:06, Info                  CSI    0000017d [SR] Verifying 100 components
2022-10-13 02:36:06, Info                  CSI    0000017e [SR] Beginning Verify and Repair transaction
2022-10-13 02:36:10, Info                  CSI    00000181 [SR] Verify complete
2022-10-13 02:36:11, Info                  CSI    00000182 [SR] Verifying 100 components
2022-10-13 02:36:11, Info                  CSI    00000183 [SR] Beginning Verify and Repair transaction
2022-10-13 02:36:19, Info                  CSI    0000018b [SR] Verify complete
2022-10-13 02:36:20, Info                  CSI    0000018c [SR] Verifying 100 components
2022-10-13 02:36:20, Info                  CSI    0000018d [SR] Beginning Verify and Repair transaction
2022-10-13 02:36:22, Info                  CSI    0000018f [SR] Verify complete
2022-10-13 02:36:23, Info                  CSI    00000190 [SR] Verifying 100 components
2022-10-13 02:36:23, Info                  CSI    00000191 [SR] Beginning Verify and Repair transaction
2022-10-13 02:36:26, Info                  CSI    00000195 [SR] Verify complete
2022-10-13 02:36:27, Info                  CSI    00000196 [SR] Verifying 100 components
2022-10-13 02:36:27, Info                  CSI    00000197 [SR] Beginning Verify and Repair transaction
2022-10-13 02:36:29, Info                  CSI    00000198 [SR] Verify complete
2022-10-13 02:36:30, Info                  CSI    00000199 [SR] Verifying 100 components
2022-10-13 02:36:30, Info                  CSI    0000019a [SR] Beginning Verify and Repair transaction
2022-10-13 02:36:35, Info                  CSI    0000019f [SR] Verify complete
2022-10-13 02:36:35, Info                  CSI    000001a0 [SR] Verifying 100 components
2022-10-13 02:36:35, Info                  CSI    000001a1 [SR] Beginning Verify and Repair transaction
2022-10-13 02:36:39, Info                  CSI    000001a3 [SR] Verify complete
2022-10-13 02:36:40, Info                  CSI    000001a4 [SR] Verifying 100 components
2022-10-13 02:36:40, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2022-10-13 02:36:42, Info                  CSI    000001a6 [SR] Verify complete
2022-10-13 02:36:43, Info                  CSI    000001a7 [SR] Verifying 100 components
2022-10-13 02:36:43, Info                  CSI    000001a8 [SR] Beginning Verify and Repair transaction
2022-10-13 02:36:47, Info                  CSI    000001ad [SR] Verify complete
2022-10-13 02:36:47, Info                  CSI    000001ae [SR] Verifying 100 components
2022-10-13 02:36:47, Info                  CSI    000001af [SR] Beginning Verify and Repair transaction
2022-10-13 02:36:50, Info                  CSI    000001b3 [SR] Verify complete
2022-10-13 02:36:51, Info                  CSI    000001b4 [SR] Verifying 100 components
2022-10-13 02:36:51, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2022-10-13 02:36:55, Info                  CSI    000001b7 [SR] Verify complete
2022-10-13 02:36:55, Info                  CSI    000001b8 [SR] Verifying 100 components
2022-10-13 02:36:55, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:00, Info                  CSI    000001bb [SR] Verify complete
2022-10-13 02:37:00, Info                  CSI    000001bc [SR] Verifying 100 components
2022-10-13 02:37:00, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:03, Info                  CSI    000001be [SR] Verify complete
2022-10-13 02:37:04, Info                  CSI    000001bf [SR] Verifying 100 components
2022-10-13 02:37:04, Info                  CSI    000001c0 [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:08, Info                  CSI    000001c2 [SR] Verify complete
2022-10-13 02:37:08, Info                  CSI    000001c3 [SR] Verifying 100 components
2022-10-13 02:37:08, Info                  CSI    000001c4 [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:10, Info                  CSI    000001c5 [SR] Verify complete
2022-10-13 02:37:11, Info                  CSI    000001c6 [SR] Verifying 100 components
2022-10-13 02:37:11, Info                  CSI    000001c7 [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:13, Info                  CSI    000001c8 [SR] Verify complete
2022-10-13 02:37:14, Info                  CSI    000001c9 [SR] Verifying 100 components
2022-10-13 02:37:14, Info                  CSI    000001ca [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:16, Info                  CSI    000001cc [SR] Verify complete
2022-10-13 02:37:16, Info                  CSI    000001cd [SR] Verifying 100 components
2022-10-13 02:37:16, Info                  CSI    000001ce [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:19, Info                  CSI    000001d2 [SR] Verify complete
2022-10-13 02:37:20, Info                  CSI    000001d3 [SR] Verifying 100 components
2022-10-13 02:37:20, Info                  CSI    000001d4 [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:21, Info                  CSI    000001d5 [SR] Verify complete
2022-10-13 02:37:22, Info                  CSI    000001d6 [SR] Verifying 100 components
2022-10-13 02:37:22, Info                  CSI    000001d7 [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:25, Info                  CSI    000001db [SR] Verify complete
2022-10-13 02:37:26, Info                  CSI    000001dc [SR] Verifying 100 components
2022-10-13 02:37:26, Info                  CSI    000001dd [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:31, Info                  CSI    000001e2 [SR] Verify complete
2022-10-13 02:37:31, Info                  CSI    000001e3 [SR] Verifying 100 components
2022-10-13 02:37:31, Info                  CSI    000001e4 [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:34, Info                  CSI    000001e6 [SR] Verify complete
2022-10-13 02:37:34, Info                  CSI    000001e7 [SR] Verifying 100 components
2022-10-13 02:37:34, Info                  CSI    000001e8 [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:38, Info                  CSI    000001eb [SR] Verify complete
2022-10-13 02:37:39, Info                  CSI    000001ec [SR] Verifying 100 components
2022-10-13 02:37:39, Info                  CSI    000001ed [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:42, Info                  CSI    000001f0 [SR] Verify complete
2022-10-13 02:37:42, Info                  CSI    000001f1 [SR] Verifying 100 components
2022-10-13 02:37:42, Info                  CSI    000001f2 [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:45, Info                  CSI    000001f5 [SR] Verify complete
2022-10-13 02:37:45, Info                  CSI    000001f6 [SR] Verifying 100 components
2022-10-13 02:37:45, Info                  CSI    000001f7 [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:48, Info                  CSI    000001fb [SR] Verify complete
2022-10-13 02:37:48, Info                  CSI    000001fc [SR] Verifying 100 components
2022-10-13 02:37:48, Info                  CSI    000001fd [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:50, Info                  CSI    000001ff [SR] Verify complete
2022-10-13 02:37:51, Info                  CSI    00000200 [SR] Verifying 100 components
2022-10-13 02:37:51, Info                  CSI    00000201 [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:53, Info                  CSI    00000203 [SR] Verify complete
2022-10-13 02:37:54, Info                  CSI    00000204 [SR] Verifying 100 components
2022-10-13 02:37:54, Info                  CSI    00000205 [SR] Beginning Verify and Repair transaction
2022-10-13 02:37:56, Info                  CSI    00000207 [SR] Verify complete
2022-10-13 02:37:56, Info                  CSI    00000208 [SR] Verifying 100 components
2022-10-13 02:37:56, Info                  CSI    00000209 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:00, Info                  CSI    0000020e [SR] Verify complete
2022-10-13 02:38:01, Info                  CSI    0000020f [SR] Verifying 100 components
2022-10-13 02:38:01, Info                  CSI    00000210 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:04, Info                  CSI    00000214 [SR] Verify complete
2022-10-13 02:38:04, Info                  CSI    00000215 [SR] Verifying 100 components
2022-10-13 02:38:04, Info                  CSI    00000216 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:07, Info                  CSI    00000218 [SR] Verify complete
2022-10-13 02:38:07, Info                  CSI    00000219 [SR] Verifying 100 components
2022-10-13 02:38:07, Info                  CSI    0000021a [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:14, Info                  CSI    0000021f [SR] Verify complete
2022-10-13 02:38:15, Info                  CSI    00000220 [SR] Verifying 100 components
2022-10-13 02:38:15, Info                  CSI    00000221 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:17, Info                  CSI    00000222 [SR] Verify complete
2022-10-13 02:38:17, Info                  CSI    00000223 [SR] Verifying 100 components
2022-10-13 02:38:17, Info                  CSI    00000224 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:19, Info                  CSI    00000225 [SR] Verify complete
2022-10-13 02:38:19, Info                  CSI    00000226 [SR] Verifying 100 components
2022-10-13 02:38:19, Info                  CSI    00000227 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:21, Info                  CSI    00000228 [SR] Verify complete
2022-10-13 02:38:21, Info                  CSI    00000229 [SR] Verifying 100 components
2022-10-13 02:38:21, Info                  CSI    0000022a [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:24, Info                  CSI    0000022d [SR] Verify complete
2022-10-13 02:38:24, Info                  CSI    0000022e [SR] Verifying 100 components
2022-10-13 02:38:24, Info                  CSI    0000022f [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:27, Info                  CSI    00000231 [SR] Verify complete
2022-10-13 02:38:27, Info                  CSI    00000232 [SR] Verifying 100 components
2022-10-13 02:38:27, Info                  CSI    00000233 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:30, Info                  CSI    00000234 [SR] Verify complete
2022-10-13 02:38:30, Info                  CSI    00000235 [SR] Verifying 100 components
2022-10-13 02:38:30, Info                  CSI    00000236 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:34, Info                  CSI    00000238 [SR] Verify complete
2022-10-13 02:38:34, Info                  CSI    00000239 [SR] Verifying 100 components
2022-10-13 02:38:34, Info                  CSI    0000023a [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:35, Info                  CSI    0000023b [SR] Verify complete
2022-10-13 02:38:36, Info                  CSI    0000023c [SR] Verifying 100 components
2022-10-13 02:38:36, Info                  CSI    0000023d [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:38, Info                  CSI    0000023e [SR] Verify complete
2022-10-13 02:38:38, Info                  CSI    0000023f [SR] Verifying 100 components
2022-10-13 02:38:38, Info                  CSI    00000240 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:39, Info                  CSI    00000241 [SR] Verify complete
2022-10-13 02:38:40, Info                  CSI    00000242 [SR] Verifying 100 components
2022-10-13 02:38:40, Info                  CSI    00000243 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:41, Info                  CSI    00000244 [SR] Verify complete
2022-10-13 02:38:41, Info                  CSI    00000245 [SR] Verifying 100 components
2022-10-13 02:38:41, Info                  CSI    00000246 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:43, Info                  CSI    00000247 [SR] Verify complete
2022-10-13 02:38:43, Info                  CSI    00000248 [SR] Verifying 100 components
2022-10-13 02:38:43, Info                  CSI    00000249 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:46, Info                  CSI    0000024b [SR] Verify complete
2022-10-13 02:38:46, Info                  CSI    0000024c [SR] Verifying 100 components
2022-10-13 02:38:46, Info                  CSI    0000024d [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:48, Info                  CSI    00000251 [SR] Verify complete
2022-10-13 02:38:48, Info                  CSI    00000252 [SR] Verifying 100 components
2022-10-13 02:38:48, Info                  CSI    00000253 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:49, Info                  CSI    00000254 [SR] Verify complete
2022-10-13 02:38:50, Info                  CSI    00000255 [SR] Verifying 100 components
2022-10-13 02:38:50, Info                  CSI    00000256 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:51, Info                  CSI    00000257 [SR] Verify complete
2022-10-13 02:38:51, Info                  CSI    00000258 [SR] Verifying 100 components
2022-10-13 02:38:51, Info                  CSI    00000259 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:52, Info                  CSI    0000025a [SR] Verify complete
2022-10-13 02:38:52, Info                  CSI    0000025b [SR] Verifying 100 components
2022-10-13 02:38:52, Info                  CSI    0000025c [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:53, Info                  CSI    0000025d [SR] Verify complete
2022-10-13 02:38:53, Info                  CSI    0000025e [SR] Verifying 100 components
2022-10-13 02:38:53, Info                  CSI    0000025f [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:55, Info                  CSI    00000261 [SR] Verify complete
2022-10-13 02:38:55, Info                  CSI    00000262 [SR] Verifying 100 components
2022-10-13 02:38:55, Info                  CSI    00000263 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:58, Info                  CSI    00000265 [SR] Verify complete
2022-10-13 02:38:58, Info                  CSI    00000266 [SR] Verifying 100 components
2022-10-13 02:38:58, Info                  CSI    00000267 [SR] Beginning Verify and Repair transaction
2022-10-13 02:38:59, Info                  CSI    00000268 [SR] Verify complete
2022-10-13 02:39:00, Info                  CSI    00000269 [SR] Verifying 100 components
2022-10-13 02:39:00, Info                  CSI    0000026a [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:01, Info                  CSI    0000026c [SR] Verify complete
2022-10-13 02:39:02, Info                  CSI    0000026d [SR] Verifying 100 components
2022-10-13 02:39:02, Info                  CSI    0000026e [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:04, Info                  CSI    00000270 [SR] Verify complete
2022-10-13 02:39:04, Info                  CSI    00000271 [SR] Verifying 100 components
2022-10-13 02:39:04, Info                  CSI    00000272 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:06, Info                  CSI    00000273 [SR] Verify complete
2022-10-13 02:39:06, Info                  CSI    00000274 [SR] Verifying 100 components
2022-10-13 02:39:06, Info                  CSI    00000275 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:09, Info                  CSI    00000276 [SR] Verify complete
2022-10-13 02:39:09, Info                  CSI    00000277 [SR] Verifying 100 components
2022-10-13 02:39:09, Info                  CSI    00000278 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:11, Info                  CSI    0000027a [SR] Verify complete
2022-10-13 02:39:11, Info                  CSI    0000027b [SR] Verifying 100 components
2022-10-13 02:39:11, Info                  CSI    0000027c [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:13, Info                  CSI    0000027d [SR] Verify complete
2022-10-13 02:39:13, Info                  CSI    0000027e [SR] Verifying 100 components
2022-10-13 02:39:13, Info                  CSI    0000027f [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:14, Info                  CSI    00000280 [SR] Verify complete
2022-10-13 02:39:15, Info                  CSI    00000281 [SR] Verifying 100 components
2022-10-13 02:39:15, Info                  CSI    00000282 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:16, Info                  CSI    00000283 [SR] Verify complete
2022-10-13 02:39:17, Info                  CSI    00000284 [SR] Verifying 100 components
2022-10-13 02:39:17, Info                  CSI    00000285 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:18, Info                  CSI    00000286 [SR] Verify complete
2022-10-13 02:39:18, Info                  CSI    00000287 [SR] Verifying 100 components
2022-10-13 02:39:18, Info                  CSI    00000288 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:20, Info                  CSI    00000289 [SR] Verify complete
2022-10-13 02:39:20, Info                  CSI    0000028a [SR] Verifying 100 components
2022-10-13 02:39:20, Info                  CSI    0000028b [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:22, Info                  CSI    00000291 [SR] Verify complete
2022-10-13 02:39:23, Info                  CSI    00000292 [SR] Verifying 100 components
2022-10-13 02:39:23, Info                  CSI    00000293 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:25, Info                  CSI    00000294 [SR] Verify complete
2022-10-13 02:39:25, Info                  CSI    00000295 [SR] Verifying 100 components
2022-10-13 02:39:25, Info                  CSI    00000296 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:26, Info                  CSI    00000297 [SR] Verify complete
2022-10-13 02:39:27, Info                  CSI    00000298 [SR] Verifying 100 components
2022-10-13 02:39:27, Info                  CSI    00000299 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:29, Info                  CSI    0000029a [SR] Verify complete
2022-10-13 02:39:29, Info                  CSI    0000029b [SR] Verifying 100 components
2022-10-13 02:39:29, Info                  CSI    0000029c [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:30, Info                  CSI    0000029d [SR] Verify complete
2022-10-13 02:39:31, Info                  CSI    0000029e [SR] Verifying 100 components
2022-10-13 02:39:31, Info                  CSI    0000029f [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:33, Info                  CSI    000002a1 [SR] Verify complete
2022-10-13 02:39:33, Info                  CSI    000002a2 [SR] Verifying 100 components
2022-10-13 02:39:33, Info                  CSI    000002a3 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:35, Info                  CSI    000002a4 [SR] Verify complete
2022-10-13 02:39:35, Info                  CSI    000002a5 [SR] Verifying 100 components
2022-10-13 02:39:35, Info                  CSI    000002a6 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:37, Info                  CSI    000002a7 [SR] Verify complete
2022-10-13 02:39:37, Info                  CSI    000002a8 [SR] Verifying 100 components
2022-10-13 02:39:37, Info                  CSI    000002a9 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:40, Info                  CSI    000002ac [SR] Verify complete
2022-10-13 02:39:40, Info                  CSI    000002ad [SR] Verifying 100 components
2022-10-13 02:39:40, Info                  CSI    000002ae [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:43, Info                  CSI    000002b0 [SR] Verify complete
2022-10-13 02:39:43, Info                  CSI    000002b1 [SR] Verifying 100 components
2022-10-13 02:39:43, Info                  CSI    000002b2 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:44, Info                  CSI    000002b3 [SR] Verify complete
2022-10-13 02:39:45, Info                  CSI    000002b4 [SR] Verifying 100 components
2022-10-13 02:39:45, Info                  CSI    000002b5 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:47, Info                  CSI    000002b6 [SR] Verify complete
2022-10-13 02:39:47, Info                  CSI    000002b7 [SR] Verifying 100 components
2022-10-13 02:39:47, Info                  CSI    000002b8 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:49, Info                  CSI    000002b9 [SR] Verify complete
2022-10-13 02:39:49, Info                  CSI    000002ba [SR] Verifying 100 components
2022-10-13 02:39:49, Info                  CSI    000002bb [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:50, Info                  CSI    000002bc [SR] Verify complete
2022-10-13 02:39:51, Info                  CSI    000002bd [SR] Verifying 100 components
2022-10-13 02:39:51, Info                  CSI    000002be [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:52, Info                  CSI    000002bf [SR] Verify complete
2022-10-13 02:39:53, Info                  CSI    000002c0 [SR] Verifying 100 components
2022-10-13 02:39:53, Info                  CSI    000002c1 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:54, Info                  CSI    000002c3 [SR] Verify complete
2022-10-13 02:39:54, Info                  CSI    000002c4 [SR] Verifying 100 components
2022-10-13 02:39:54, Info                  CSI    000002c5 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:56, Info                  CSI    000002c7 [SR] Verify complete
2022-10-13 02:39:56, Info                  CSI    000002c8 [SR] Verifying 100 components
2022-10-13 02:39:56, Info                  CSI    000002c9 [SR] Beginning Verify and Repair transaction
2022-10-13 02:39:58, Info                  CSI    000002ca [SR] Verify complete
2022-10-13 02:39:58, Info                  CSI    000002cb [SR] Verifying 100 components
2022-10-13 02:39:58, Info                  CSI    000002cc [SR] Beginning Verify and Repair transaction
2022-10-13 02:40:00, Info                  CSI    000002ce [SR] Verify complete
2022-10-13 02:40:00, Info                  CSI    000002cf [SR] Verifying 100 components
2022-10-13 02:40:00, Info                  CSI    000002d0 [SR] Beginning Verify and Repair transaction
2022-10-13 02:40:02, Info                  CSI    000002d3 [SR] Verify complete
2022-10-13 02:40:03, Info                  CSI    000002d4 [SR] Verifying 100 components
2022-10-13 02:40:03, Info                  CSI    000002d5 [SR] Beginning Verify and Repair transaction
2022-10-13 02:40:05, Info                  CSI    000002d9 [SR] Verify complete
2022-10-13 02:40:05, Info                  CSI    000002da [SR] Verifying 26 components
2022-10-13 02:40:05, Info                  CSI    000002db [SR] Beginning Verify and Repair transaction
2022-10-13 02:40:06, Info                  CSI    000002dc [SR] Verify complete
2022-10-13 02:40:06, Info                  CSI    000002dd [SR] Repairing 0 components
2022-10-13 02:40:06, Info                  CSI    000002de [SR] Beginning Verify and Repair transaction
2022-10-13 02:40:06, Info                  CSI    000002df [SR] Repair complete
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "AMSI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Application" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "DirectShowFilterGraph" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "DirectShowPluginControl" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Els_Hyphenation/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "EndpointMapper" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "FirstUXPerf-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "ForwardedEvents" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "HardwareEvents" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "IHM_DebugChannel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Intel-iaLPSS-GPIO/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Intel-iaLPSS-I2C/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Intel-iaLPSS2-GPIO2/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Intel-iaLPSS2-GPIO2/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Intel-iaLPSS2-I2C/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Intel-iaLPSS2-I2C/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Internet Explorer" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Key Management Service" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MF_MediaFoundationDeviceMFT" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MF_MediaFoundationDeviceProxy" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MF_MediaFoundationFrameServer" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MedaFoundationVideoProc" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MedaFoundationVideoProcD3D" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationAsyncWrapper" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationContentProtection" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationDS" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationDeviceProxy" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationMP4" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationMediaEngine" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationPerformance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationPerformanceCore" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationPipeline" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationPlatform" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationSrcPrefetch" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-AppV-Client-Streamingux/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-AppV-Client/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-AppV-Client/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-AppV-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-AppV-Client/Virtual Applications" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-AppV-SharedPerformance/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Client-License-Flexible-Platform/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Client-License-Flexible-Platform/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Client-License-Flexible-Platform/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Client-Licensing-Platform/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Client-Licensing-Platform/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Client-Licensing-Platform/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-IE/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-IEFRAME/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-JSDumpHeap/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-OneCore-Setup/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-PerfTrack-IEFRAME/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-PerfTrack-MSHTML/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-Admin/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-Agent Driver/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-Agent Driver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-App Agent/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-App Agent/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-App Agent/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-IPC/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AAD/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AAD/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ADSI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ASN1/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ATAPort/General" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ATAPort/SATA-LPM" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ActionQueue/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-All-User-Install-Agent/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AllJoyn/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AllJoyn/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppHost/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppHost/ApplicationTracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppHost/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppHost/Internal" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppID/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/EXE and DLL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/MSI and Script" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/Packaged app-Deployment" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/Packaged app-Execution" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Diagnostics" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppModel-State/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppModel-State/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppReadiness/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppReadiness/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppReadiness/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppSruProv" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppXDeployment/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppXDeployment/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Restricted" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ApplicabilityEngine/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ApplicabilityEngine/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Inventory" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Telemetry" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Steps-Recorder" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppxPackaging/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppxPackaging/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppxPackaging/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccess/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccess/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccessBroker/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccessBroker/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AsynchronousCausality/Causality" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audio/CaptureMonitor" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audio/GlitchDetection" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audio/Informational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audio/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audio/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audio/PlaybackManager" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audit/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Authentication User Interface/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Authentication/ProtectedUser-Client" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AxInstallService/Log" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHPORT/HCI" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHPORT/L2CAP" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHUSB/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHUSB/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BackgroundTaskInfrastructure/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Backup" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Base-Filtering-Engine-Connections/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Battery/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Biometrics/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Biometrics/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BitLocker-Driver-Performance/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BitLocker/BitLocker Management" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BitLocker/BitLocker Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BitLocker/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Bits-Client/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Bits-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-Bthmini/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-MTPEnum/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-Policy/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BranchCache/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheEventProvider/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheMonitoring/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheSMB/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheSMB/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CAPI2/Catalog Database Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CAPI2/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CDROM/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/ApartmentInitialize" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/ApartmentUninitialize" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/Call" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/CreateInstance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/ExtensionCatalog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/FreeUnusedLibrary" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/RundownInstrumentation" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COMRuntime/Activations" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COMRuntime/MessageProcessing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COMRuntime/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CertPoleEng/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Cleanmgr/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ClearTypeTextTuner/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CloudStore/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CloudStore/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CmiSetup/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CodeIntegrity/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CodeIntegrity/Verbose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ComDlg32/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ComDlg32/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Compat-Appraiser/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Compat-Appraiser/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Containers-BindFlt/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Containers-BindFlt/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcifs/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcifs/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcnfs/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcnfs/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreApplication/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreApplication/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreApplication/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreWindow/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreWindow/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CorruptedFileRecovery-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CorruptedFileRecovery-Server/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crashdump/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CredUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-BCRYPT/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-CNG/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DPAPI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DPAPI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DSSEnh/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-NCrypt/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-RNG/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-RSAEnh/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-D3D10Level9/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-D3D10Level9/PerfTiming" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DAL-Provider/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DAL-Provider/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DAMM/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DCLocator/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DDisplay/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DDisplay/Logging" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DLNA-Namespace/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DNS-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DSC/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DSC/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DSC/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DSC/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DUSER/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DXGI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DXGI/Logging" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DXP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Data-Pdf/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DataIntegrityScan/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DataIntegrityScan/CrashRecovery" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DateTimeControlPanel/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DateTimeControlPanel/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DateTimeControlPanel/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Scrubbing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Defrag-Core/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Deplorch/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DesktopActivityModerator/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceAssociationService/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceConfidence/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceGuard/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceGuard/Verbose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceSync/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceSync/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceUpdateAgent/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceUx/Informational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceUx/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Devices-Background/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dhcp-Client/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dhcp-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dhcpv6-Client/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dhcpv6-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DiagCpl/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-DPS/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-DPS/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-DPS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-MSDE/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PCW/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PCW/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PCW/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PLA/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PLA/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Perfhost/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scheduled/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-WDC/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-WDI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Networking/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Networking/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Performance/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D10/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D10_1/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D11/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D11/Logging" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D11/PerfTiming" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D12/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D12/Logging" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D12/PerfTiming" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D9/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3DShaderCache/Default" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DirectComposition/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DirectManipulation/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DirectShow-KernelSupport/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DirectSound/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Disk/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DiskDiagnostic/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DiskDiagnosticDataCollector/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DiskDiagnosticResolver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dism-Api/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dism-Api/ExternalAnalytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dism-Api/InternalAnalytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dism-Cli/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DisplayColorCalibration/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DisplayColorCalibration/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DisplaySwitch/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Documents/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dot3MM/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DriverFrameworks-UserMode/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DucUpdateAgent/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dwm-API/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Core/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Dwm/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Redir/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Udwm/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl-Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl-Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Contention" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Power" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxpTaskSyncProvider/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EDP-Application-Learning/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EDP-Audit-Regular/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EDP-Audit-TCB/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EFS/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ESE/IODiagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ESE/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapHost/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapHost/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapHost/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-RasChap/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-RasTls/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-Sim/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-Ttls/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EaseOfAccess/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Energy-Estimation-Engine/EventLog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Energy-Estimation-Engine/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EventCollector/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EventCollector/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EventLog-WMIProvider/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EventLog/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EventLog/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FMS/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FMS/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FMS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FailoverClustering-Client/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Fault-Tolerant-Heap/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FeatureConfiguration/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FeatureConfiguration/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Catalog/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Catalog/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-ConfigManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-ConfigManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Core/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Core/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Core/WHC" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Engine/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Engine/BackupLog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Engine/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-EventListener/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-EventListener/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Service/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Service/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-UI-Events/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-UI-Events/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileInfoMinifilter/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Firewall-CPL/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Folder Redirection/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Forwarding/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Forwarding/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-GPIO-ClassExtension/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-GenericRoaming/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-GroupPolicy/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HAL/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HealthCenter/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HealthCenter/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HealthCenterCPL/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HelloForBusiness/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Help/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Control Panel/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Listener Service/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Provider Service/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup-ListenerService" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HotspotAuth/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HotspotAuth/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HttpService/Log" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HttpService/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Hypervisor-Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Hypervisor-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Hypervisor-Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-NETVSC/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-VID-Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-VID-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IE-SmartScreen" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IKE/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IKEDBG/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-Broker/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-CandidateUI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-CustomerFeedbackManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-JPAPI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-JPLMP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-JPPRED/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-JPSetting/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-JPTIP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-KRAPI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-KRTIP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-OEDCompiler/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-TCCORE/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-TCTIP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-TIP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IPNAT/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IPSEC-SRV/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IPxlatCfg/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IPxlatCfg/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IdCtrls/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IdCtrls/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Input-HIDCLASS-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-InputSwitch/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-International-RegionalOptionsControlPanel/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Iphlpsvc/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Iphlpsvc/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Iphlpsvc/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-KdsSvc/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kerberos/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Acpi/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-AppCompat/General" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-AppCompat/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ApphelpCache/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ApphelpCache/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ApphelpCache/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Boot/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Boot/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Disk/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-EventTracing/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-EventTracing/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-File/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-IO/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-IoTrace/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-LiveDump/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-LiveDump/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Memory/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Network/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Pdc/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Pep/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Configuration" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Power/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Power/Thermal-Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Power/Thermal-Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Prefetch/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Process/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Processor-Power/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Registry/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Registry/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ShimEngine/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ShimEngine/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ShimEngine/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-StoreMgr/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-StoreMgr/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WDI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WDI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WDI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WHEA/Errors" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WHEA/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-XDV/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-KeyboardFilter/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-KeyboardFilter/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-KeyboardFilter/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Known Folders API Service" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-L2NA/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LDAP-Client/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LSA/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LSA/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LSA/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LUA-ConsentUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LanguagePackSetup/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LanguagePackSetup/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LanguagePackSetup/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LimitsManagement/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LiveId/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LiveId/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MPS-CLNT/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MPS-DRV/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MPS-SRV/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MSFTEDIT/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MUI/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MUI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MUI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MUI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Media-Streaming/DMC" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Media-Streaming/DMR" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Media-Streaming/MDE" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFReadWrite/Transform" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-Performance/SARStreamResource" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-PlayAPI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MemoryDiagnostics-Results/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Minstore/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Minstore/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MobilityCenter/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Diagnostics" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Mprddm/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NCSI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NCSI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NDF-HelperClassDiscovery/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NDIS-PacketCapture/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NDIS/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NDIS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NTLM/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NWiFi/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Narrator/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Ncasvc/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NcdAutoSetup/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NcdAutoSetup/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NdisImPlatform/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Ndu/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetShell/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Network-Connection-Broker" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Network-DataUsage/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Network-Setup/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Network-and-Sharing-Center/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkBridge/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkLocationWizard/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkProfile/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkProfile/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkProvider/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkProvisioning/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkProvisioning/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkSecurity/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkStatus/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Networking-Correlation/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Networking-RealTimeCommunication/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NlaSvc/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NlaSvc/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Ntfs/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Ntfs/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Ntfs/WHC" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OLE/Clipboard-Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OLEACC/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OLEACC/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-Core/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-DUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-DUI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OcpUpdateAgent/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/SyncLog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OneBackup/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OneX/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OneX/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OobeLdr/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OtpCredentialProvider/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PCI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PackageStateRoaming/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PackageStateRoaming/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PackageStateRoaming/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ParentalControls/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Partition/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Partition/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PerceptionRuntime/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PerceptionSensorDataService/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-Nvdimm/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-Nvdimm/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-PmemDisk/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-PmemDisk/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Certification" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Diagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PhotoAcq/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PlayToManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Policy/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Policy/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PortableDeviceStatusProvider/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PortableDeviceSyncProvider/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Power-Meter-Polling/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerCfg/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerCpl/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PrimaryNetworkIcon/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PrintBRM/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PrintService-USBMon/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PrintService/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PrintService/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PrintService/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Privacy-Auditing/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ProcessStateManager/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Program-Compatibility-Assistant/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Proximity-Common/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Proximity-Common/Informational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Proximity-Common/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Developer/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-InProc/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Platform/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Platform/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Platform/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-QoS-Pacer/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-QoS-qWAVE/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RPC-Proxy/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RPC/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RPC/EEInfo" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RRAS/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RRAS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RadioManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RasAgileVpn/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RasAgileVpn/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ReFS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoost/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoost/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoostDriver/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoostDriver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Regsvr32/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteAssistance/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteAssistance/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteAssistance/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Remotefs-Rdbss/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Remotefs-Rdbss/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ResetEng-Trace/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Resource-Exhaustion-Detector/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ResourcePublication/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RestartManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RetailDemo/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RetailDemo/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Graphics/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Networking/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Web-Http/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-WebAPI/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime/CreateInstance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime/Error" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SENSE/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/HelperClassDiagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/ObjectStateDiagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBDirect/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBDirect/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBDirect/Netmon" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Audit" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Connectivity" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Security" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBWitnessClient/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBWitnessClient/Informational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SPB-ClassExtension/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SPB-HIDI2C/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Schannel-Events/Perf" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sdbus/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sdbus/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sdstor/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Search-Core/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SearchUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SearchUI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SecureAssessment/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Adminless/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Audit-Configuration-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-IdentityListener/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-IdentityStore/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Mitigations/KernelMode" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Mitigations/UserMode" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Netlogon/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX-GC/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP/Perf" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-UserConsentVerifier/Audit" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Vault/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SecurityMitigationsBroker/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SecurityMitigationsBroker/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SecurityMitigationsBroker/Perf" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SendTo/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sens/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SenseIR/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sensors/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sensors/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Serial-ClassExtension-V2/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Serial-ClassExtension/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ServiceReportingApi/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Services-Svchost/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Services/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Servicing/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-Azure/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-Azure/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-OneDrive/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-OneDrive/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-OneDrive/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/VerboseDebug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Setup/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SetupCl/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SetupPlatform/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SetupQueue/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SetupUGC/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AppWizCpl/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/ActionCenter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/AppDefaults" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/LogonTasksChannel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-LockScreenContent/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-OpenWith/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-Shwebsvc" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-ZipFolder/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shsvcs/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SleepStudy/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-Audit/Authentication" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-DeviceEnum/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmartScreen/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Audit" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Connectivity" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Security" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Speech-UserExperience/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Spell-Checking/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SpellChecker/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Spellchecking-Host/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SruMon/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SrumTelemetry" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Restricted" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorDiag/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorPort/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Diagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Diagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Diagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Diagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Health" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Tiering-IoHeat/Heat" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Tiering/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageManagement/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageManagement/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSettings/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Driver/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Driver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Driver/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-ManagementAgent/WHC" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-SpaceManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Store/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storsvc/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Subsys-Csr/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Subsys-SMSS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Superfetch/Main" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Superfetch/PfApLog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Superfetch/StoreLog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sysprep/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-System-Profile-HardwareId/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsHandlers/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsThreshold/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsThreshold/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsThreshold/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TCPIP/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TCPIP/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TSF-msctf/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TSF-msctf/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TSF-msutb/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TSF-msutb/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TTS/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TWinAPI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TWinUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TWinUI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TZSync/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TZSync/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TZUtil/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Maintenance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TaskbarCPL/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TenantRestrictions/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-MediaRedirection/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Tethering-Manager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Tethering-Station/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ThemeCPL/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ThemeUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Threat-Intelligence/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Time-Service/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Troubleshooting-Recommended/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Troubleshooting-Recommended/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TunnelDriver" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UAC-FileVirtualization/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UAC/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UI-Shell/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UIAnimation/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UIAutomationCore/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UIAutomationCore/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UIAutomationCore/Perf" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UIRibbon/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-MAUSBHOST-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-UCX-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-USBHUB/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-USBHUB3-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-USBPORT/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-USBXHCI-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USBVideo/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UniversalTelemetryClient/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel Performance/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel Usage/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Device Registration/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Device Registration/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Profile Service/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Profile Service/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User-Loader/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User-Loader/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserAccountControl/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserModePowerService/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/ActionCenter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/DeviceInstall" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/DeviceMetadata/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/SchedulerOperations" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UxInit/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UxTheme/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VAN/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VDRVROOT/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VHDMP-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VHDMP-Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VIRTDISK-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VPN-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VPN/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VWiFi/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VerifyHardwareSecurity/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VerifyHardwareSecurity/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Volume/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VolumeControl/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VolumeSnapshot-Driver/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VolumeSnapshot-Driver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WABSyncProvider/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WCN-Config-Registrar/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WCNWiz/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WDAG-PolicyEvaluator-CSP/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WDAG-PolicyEvaluator-GP/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WEPHOSTSVC/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WER-PayloadHealth/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WFP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WFP/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WLAN-AutoConfig/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WLAN-Autoconfig/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WLAN-Driver/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WLAN-MediaManager/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WLANConnectionFlow/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMI-Activity/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMI-Activity/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMI-Activity/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMPDMCUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMPNSS-Service/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMPNSS-Service/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMPNSSUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-API/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-ClassInstaller/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-ClassInstaller/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-CompositeClassDriver/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-CompositeClassDriver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPBT/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPClassDriver/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPClassDriver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPIP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPUS/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WSC-SRV/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WUSA/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WWAN-CFE/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WWAN-MM-Events/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WWAN-MediaManager/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WWAN-SVC-Events/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WWAN-SVC-Events/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wcmsvc/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wcmsvc/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebAuth/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebAuthN/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebIO-NDF/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebIO/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebPlatStorage-Server" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebServices/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebcamProvider/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Websocket-Protocol-Component/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WiFiDisplay/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Concurrency" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Contention" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Messages" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Power" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Render" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/UIPI" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinHTTP-NDF/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinHttp-Pca" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinHttp/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinHttp/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet-Capture/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet-Config/ProxyConfigChanged" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet/Pca" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet/UsageLog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet/WebSocket" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinMDE/MDE" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinML/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinNat/Oper" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinNat/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinRM/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinRM/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinRM/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinURLMon/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windeploy/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Defender/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Defender/WHC" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallDiagnostics" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsBackup/ActionCenter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsColorSystem/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsColorSystem/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsSystemAssessmentTool/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsSystemAssessmentTool/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsUIImmersive/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsUIImmersive/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsUpdateClient/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsUpdateClient/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wininit/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Winlogon/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Winlogon/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Winsock-AFD/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Winsock-NameResolution/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Winsock-WS2HELP/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Winsrv/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wired-AutoConfig/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wired-AutoConfig/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WlanDlg/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wordpad/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wordpad/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wordpad/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/WHC" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Workplace Join/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-XAML-Diagnostics/Default" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-XAML/Default" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-XAudio2/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-XAudio2/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-glcnd/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-glcnd/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-glcnd/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-mobsync/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ntshrui" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ntshrui-perf" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-osk/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-stobject/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-wmbclass/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-wmbclass/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-WindowsPhone-Connectivity-WiFiConnSvc-Channel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-WindowsPhone-LocationServiceProvider/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-WindowsPhone-Net-Cellcore-CellManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-WindowsPhone-Net-Cellcore-CellularAPI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "NIS-Driver-WFP/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Navigator" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Network Isolation Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "OSK_SoftKeyboard_Channel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "OpenSSH/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "OpenSSH/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "OpenSSH/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Physical_Keyboard_Manager_Channel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "PlayReadyPerformanceChannel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "RTWorkQueueExtended" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "RTWorkQueueTheading" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "SMSApi" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Security" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Setup" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "SmbWmiAnalytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "System" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "SystemEventsBroker" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "TabletPC_InputPanel_Channel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "TabletPC_InputPanel_Channel/IHM" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "TimeBroker" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "UIManager_Channel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Uac/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_KS_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_MFH264Enc_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_MP4SDECD_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_MSMPEG2ADEC_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_MSMPEG2VDEC_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_VC1ENC_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_WMPHOTO_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_wmvdecod_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WMPSetup" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WMPSyncEngine" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Windows Networking Vpn Plugin Platform/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Windows Networking Vpn Plugin Platform/OperationalVerbose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Windows PowerShell" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "muxencode" 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 02:41:01 ====

  • 0

#7
ForrestGump
Posted 13 October 2022 - 03:10 AM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

 

Not sure what you meant with your last statement.  Can you still run FRST?  If so try this:

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix.  This will check your system files and hopefully repair any that are broken.  Usually takes about 25 minutes to complete but may time out after one hour if the PC is super slow.  Will reboot when done.
 
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 

 

 

Sorry about the Muppet like postings I had a [bleep] of a time trying to post all 3 results at the same time, Post was to long error msg & after I could not post at all, Had to logout & in, blah, blah, blah,

 

Had to post 1 by 1 to finally have them posted.

 

Please advise next steps

 

Thank You Sir


  • 0

#8
RKinner
Posted 13 October 2022 - 05:14 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

If you just start typing at the bottom where it says "Reply to this Topic" it won't quote the previous reply.  No problem if a reply requires several posts.  We have to work within the limitations of this old forum software.

 

Looks like you installed Wondershare DrFone and it didn't uninstall completely.  I'll give you another fixlist at the end of this post to remove the leftovers.

 

Not sure why you are getting an App-V error.  Is that App-V you really need?  If you don't know what it is then it probably got turned on by mistake or by malware.  You can turn it off:

 

Open an admin powershell window:

 

Win key + x then select Windows Powershell (Admin)

 

type:  

Disable-Appv

Hit Enter.

 

Should look like this:

 


PS C:\WINDOWS\system32> Disable-Appv
App-V was successfully disabled. Please reboot for changes to take effect.
 

 

Reboot and go back in to Powershell (Admin) and type:

 Get-AppvStatus

Hit Enter.

 

Should now say:

PS C:\WINDOWS\system32> Get-AppvStatus
 
Key                      Value
---                      -----
AppvClientEnabled        False
AppvClientRebootRequired False
 

 

 

X out of powershell.

 

You are getting complaints about Controlled Folder Access and the Favorites folder.  Seems odd that this folder would be locked.  See if you can turn off Controlled Folder Access for the Favorites folder:  (These options are not on my PC but I use Avast so that may be why)

 
Use controlled folder access
Controlled folder access in Windows Security reviews the apps that can make changes to files in protected folders and blocks unauthorized or unsafe apps from accessing or changing files in those folders.
 
Select Start  > Settings  > Update & Security  > Windows Security > Virus & threat protection.
 
Under Virus & threat protection settings, select Manage settings.
 
Under Controlled folder access, select Manage Controlled folder access.
 
Switch the Controlled folder access setting to On or Off.
 
Occasionally, an app that is safe to use will be identified as harmful. This happens because Microsoft wants to keep you safe and will sometimes err on the side of caution; however, this might interfere with how you normally use your PC. You can add an app to the list of safe or allowed apps to prevent them from being blocked.
 
 
 

Open Edge.  Click on the three dots in the upper right and then Settings (scroll to the bottom to find Settings).  If Sync is On then turn it Off.  

Go to System & Performance.  In the section called: System, turn OFF all three options.

 

Click on the three dots in the upper right again and then Extensions.  Manage Extensions.  Disable all extensions except Ublock Origin.  

 

Close Edge.

 

Multiple replies are OK.  Best to post a log as you get it.
 
Get Process Explorer
 
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View and check Show Processes From All Users 
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Close all browsers
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply. 
 
 
Bring up Edge and repeat the 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply. Mark as With Edge.
 
 
 
Copy the next 2 lines:
 
TASKLIST /SVC  > \junk.txt
notepad \junk.txt
 
Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
 
Get the free version of Speccy:
 
 
(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
 
Latency Monitor:
 
Go to
 
 
Scroll down to
 
System Monitoring Tools
 
and then find
 
LatencyMon 7.0 (or it may be a higher number if they update)
 
Click on Download free home edition
 
Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it. 
 
Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.  
 
 
Click on the Drivers Tab.  Click on the column header for "Total execution (ms)" once or twice until the biggest numbers are at the top of the column then take a screen shot (save as type jpg) and attach it.  
Click on the Processes tab then click on the  "Hard Pagefaults" column header once or twice until the big numbers are at the top of the column.  Take a screen shot (save as type jpg) and attach it. 
 
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   1.62KB   193 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Reboot if the fix doesn't reboot it for you
 
Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.
 

 

 

 

  • 0

#9
ForrestGump
Posted 14 October 2022 - 01:01 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

does it seem odd that Rundll32.exe should be trying to open %userprofile%\Favorites & then be blocked, Is this the signs of a Virus attack?

 

Just curious before I adjust protected folder access


  • 0

#10
RKinner
Posted 14 October 2022 - 02:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Rundll32.exe is a standard Windows file used to run .dll diles.  Normally nonstandard use of Rundll32.exe would be shown in a FRST log which is why I am not worried about what it is doing.  Also there is nothing in the Favorites folder that is particularly critical.  It's just where Edge stores its bookmarks.  You can skip that step if you are worried.


  • 0

Advertisements

#11
ForrestGump
Posted 14 October 2022 - 04:17 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

I believe I need to do a Reset this PC as there are no programs or entries under Exploit Protection, Program Settings, BTW System Settings has all the fields.

 

Can you advise how I can restore all the Exploit Protection, Program Settings without performing a Reset this PC?

 

Perhaps since there is nothing listed under Program Settings this is why I am receiving the blocked action notifications?

 

Will wait for your advice


  • 0

#12
ForrestGump
Posted 14 October 2022 - 05:21 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Process CPU Private Bytes Working Set PID Description Company Name User Name Path Image Type Verified Signer
System Idle Process 87.69 60 K 8 K 0 NT AUTHORITY\SYSTEM 64-bit
procexp64.exe 9.23 67,628 K 106,808 K 7532 Sysinternals Process Explorer Sysinternals - www.sysinternals.com HAL900\doher C:\Users\doher\AppData\Local\Temp\procexp64.exe 64-bit (Verified) Microsoft Corporation
MsMpEng.exe 1.54 222,336 K 150,192 K 4816 Antimalware Service Executable Microsoft Corporation <access denied> C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe (Verified) Microsoft Windows Publisher
dwm.exe 0.77 62,132 K 64,312 K 484 <access denied> [Error opening process]
csrss.exe 0.77 9,004 K 5,616 K 596 <access denied> [Error opening process]
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs 64-bit
explorer.exe < 0.01 57,000 K 138,076 K 3964 Windows Explorer Microsoft Corporation HAL900\doher C:\Windows\explorer.exe 64-bit (Verified) Microsoft Windows
msedge.exe < 0.01 70,732 K 167,260 K 1492 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
SynTPEnh.exe < 0.01 4,868 K 19,524 K 5032 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated HAL900\doher C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 64-bit (Verified) Synaptics Incorporated
msedge.exe < 0.01 19,464 K 35,796 K 2108 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
msedge.exe < 0.01 7,872 K 19,888 K 5096 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
wmpnetwk.exe 1,956 K 9,036 K 6312 Windows Media Player Network Sharing Service Microsoft Corporation <access denied> C:\Program Files\Windows Media Player\wmpnetwk.exe (Verified) Microsoft Windows
winlogon.exe 2,628 K 14,012 K 792 <access denied> [Error opening process]
wininit.exe 1,348 K 7,136 K 588 <access denied> [Error opening process]
UserOOBEBroker.exe 1,868 K 9,296 K 7812 User OOBE Broker Microsoft Corporation HAL900\doher C:\Windows\System32\oobe\UserOOBEBroker.exe 64-bit (Verified) Microsoft Windows
uhssvc.exe 1,264 K 6,524 K 4832 Microsoft Update Health Service Microsoft Corporation <access denied> C:\Program Files\Microsoft Update Health Tools\uhssvc.exe (Verified) Microsoft Windows
TextInputHost.exe 13,652 K 46,832 K 5172 Microsoft Corporation HAL900\doher C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe 64-bit (Verified) Microsoft Windows
taskhostw.exe 9,576 K 30,952 K 3204 Host Process for Windows Tasks Microsoft Corporation HAL900\doher C:\Windows\System32\taskhostw.exe 64-bit (Verified) Microsoft Windows
taskhostw.exe 4,828 K 12,472 K 3176 Host Process for Windows Tasks Microsoft Corporation HAL900\doher C:\Windows\System32\taskhostw.exe 64-bit (Verified) Microsoft Windows
SystemSettings.exe Suspended 48,320 K 1,900 K 4308 Settings Microsoft Corporation HAL900\doher C:\Windows\ImmersiveControlPanel\SystemSettings.exe 64-bit (Verified) Microsoft Windows
System 204 K 1,500 K 4 <access denied>
SynTPHelper.exe 1,064 K 5,024 K 6260 HAL900\doher [Access is denied.] 64-bit
SynTPEnhService.exe 1,148 K 4,912 K 4656 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated <access denied> C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 14,484 K 20,980 K 4176 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,480 K 17,088 K 2404 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 7,540 K 32,144 K 3060 Host Process for Windows Services Microsoft Corporation HAL900\doher C:\Windows\System32\svchost.exe 64-bit (Verified) Microsoft Windows Publisher
svchost.exe 2,692 K 11,544 K 4036 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 6,152 K 22,912 K 2812 Host Process for Windows Services Microsoft Corporation HAL900\doher C:\Windows\System32\svchost.exe 64-bit (Verified) Microsoft Windows Publisher
svchost.exe 6,608 K 13,460 K 972 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 9,676 K 26,020 K 820 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 9,676 K 20,632 K 7072 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,924 K 7,756 K 1944 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 14,140 K 17,492 K 1380 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 8,944 K 17,940 K 2436 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,740 K 13,852 K 1960 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,184 K 20,324 K 2160 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 5,104 K 17,936 K 856 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 6,404 K 14,968 K 1704 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,672 K 7,600 K 3408 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 15,752 K 34,076 K 4128 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 3,916 K 51,496 K 2272 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,116 K 9,716 K 1716 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,660 K 10,836 K 1400 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,952 K 9,696 K 2112 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,340 K 8,248 K 328 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 3,560 K 13,716 K 5584 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,732 K 8,128 K 2368 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,280 K 7,644 K 1668 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,076 K 8,372 K 3488 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,464 K 6,152 K 1056 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 3,844 K 8,088 K 1596 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,368 K 9,308 K 4152 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,896 K 7,668 K 2536 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,724 K 12,308 K 2504 Host Process for Windows Services Microsoft Corporation HAL900\doher C:\Windows\System32\svchost.exe 64-bit (Verified) Microsoft Windows Publisher
svchost.exe 1,816 K 8,564 K 5936 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,328 K 5,504 K 1064 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,896 K 11,932 K 1084 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,472 K 10,616 K 1148 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 5,668 K 15,260 K 1208 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 3,204 K 14,036 K 1240 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 3,076 K 9,208 K 1284 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,432 K 7,260 K 1352 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,156 K 8,856 K 1920 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,296 K 5,944 K 1980 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,336 K 11,904 K 1996 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,840 K 8,460 K 2052 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,872 K 8,116 K 2080 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,748 K 7,344 K 2092 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,736 K 6,952 K 2360 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,832 K 11,460 K 2416 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 3,296 K 11,680 K 2524 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 7,396 K 17,252 K 2996 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 5,568 K 18,604 K 2036 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,088 K 12,636 K 3160 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,920 K 7,688 K 3560 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,680 K 10,940 K 3976 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,264 K 5,948 K 3620 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,824 K 10,636 K 2564 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,248 K 6,024 K 4136 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,552 K 7,388 K 4340 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,536 K 6,552 K 4348 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,624 K 8,096 K 4412 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,240 K 4,720 K 4436 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,704 K 7,996 K 4484 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,124 K 9,776 K 4508 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,800 K 7,420 K 4588 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,168 K 5,548 K 4604 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,616 K 6,936 K 4616 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,444 K 6,680 K 4628 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,424 K 6,596 K 4732 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,256 K 5,804 K 4744 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,616 K 7,100 K 4776 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,380 K 5,616 K 4800 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,148 K 8,776 K 4896 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,736 K 8,108 K 4908 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,304 K 5,624 K 4956 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,996 K 7,604 K 5152 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,700 K 9,812 K 5292 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,724 K 18,572 K 5628 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,068 K 10,200 K 5672 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,848 K 6,148 K 5992 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,328 K 18,588 K 6288 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,196 K 8,904 K 6716 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,536 K 11,060 K 7556 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,672 K 10,300 K 5052 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,296 K 20,224 K 7892 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,992 K 7,948 K 1656 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,668 K 11,928 K 5808 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,592 K 10,980 K 5840 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,388 K 14,232 K 2684 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe 23,996 K 70,608 K 3816 HAL900\doher C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe 64-bit (Verified) Microsoft Windows
ssh-agent.exe 1,352 K 5,308 K 4676 <access denied> C:\Windows\System32\OpenSSH\ssh-agent.exe (Verified) Microsoft Windows
spoolsv.exe 5,000 K 15,204 K 3396 Spooler SubSystem App Microsoft Corporation <access denied> C:\Windows\System32\spoolsv.exe (Verified) Microsoft Windows
SMSvcHost.exe 26,664 K 24,428 K 4028 SMSvcHost.exe Microsoft Corporation <access denied> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Verified) Microsoft Corporation
smss.exe 1,060 K 1,144 K 372 <access denied> [Error opening process]
smartscreen.exe 7,964 K 24,000 K 2400 Windows Defender SmartScreen Microsoft Corporation HAL900\doher C:\Windows\System32\smartscreen.exe 64-bit (Verified) Microsoft Windows
sihost.exe 5,800 K 25,660 K 2776 Shell Infrastructure Host Microsoft Corporation HAL900\doher C:\Windows\System32\sihost.exe 64-bit (Verified) Microsoft Windows
ShellExperienceHost.exe 15,436 K 52,804 K 6268 Windows Shell Experience Host Microsoft Corporation HAL900\doher C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 64-bit (Verified) Microsoft Windows
SgrmBroker.exe 3,772 K 6,896 K 4372 System Guard Runtime Monitor Broker Service Microsoft Corporation <access denied> C:\Windows\System32\SgrmBroker.exe (Verified) Microsoft Windows Publisher
services.exe 6,468 K 11,364 K 656 <access denied> [Error opening process]
SecurityHealthSystray.exe 1,848 K 13,144 K 7960 Windows Security notification icon Microsoft Corporation HAL900\doher C:\Windows\System32\SecurityHealthSystray.exe 64-bit (Verified) Microsoft Windows
SecurityHealthService.exe 4,688 K 16,956 K 7992 Windows Security Health Service Microsoft Corporation <access denied> C:\Windows\System32\SecurityHealthService.exe (Verified) Microsoft Windows Publisher
SearchProtocolHost.exe 2,596 K 14,776 K 7976 <access denied> [Error opening process]
SearchIndexer.exe 22,980 K 33,684 K 4852 Microsoft Windows Search Indexer Microsoft Corporation <access denied> C:\Windows\System32\SearchIndexer.exe (Verified) Microsoft Windows
SearchFilterHost.exe 2,220 K 9,912 K 1880 <access denied> [Error opening process]
SearchApp.exe Suspended 80,032 K 146,960 K 6908 Search application Microsoft Corporation HAL900\doher C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe 64-bit (Verified) Microsoft Windows
RuntimeBroker.exe 1,752 K 11,044 K 7212 Runtime Broker Microsoft Corporation HAL900\doher C:\Windows\System32\RuntimeBroker.exe 64-bit (Verified) Microsoft Windows
RuntimeBroker.exe 3,844 K 20,952 K 7500 Runtime Broker Microsoft Corporation HAL900\doher C:\Windows\System32\RuntimeBroker.exe 64-bit (Verified) Microsoft Windows
RuntimeBroker.exe 7,716 K 29,288 K 6016 Runtime Broker Microsoft Corporation HAL900\doher C:\Windows\System32\RuntimeBroker.exe 64-bit (Verified) Microsoft Windows
RuntimeBroker.exe 8,924 K 34,856 K 7336 Runtime Broker Microsoft Corporation HAL900\doher C:\Windows\System32\RuntimeBroker.exe 64-bit (Verified) Microsoft Windows
RuntimeBroker.exe 2,696 K 17,692 K 2012 Runtime Broker Microsoft Corporation HAL900\doher C:\Windows\System32\RuntimeBroker.exe 64-bit (Verified) Microsoft Windows
RuntimeBroker.exe 5,696 K 24,056 K 6512 Runtime Broker Microsoft Corporation HAL900\doher C:\Windows\System32\RuntimeBroker.exe 64-bit (Verified) Microsoft Windows
Registry 4,916 K 72,132 K 92 <access denied> [Error opening process]
procexp.exe 7,776 K 14,652 K 4492 Sysinternals Process Explorer Sysinternals - www.sysinternals.com HAL900\doher C:\Users\doher\OneDrive\Desktop\procexp.exe 32-bit (Verified) Microsoft Corporation
NisSrv.exe 3,652 K 10,848 K 7688 Microsoft Network Realtime Inspection Service Microsoft Corporation <access denied> C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe (Verified) Microsoft Windows Publisher
msedge.exe 13,760 K 38,684 K 8036 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
msedge.exe 22,108 K 41,212 K 7788 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
msedge.exe 28,664 K 66,932 K 2632 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
msedge.exe 69,812 K 135,152 K 6484 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
msedge.exe 2,036 K 7,556 K 5404 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
Memory Compression 68 K 140 K 1516 <access denied> [Error opening process]
lsass.exe 7,724 K 21,944 K 664 Local Security Authority Process Microsoft Corporation <access denied> C:\Windows\System32\lsass.exe (Verified) Microsoft Windows Publisher
LockApp.exe Suspended 16,480 K 54,468 K 7276 LockApp.exe Microsoft Corporation HAL900\doher C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe 64-bit (Verified) Microsoft Windows
fontdrvhost.exe 3,260 K 7,304 K 880 <access denied> [Error opening process]
fontdrvhost.exe 1,272 K 3,324 K 860 <access denied> [Error opening process]
dllhost.exe 1,964 K 9,260 K 6052 COM Surrogate Microsoft Corporation HAL900\doher C:\Windows\System32\dllhost.exe 64-bit (Verified) Microsoft Windows
DiagnosticsHub.StandardCollector.Service.exe 1,104 K 6,132 K 5776 Microsoft ® Diagnostics Hub Standard Collector Microsoft Corporation <access denied> C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Verified) Microsoft Windows
csrss.exe 1,744 K 5,352 K 480 <access denied> [Error opening process]
audiodg.exe 7,052 K 12,764 K 1732 <unable to open token> [Access is denied.] 64-bit
atiesrxx.exe 1,100 K 4,920 K 1840 AMD External Events Service Module AMD <access denied> C:\Windows\System32\atiesrxx.exe (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,280 K 9,440 K 1900 <access denied> [Error opening process]
ApplicationFrameHost.exe 8,512 K 30,816 K 5328 Application Frame Host Microsoft Corporation HAL900\doher C:\Windows\System32\ApplicationFrameHost.exe 64-bit (Verified) Microsoft Windows
 

  • 0

#13
ForrestGump
Posted 14 October 2022 - 05:24 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

AS WITH EDGE

 

Process CPU Private Bytes Working Set PID Description Company Name User Name Path Image Type Verified Signer
System Idle Process 84.62 60 K 8 K 0 NT AUTHORITY\SYSTEM 64-bit
procexp64.exe 10.00 66,216 K 106,680 K 7532 Sysinternals Process Explorer Sysinternals - www.sysinternals.com HAL900\doher C:\Users\doher\AppData\Local\Temp\procexp64.exe 64-bit (Verified) Microsoft Corporation
SynTPEnh.exe 2.31 4,868 K 19,524 K 5032 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated HAL900\doher C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 64-bit (Verified) Synaptics Incorporated
dwm.exe 2.31 62,148 K 64,312 K 484 <access denied> [Error opening process]
Interrupts 0.77 0 K 0 K n/a Hardware Interrupts and DPCs 64-bit
explorer.exe < 0.01 47,496 K 128,152 K 3964 Windows Explorer Microsoft Corporation HAL900\doher C:\Windows\explorer.exe 64-bit (Verified) Microsoft Windows
msedge.exe < 0.01 22,044 K 41,180 K 7788 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
msedge.exe < 0.01 13,636 K 38,584 K 8036 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
msedge.exe < 0.01 68,360 K 189,560 K 1492 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
msedge.exe < 0.01 19,464 K 35,800 K 2108 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
wmpnetwk.exe 1,956 K 9,036 K 6312 Windows Media Player Network Sharing Service Microsoft Corporation <access denied> C:\Program Files\Windows Media Player\wmpnetwk.exe (Verified) Microsoft Windows
winlogon.exe 2,628 K 14,012 K 792 <access denied> [Error opening process]
wininit.exe 1,348 K 7,136 K 588 <access denied> [Error opening process]
UserOOBEBroker.exe 1,868 K 9,296 K 7812 User OOBE Broker Microsoft Corporation HAL900\doher C:\Windows\System32\oobe\UserOOBEBroker.exe 64-bit (Verified) Microsoft Windows
uhssvc.exe 1,264 K 6,524 K 4832 Microsoft Update Health Service Microsoft Corporation <access denied> C:\Program Files\Microsoft Update Health Tools\uhssvc.exe (Verified) Microsoft Windows
TextInputHost.exe 13,628 K 46,820 K 5172 Microsoft Corporation HAL900\doher C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe 64-bit (Verified) Microsoft Windows
taskhostw.exe 9,452 K 30,912 K 3204 Host Process for Windows Tasks Microsoft Corporation HAL900\doher C:\Windows\System32\taskhostw.exe 64-bit (Verified) Microsoft Windows
taskhostw.exe 4,828 K 12,468 K 3176 Host Process for Windows Tasks Microsoft Corporation HAL900\doher C:\Windows\System32\taskhostw.exe 64-bit (Verified) Microsoft Windows
SystemSettings.exe Suspended 48,320 K 1,900 K 4308 Settings Microsoft Corporation HAL900\doher C:\Windows\ImmersiveControlPanel\SystemSettings.exe 64-bit (Verified) Microsoft Windows
System 204 K 1,504 K 4 <access denied>
SynTPHelper.exe 1,064 K 5,024 K 6260 HAL900\doher [Access is denied.] 64-bit
SynTPEnhService.exe 1,148 K 4,912 K 4656 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated <access denied> C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 14,936 K 21,356 K 4176 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 6,152 K 22,912 K 2812 Host Process for Windows Services Microsoft Corporation HAL900\doher C:\Windows\System32\svchost.exe 64-bit (Verified) Microsoft Windows Publisher
svchost.exe 7,476 K 32,092 K 3060 Host Process for Windows Services Microsoft Corporation HAL900\doher C:\Windows\System32\svchost.exe 64-bit (Verified) Microsoft Windows Publisher
svchost.exe 6,800 K 13,504 K 972 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 9,628 K 26,004 K 820 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 6,360 K 14,932 K 1704 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,424 K 17,076 K 2404 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,640 K 11,532 K 4036 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 9,460 K 20,552 K 7072 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,924 K 7,760 K 1944 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 14,140 K 17,492 K 1380 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 8,892 K 17,928 K 2436 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,744 K 13,856 K 1960 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 3,856 K 20,076 K 2160 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,776 K 17,712 K 856 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,620 K 7,584 K 3408 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 15,672 K 34,036 K 4128 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 3,664 K 51,436 K 2272 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,952 K 9,648 K 1716 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,660 K 10,836 K 1400 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,952 K 9,696 K 2112 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,340 K 8,248 K 328 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 3,560 K 13,716 K 5584 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,732 K 8,116 K 2368 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,196 K 7,628 K 1668 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,024 K 8,352 K 3488 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,464 K 6,152 K 1056 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 3,848 K 8,092 K 1596 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,316 K 9,292 K 4152 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,812 K 7,648 K 2536 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,724 K 12,308 K 2504 Host Process for Windows Services Microsoft Corporation HAL900\doher C:\Windows\System32\svchost.exe 64-bit (Verified) Microsoft Windows Publisher
svchost.exe 1,764 K 8,540 K 5936 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,328 K 5,504 K 1064 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,896 K 11,932 K 1084 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,472 K 10,616 K 1148 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 5,668 K 15,260 K 1208 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 3,204 K 14,036 K 1240 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 3,076 K 9,208 K 1284 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,432 K 7,260 K 1352 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,156 K 8,856 K 1920 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,296 K 5,944 K 1980 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,228 K 11,884 K 1996 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,840 K 8,460 K 2052 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,872 K 8,116 K 2080 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,748 K 7,344 K 2092 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,736 K 6,952 K 2360 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,832 K 11,460 K 2416 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 3,296 K 11,680 K 2524 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 7,396 K 17,252 K 2996 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 5,568 K 18,604 K 2036 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,088 K 12,636 K 3160 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,868 K 7,676 K 3560 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,680 K 10,940 K 3976 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,264 K 5,948 K 3620 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,824 K 10,636 K 2564 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,248 K 6,024 K 4136 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,552 K 7,388 K 4340 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,536 K 6,552 K 4348 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,624 K 8,096 K 4412 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,240 K 4,720 K 4436 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,704 K 7,996 K 4484 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,124 K 9,780 K 4508 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,800 K 7,420 K 4588 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,168 K 5,548 K 4604 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,616 K 6,936 K 4616 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,444 K 6,680 K 4628 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,424 K 6,596 K 4732 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,256 K 5,804 K 4744 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,616 K 7,100 K 4776 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,380 K 5,616 K 4800 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,148 K 8,776 K 4896 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,736 K 8,108 K 4908 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,304 K 5,624 K 4956 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,996 K 7,604 K 5152 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,700 K 9,812 K 5292 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,724 K 18,572 K 5628 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,068 K 10,200 K 5672 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,900 K 6,160 K 5992 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,224 K 18,540 K 6288 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,248 K 8,920 K 6716 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,588 K 11,072 K 7556 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,672 K 10,300 K 5052 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 4,240 K 20,212 K 7892 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,940 K 7,928 K 1656 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,668 K 11,928 K 5808 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 1,592 K 10,980 K 5840 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
svchost.exe 2,388 K 14,232 K 2684 Host Process for Windows Services Microsoft Corporation <access denied> C:\Windows\System32\svchost.exe (Verified) Microsoft Windows Publisher
StartMenuExperienceHost.exe 23,996 K 70,608 K 3816 HAL900\doher C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe 64-bit (Verified) Microsoft Windows
ssh-agent.exe 1,352 K 5,308 K 4676 <access denied> C:\Windows\System32\OpenSSH\ssh-agent.exe (Verified) Microsoft Windows
spoolsv.exe 5,000 K 15,204 K 3396 Spooler SubSystem App Microsoft Corporation <access denied> C:\Windows\System32\spoolsv.exe (Verified) Microsoft Windows
SMSvcHost.exe 26,664 K 24,428 K 4028 SMSvcHost.exe Microsoft Corporation <access denied> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Verified) Microsoft Corporation
smss.exe 1,060 K 1,144 K 372 <access denied> [Error opening process]
smartscreen.exe 7,868 K 23,952 K 2400 Windows Defender SmartScreen Microsoft Corporation HAL900\doher C:\Windows\System32\smartscreen.exe 64-bit (Verified) Microsoft Windows
sihost.exe 5,720 K 25,596 K 2776 Shell Infrastructure Host Microsoft Corporation HAL900\doher C:\Windows\System32\sihost.exe 64-bit (Verified) Microsoft Windows
ShellExperienceHost.exe 15,436 K 52,804 K 6268 Windows Shell Experience Host Microsoft Corporation HAL900\doher C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 64-bit (Verified) Microsoft Windows
SgrmBroker.exe 3,772 K 6,900 K 4372 System Guard Runtime Monitor Broker Service Microsoft Corporation <access denied> C:\Windows\System32\SgrmBroker.exe (Verified) Microsoft Windows Publisher
services.exe 6,500 K 11,384 K 656 <access denied> [Error opening process]
SecurityHealthSystray.exe 1,812 K 13,124 K 7960 Windows Security notification icon Microsoft Corporation HAL900\doher C:\Windows\System32\SecurityHealthSystray.exe 64-bit (Verified) Microsoft Windows
SecurityHealthService.exe 4,600 K 16,892 K 7992 Windows Security Health Service Microsoft Corporation <access denied> C:\Windows\System32\SecurityHealthService.exe (Verified) Microsoft Windows Publisher
SearchProtocolHost.exe 2,668 K 14,816 K 7976 <access denied> [Error opening process]
SearchIndexer.exe 22,940 K 33,772 K 4852 Microsoft Windows Search Indexer Microsoft Corporation <access denied> C:\Windows\System32\SearchIndexer.exe (Verified) Microsoft Windows
SearchApp.exe Suspended 80,032 K 146,908 K 6908 Search application Microsoft Corporation HAL900\doher C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe 64-bit (Verified) Microsoft Windows
RuntimeBroker.exe 3,776 K 20,944 K 7500 Runtime Broker Microsoft Corporation HAL900\doher C:\Windows\System32\RuntimeBroker.exe 64-bit (Verified) Microsoft Windows
RuntimeBroker.exe 7,648 K 29,256 K 6016 Runtime Broker Microsoft Corporation HAL900\doher C:\Windows\System32\RuntimeBroker.exe 64-bit (Verified) Microsoft Windows
RuntimeBroker.exe 8,924 K 34,856 K 7336 Runtime Broker Microsoft Corporation HAL900\doher C:\Windows\System32\RuntimeBroker.exe 64-bit (Verified) Microsoft Windows
RuntimeBroker.exe 2,696 K 17,692 K 2012 Runtime Broker Microsoft Corporation HAL900\doher C:\Windows\System32\RuntimeBroker.exe 64-bit (Verified) Microsoft Windows
RuntimeBroker.exe 5,696 K 24,056 K 6512 Runtime Broker Microsoft Corporation HAL900\doher C:\Windows\System32\RuntimeBroker.exe 64-bit (Verified) Microsoft Windows
Registry 4,904 K 72,124 K 92 <access denied> [Error opening process]
procexp.exe 7,776 K 14,652 K 4492 Sysinternals Process Explorer Sysinternals - www.sysinternals.com HAL900\doher C:\Users\doher\OneDrive\Desktop\procexp.exe 32-bit (Verified) Microsoft Corporation
NisSrv.exe 3,652 K 10,848 K 7688 Microsoft Network Realtime Inspection Service Microsoft Corporation <access denied> C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe (Verified) Microsoft Windows Publisher
MsMpEng.exe 222,336 K 141,916 K 4816 Antimalware Service Executable Microsoft Corporation <access denied> C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe (Verified) Microsoft Windows Publisher
msedge.exe 28,796 K 67,140 K 2632 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
msedge.exe 7,836 K 19,852 K 5096 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
msedge.exe 67,652 K 131,856 K 6484 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
msedge.exe 2,036 K 7,556 K 5404 Microsoft Edge Microsoft Corporation HAL900\doher C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 64-bit (Verified) Microsoft Corporation
Memory Compression 68 K 140 K 1516 <access denied> [Error opening process]
lsass.exe 7,752 K 21,968 K 664 Local Security Authority Process Microsoft Corporation <access denied> C:\Windows\System32\lsass.exe (Verified) Microsoft Windows Publisher
LockApp.exe Suspended 16,480 K 54,468 K 7276 LockApp.exe Microsoft Corporation HAL900\doher C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe 64-bit (Verified) Microsoft Windows
fontdrvhost.exe 3,260 K 7,304 K 880 <access denied> [Error opening process]
fontdrvhost.exe 1,272 K 3,324 K 860 <access denied> [Error opening process]
dllhost.exe 1,964 K 9,300 K 6052 COM Surrogate Microsoft Corporation HAL900\doher C:\Windows\System32\dllhost.exe 64-bit (Verified) Microsoft Windows
DiagnosticsHub.StandardCollector.Service.exe 1,104 K 6,132 K 5776 Microsoft ® Diagnostics Hub Standard Collector Microsoft Corporation <access denied> C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Verified) Microsoft Windows
csrss.exe 9,004 K 5,612 K 596 <access denied> [Error opening process]
csrss.exe 1,744 K 5,348 K 480 <access denied> [Error opening process]
audiodg.exe 6,976 K 12,720 K 1732 <unable to open token> [Access is denied.] 64-bit
atiesrxx.exe 1,100 K 4,920 K 1840 AMD External Events Service Module AMD <access denied> C:\Windows\System32\atiesrxx.exe (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 2,280 K 9,440 K 1900 <access denied> [Error opening process]
ApplicationFrameHost.exe 8,196 K 30,544 K 5328 Application Frame Host Microsoft Corporation HAL900\doher C:\Windows\System32\ApplicationFrameHost.exe 64-bit (Verified) Microsoft Windows

  • 0

#14
ForrestGump
Posted 14 October 2022 - 05:25 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
Registry                        92 N/A                                         
smss.exe                       372 N/A                                         
csrss.exe                      480 N/A                                         
wininit.exe                    588 N/A                                         
csrss.exe                      596 N/A                                         
services.exe                   656 N/A                                         
lsass.exe                      664 KeyIso, SamSs, VaultSvc                     
winlogon.exe                   792 N/A                                         
svchost.exe                    820 BrokerInfrastructure, DcomLaunch, PlugPlay, 
                                   Power, SystemEventsBroker                   
fontdrvhost.exe                860 N/A                                         
fontdrvhost.exe                880 N/A                                         
svchost.exe                    972 RpcEptMapper, RpcSs                         
svchost.exe                    328 LSM                                         
dwm.exe                        484 N/A                                         
svchost.exe                   1056 CoreMessagingRegistrar                      
svchost.exe                   1064 lmhosts                                     
svchost.exe                   1084 TimeBrokerSvc                               
svchost.exe                   1148 NcbService                                  
svchost.exe                   1208 Schedule                                    
svchost.exe                   1240 ProfSvc                                     
svchost.exe                   1284 DisplayEnhancementService                   
svchost.exe                   1352 DispBrokerDesktopSvc                        
svchost.exe                   1380 EventLog                                    
svchost.exe                   1400 UserManager                                 
svchost.exe                   1596 nsi                                         
svchost.exe                   1668 Dhcp                                        
svchost.exe                   1704 StateRepository                             
svchost.exe                   1716 camsvc                                      
atiesrxx.exe                  1840 AMD External Events Utility                 
atieclxx.exe                  1900 N/A                                         
svchost.exe                   1920 CscService                                  
svchost.exe                   1944 EventSystem                                 
svchost.exe                   1960 SysMain                                     
svchost.exe                   1980 Themes                                      
svchost.exe                   1996 NlaSvc                                      
Memory Compression            1516 N/A                                         
svchost.exe                   2052 SENS                                        
svchost.exe                   2080 AudioEndpointBuilder                        
svchost.exe                   2092 FontCache                                   
svchost.exe                   2112 netprofm                                    
svchost.exe                   2272 Audiosrv                                    
svchost.exe                   2360 DusmSvc                                     
svchost.exe                   2368 Dnscache                                    
svchost.exe                   2404 DoSvc                                       
svchost.exe                   2416 Wcmsvc                                      
svchost.exe                   2436 BFE, mpssvc                                 
svchost.exe                   2524 WwanSvc                                     
svchost.exe                   2536 WinHttpAutoProxySvc                         
sihost.exe                    2776 N/A                                         
svchost.exe                   2812 CDPUserSvc_27b9f                            
svchost.exe                   2996 Winmgmt                                     
svchost.exe                   3060 WpnUserService_27b9f                        
svchost.exe                   2036 WlanSvc                                     
svchost.exe                   2160 TokenBroker                                 
svchost.exe                   3160 ShellHWDetection                            
taskhostw.exe                 3176 N/A                                         
taskhostw.exe                 3204 N/A                                         
spoolsv.exe                   3396 Spooler                                     
svchost.exe                   3488 LanmanWorkstation                           
svchost.exe                   3560 WebClient                                   
explorer.exe                  3964 N/A                                         
svchost.exe                   3976 iphlpsvc                                    
svchost.exe                   4036 StorSvc                                     
svchost.exe                   3620 DeviceAssociationService                    
svchost.exe                   2564 CryptSvc                                    
svchost.exe                   4128 DiagTrack                                   
svchost.exe                   4136 DialogBlockingService                       
svchost.exe                   4152 LanmanServer                                
svchost.exe                   4176 DPS                                         
svchost.exe                   4340 fdPHost                                     
svchost.exe                   4348 hidserv                                     
svchost.exe                   4412 IKEEXT                                      
svchost.exe                   4436 KtmRm                                       
svchost.exe                   4484 Eaphost                                     
svchost.exe                   4508 PcaSvc                                      
svchost.exe                   4588 PolicyAgent                                 
svchost.exe                   4604 seclogon                                    
svchost.exe                   4616 SstpSvc                                     
svchost.exe                   4628 SharedAccess                                
SynTPEnhService.exe           4656 SynTPEnhService                             
svchost.exe                   4732 TermService                                 
svchost.exe                   4744 TrkWks                                      
svchost.exe                   4776 W32Time                                     
svchost.exe                   4800 WerSvc                                      
MsMpEng.exe                   4816 WinDefend                                   
SearchIndexer.exe             4852 WSearch                                     
svchost.exe                   4896 RmSvc                                       
svchost.exe                   4908 NgcSvc                                      
svchost.exe                   4956 WdiServiceHost                              
SynTPEnh.exe                  5032 N/A                                         
svchost.exe                   5152 TapiSrv                                     
svchost.exe                   5292 FDResPub                                    
svchost.exe                   5584 RasMan                                      
svchost.exe                   5628 CDPSvc                                      
svchost.exe                   5672 NgcCtnrSvc                                  
svchost.exe                   5936 Appinfo                                     
svchost.exe                   5992 WdiSystemHost                               
SynTPHelper.exe               6260 N/A                                         
svchost.exe                   6288 lfsvc                                       
wmpnetwk.exe                  6312 WMPNetworkSvc                               
StartMenuExperienceHost.e     3816 N/A                                         
TextInputHost.exe             5172 N/A                                         
RuntimeBroker.exe             6512 N/A                                         
svchost.exe                   6716 UsoSvc                                      
SearchApp.exe                 6908 N/A                                         
RuntimeBroker.exe             6016 N/A                                         
LockApp.exe                   7276 N/A                                         
RuntimeBroker.exe             7336 N/A                                         
RuntimeBroker.exe             7500 N/A                                         
svchost.exe                   7556 BthAvctpSvc                                 
NisSrv.exe                    7688 WdNisSvc                                    
SecurityHealthSystray.exe     7960 N/A                                         
SecurityHealthService.exe     7992 SecurityHealthService                       
SystemSettings.exe            4308 N/A                                         
ApplicationFrameHost.exe      5328 N/A                                         
UserOOBEBroker.exe            7812 N/A                                         
svchost.exe                   2504 OneSyncSvc_27b9f                            
DiagnosticsHub.StandardCo     5776 diagnosticshub.standardcollector.service    
SMSvcHost.exe                 4028 NetTcpPortSharing                           
SgrmBroker.exe                4372 SgrmBroker                                  
ssh-agent.exe                 4676 ssh-agent                                   
uhssvc.exe                    4832 uhssvc                                      
svchost.exe                   5052 wscsvc                                      
ShellExperienceHost.exe       6268 N/A                                         
RuntimeBroker.exe             2012 N/A                                         
svchost.exe                   7892 WpnService                                  
svchost.exe                   1656 SSDPSRV                                     
svchost.exe                   5808 WbioSrvc                                    
svchost.exe                   5840 LicenseManager                              
svchost.exe                   2684 InstallService                              
dllhost.exe                   6052 N/A                                         
msedge.exe                    1492 N/A                                         
msedge.exe                    5404 N/A                                         
msedge.exe                    7788 N/A                                         
msedge.exe                    8036 N/A                                         
msedge.exe                    5096 N/A                                         
msedge.exe                    2632 N/A                                         
svchost.exe                   3408 AppXSvc                                     
notepad.exe                   5108 N/A                                         
msedge.exe                    6628 N/A                                         
msedge.exe                    7112 N/A                                         
msedge.exe                    7412 N/A                                         
msedge.exe                    7012 N/A                                         
svchost.exe                   4952 cbdhsvc_27b9f                               
smartscreen.exe                  8 N/A                                         
audiodg.exe                    220 N/A                                         
cmd.exe                       5280 N/A                                         
conhost.exe                   2828 N/A                                         
svchost.exe                   5436 wlidsvc                                     
tasklist.exe                  6484 N/A                                         
WmiPrvSE.exe                  2016 N/A                                         

  • 0

#15
ForrestGump
Posted 14 October 2022 - 05:57 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Attached File  SPECCY.txt   106.44KB   180 downloads


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP