Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus Infection

Started by ForrestGump , Oct 05 2022 11:38 PM
Virus

  • Please log in to reply

#16
ForrestGump
Posted 14 October 2022 - 06:09 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:55  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        HAL900
OS version:                                           Windows 10, 10.0, version 2009, build: 19044 (x64)
Hardware:                                             HP G61 Notebook PC, Hewlett-Packard
BIOS:                                                 Default System BIOS
CPU:                                                  AuthenticAMD AMD Athlon™ II Dual-Core M300
Logical processors:                                   2
Processor groups:                                     1
Processor group size:                                 2
RAM:                                                  7932 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed (WMI):                             20 MHz
Reported CPU speed (registry):                        1995 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   74.70
Average measured interrupt to process latency (µs):   10.276967
 
Highest measured interrupt to DPC latency (µs):       54.20
Average measured interrupt to DPC latency (µs):       3.843646
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              117.493233
Driver with highest ISR routine execution time:       storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.056184
Driver with highest ISR total time:                   storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.077113
 
ISR count (execution time <250 µs):                   6498
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               0
ISR count (execution time 1000-2000 µs):              0
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              924.687218
Driver with highest DPC routine execution time:       ntoskrnl.exe - NT Kernel & System, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.122251
Driver with highest DPC total execution time:         storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in DPCs (%)                          0.325112
 
DPC count (execution time <250 µs):                   42249
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              1
DPC count (execution time 1000-2000 µs):              0
DPC count (execution time 2000-4000 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 latmon.exe
 
Total number of hard pagefaults                       4
Hard pagefault count of hardest hit process:          2
Number of processes hit:                              3
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       1.955582
CPU 0 ISR highest execution time (µs):                117.493233
CPU 0 ISR total execution time (s):                   0.082016
CPU 0 ISR count:                                      5956
CPU 0 DPC highest execution time (µs):                924.687218
CPU 0 DPC total execution time (s):                   0.254609
CPU 0 DPC count:                                      35474
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.476056
CPU 1 ISR highest execution time (µs):                11.746366
CPU 1 ISR total execution time (s):                   0.003724
CPU 1 ISR count:                                      542
CPU 1 DPC highest execution time (µs):                97.452632
CPU 1 DPC total execution time (s):                   0.106877
CPU 1 DPC count:                                      6776
_________________________________________________________________________________________________________

  • 0

Advertisements

#17
ForrestGump
Posted 14 October 2022 - 07:07 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Now I have a weird report?

 

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system seems to be having difficulty handling real-time audio and other tasks. You may experience drop outs, clicks or pops due to buffer underruns. One problem may be related to power management, disable CPU throttling settings in Control Panel and BIOS setup. Check for BIOS updates. 
LatencyMon has been analyzing your system for  0:00:39  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        HAL900
OS version:                                           Windows 10, 10.0, version 2009, build: 19044 (x64)
Hardware:                                             HP G61 Notebook PC, Hewlett-Packard
BIOS:                                                 Default System BIOS
CPU:                                                  AuthenticAMD AMD Athlon™ II Dual-Core M300
Logical processors:                                   2
Processor groups:                                     1
Processor group size:                                 2
RAM:                                                  7932 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed (WMI):                             20 MHz
Reported CPU speed (registry):                        1995 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   1512.80
Average measured interrupt to process latency (µs):   10.774543
 
Highest measured interrupt to DPC latency (µs):       104.0
Average measured interrupt to DPC latency (µs):       3.704157
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              78.243108
Driver with highest ISR routine execution time:       storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0.041216
Driver with highest ISR total time:                   storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in ISRs (%)                          0.082210
 
ISR count (execution time <250 µs):                   5225
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-1000 µs):               0
ISR count (execution time 1000-2000 µs):              0
ISR count (execution time 2000-4000 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              314.341855
Driver with highest DPC routine execution time:       ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation
 
Highest reported total DPC routine time (%):          0.084199
Driver with highest DPC total execution time:         storport.sys - Microsoft Storage Port Driver, Microsoft Corporation
 
Total time spent in DPCs (%)                          0.317704
 
DPC count (execution time <250 µs):                   29858
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-10000 µs):              2
DPC count (execution time 1000-2000 µs):              0
DPC count (execution time 2000-4000 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 svchost.exe
 
Total number of hard pagefaults                       4
Hard pagefault count of hardest hit process:          2
Number of processes hit:                              3
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       1.415838
CPU 0 ISR highest execution time (µs):                78.243108
CPU 0 ISR total execution time (s):                   0.059087
CPU 0 ISR count:                                      3974
CPU 0 DPC highest execution time (µs):                314.341855
CPU 0 DPC total execution time (s):                   0.188659
CPU 0 DPC count:                                      26009
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0.356601
CPU 1 ISR highest execution time (µs):                10.067669
CPU 1 ISR total execution time (s):                   0.005267
CPU 1 ISR count:                                      1251
CPU 1 DPC highest execution time (µs):                80.789474
CPU 1 DPC total execution time (s):                   0.060040
CPU 1 DPC count:                                      3851
_________________________________________________________________________________________________________

  • 0

#18
ForrestGump
Posted 14 October 2022 - 07:34 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Screenshot (1).jpeg .


  • 0

#19
ForrestGump
Posted 14 October 2022 - 07:43 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Screenshot (2).jpeg


  • 0

#20
ForrestGump
Posted 14 October 2022 - 09:38 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2022
Ran by doher (14-10-2022 22:26:38) Run:4
Running from C:\Users\doher\OneDrive\Desktop
Loaded Profiles: doher
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: {3C7D335C-0590-4CDA-9BCD-7EBD1813A3BF} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\doher\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-10-07] (ESET, spol. s r.o. -> ESET)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [277232 2022-09-28] (Wondershare Technology Group Co.,Ltd -> Wondershare)
S2 DFWSIDService; C:\Program Files (x86)\Wondershare\drfone\WsidService.exe [X]
S2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\ElevationService.exe [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\DriverInstall.exe [X]
S1 npcap; \SystemRoot\system32\DRIVERS\npcap.sys [X]
U4 npcap_wifi; no ImagePath 
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C7D335C-0590-4CDA-9BCD-7EBD1813A3BF}" => not found
"C:\WINDOWS\System32\Tasks\EOSv3 Scheduler onTime" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => not found
Wondershare InstallAssist => service not found.
DFWSIDService => service not found.
ElevationService => service not found.
WsDrvInst => service not found.
npcap => service not found.
npcap_wifi => service not found.
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "AMSI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Application" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "DirectShowFilterGraph" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "DirectShowPluginControl" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Els_Hyphenation/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "EndpointMapper" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "FirstUXPerf-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "ForwardedEvents" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "HardwareEvents" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "IHM_DebugChannel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Intel-iaLPSS-GPIO/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Intel-iaLPSS-I2C/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Intel-iaLPSS2-GPIO2/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Intel-iaLPSS2-GPIO2/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Intel-iaLPSS2-I2C/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Intel-iaLPSS2-I2C/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Internet Explorer" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Key Management Service" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MF_MediaFoundationDeviceMFT" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MF_MediaFoundationDeviceProxy" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MF_MediaFoundationFrameServer" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MedaFoundationVideoProc" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MedaFoundationVideoProcD3D" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationAsyncWrapper" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationContentProtection" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationDS" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationDeviceProxy" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationMP4" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationMediaEngine" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationPerformance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationPerformanceCore" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationPipeline" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationPlatform" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "MediaFoundationSrcPrefetch" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-AppV-Client-Streamingux/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-AppV-Client/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-AppV-Client/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-AppV-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-AppV-Client/Virtual Applications" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-AppV-SharedPerformance/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Client-License-Flexible-Platform/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Client-License-Flexible-Platform/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Client-License-Flexible-Platform/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Client-Licensing-Platform/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Client-Licensing-Platform/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Client-Licensing-Platform/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-IE/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-IEFRAME/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-JSDumpHeap/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-OneCore-Setup/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-PerfTrack-IEFRAME/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-PerfTrack-MSHTML/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-Admin/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-Agent Driver/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-Agent Driver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-App Agent/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-App Agent/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-App Agent/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-IPC/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AAD/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AAD/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ADSI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ASN1/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ATAPort/General" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ATAPort/SATA-LPM" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ActionQueue/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-All-User-Install-Agent/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AllJoyn/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AllJoyn/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppHost/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppHost/ApplicationTracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppHost/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppHost/Internal" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppID/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/EXE and DLL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/MSI and Script" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/Packaged app-Deployment" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/Packaged app-Execution" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Diagnostics" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppModel-State/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppModel-State/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppReadiness/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppReadiness/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppReadiness/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppSruProv" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppXDeployment/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppXDeployment/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Restricted" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ApplicabilityEngine/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ApplicabilityEngine/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Inventory" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Telemetry" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Steps-Recorder" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppxPackaging/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppxPackaging/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AppxPackaging/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccess/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccess/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccessBroker/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccessBroker/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AsynchronousCausality/Causality" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audio/CaptureMonitor" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audio/GlitchDetection" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audio/Informational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audio/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audio/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audio/PlaybackManager" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Audit/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Authentication User Interface/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Authentication/ProtectedUser-Client" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-AxInstallService/Log" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHPORT/HCI" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHPORT/L2CAP" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHUSB/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHUSB/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BackgroundTaskInfrastructure/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Backup" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Base-Filtering-Engine-Connections/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Battery/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Biometrics/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Biometrics/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BitLocker-Driver-Performance/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BitLocker/BitLocker Management" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BitLocker/BitLocker Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BitLocker/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Bits-Client/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Bits-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-Bthmini/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-MTPEnum/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-Policy/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BranchCache/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheEventProvider/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheMonitoring/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheSMB/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheSMB/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CAPI2/Catalog Database Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CAPI2/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CDROM/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/ApartmentInitialize" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/ApartmentUninitialize" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/Call" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/CreateInstance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/ExtensionCatalog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/FreeUnusedLibrary" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COM/RundownInstrumentation" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COMRuntime/Activations" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COMRuntime/MessageProcessing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-COMRuntime/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CertPoleEng/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Cleanmgr/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ClearTypeTextTuner/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CloudStore/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CloudStore/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CmiSetup/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CodeIntegrity/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CodeIntegrity/Verbose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ComDlg32/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ComDlg32/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Compat-Appraiser/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Compat-Appraiser/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Containers-BindFlt/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Containers-BindFlt/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcifs/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcifs/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcnfs/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcnfs/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreApplication/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreApplication/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreApplication/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreWindow/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CoreWindow/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CorruptedFileRecovery-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CorruptedFileRecovery-Server/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crashdump/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-CredUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-BCRYPT/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-CNG/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DPAPI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DPAPI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DSSEnh/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-NCrypt/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-RNG/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Crypto-RSAEnh/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-D3D10Level9/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-D3D10Level9/PerfTiming" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DAL-Provider/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DAL-Provider/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DAMM/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DCLocator/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DDisplay/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DDisplay/Logging" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DLNA-Namespace/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DNS-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DSC/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DSC/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DSC/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DSC/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DUSER/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DXGI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DXGI/Logging" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DXP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Data-Pdf/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DataIntegrityScan/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DataIntegrityScan/CrashRecovery" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DateTimeControlPanel/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DateTimeControlPanel/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DateTimeControlPanel/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Scrubbing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Defrag-Core/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Deplorch/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DesktopActivityModerator/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceAssociationService/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceConfidence/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceGuard/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceGuard/Verbose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceSync/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceSync/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceUpdateAgent/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceUx/Informational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DeviceUx/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Devices-Background/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dhcp-Client/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dhcp-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dhcpv6-Client/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dhcpv6-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DiagCpl/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-DPS/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-DPS/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-DPS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-MSDE/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PCW/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PCW/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PCW/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PLA/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PLA/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Perfhost/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scheduled/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-WDC/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-WDI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Networking/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Networking/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Performance/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D10/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D10_1/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D11/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D11/Logging" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D11/PerfTiming" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D12/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D12/Logging" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D12/PerfTiming" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3D9/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Direct3DShaderCache/Default" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DirectComposition/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DirectManipulation/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DirectShow-KernelSupport/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DirectSound/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Disk/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DiskDiagnostic/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DiskDiagnosticDataCollector/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DiskDiagnosticResolver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dism-Api/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dism-Api/ExternalAnalytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dism-Api/InternalAnalytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dism-Cli/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DisplayColorCalibration/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DisplayColorCalibration/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DisplaySwitch/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Documents/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dot3MM/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DriverFrameworks-UserMode/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DucUpdateAgent/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dwm-API/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Core/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Dwm/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Redir/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Udwm/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl-Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl-Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Contention" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Power" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-DxpTaskSyncProvider/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EDP-Application-Learning/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EDP-Audit-Regular/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EDP-Audit-TCB/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EFS/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ESE/IODiagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ESE/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapHost/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapHost/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapHost/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-RasChap/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-RasTls/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-Sim/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-Ttls/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EaseOfAccess/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Energy-Estimation-Engine/EventLog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Energy-Estimation-Engine/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EventCollector/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EventCollector/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EventLog-WMIProvider/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EventLog/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-EventLog/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FMS/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FMS/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FMS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FailoverClustering-Client/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Fault-Tolerant-Heap/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FeatureConfiguration/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FeatureConfiguration/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Catalog/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Catalog/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-ConfigManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-ConfigManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Core/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Core/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Core/WHC" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Engine/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Engine/BackupLog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Engine/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-EventListener/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-EventListener/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Service/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Service/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-UI-Events/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-UI-Events/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-FileInfoMinifilter/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Firewall-CPL/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Folder Redirection/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Forwarding/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Forwarding/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-GPIO-ClassExtension/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-GenericRoaming/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-GroupPolicy/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HAL/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HealthCenter/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HealthCenter/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HealthCenterCPL/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HelloForBusiness/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Help/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Control Panel/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Listener Service/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Provider Service/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup-ListenerService" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HotspotAuth/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HotspotAuth/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HttpService/Log" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-HttpService/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Hypervisor-Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Hypervisor-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Hypervisor-Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-NETVSC/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-VID-Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-VID-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IE-SmartScreen" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IKE/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IKEDBG/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-Broker/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-CandidateUI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-CustomerFeedbackManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-JPAPI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-JPLMP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-JPPRED/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-JPSetting/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-JPTIP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-KRAPI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-KRTIP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-OEDCompiler/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-TCCORE/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-TCTIP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IME-TIP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IPNAT/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IPSEC-SRV/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IPxlatCfg/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IPxlatCfg/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IdCtrls/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IdCtrls/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Input-HIDCLASS-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-InputSwitch/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-International-RegionalOptionsControlPanel/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Iphlpsvc/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Iphlpsvc/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Iphlpsvc/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-KdsSvc/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kerberos/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Acpi/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-AppCompat/General" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-AppCompat/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ApphelpCache/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ApphelpCache/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ApphelpCache/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Boot/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Boot/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Disk/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-EventTracing/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-EventTracing/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-File/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-IO/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-IoTrace/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-LiveDump/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-LiveDump/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Memory/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Network/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Pdc/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Pep/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Configuration" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Power/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Power/Thermal-Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Power/Thermal-Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Prefetch/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Process/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Processor-Power/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Registry/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Registry/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ShimEngine/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ShimEngine/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ShimEngine/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-StoreMgr/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-StoreMgr/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WDI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WDI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WDI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WHEA/Errors" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WHEA/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Kernel-XDV/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-KeyboardFilter/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-KeyboardFilter/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-KeyboardFilter/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Known Folders API Service" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-L2NA/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LDAP-Client/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LSA/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LSA/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LSA/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LUA-ConsentUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LanguagePackSetup/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LanguagePackSetup/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LanguagePackSetup/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LimitsManagement/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LiveId/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-LiveId/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MPS-CLNT/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MPS-DRV/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MPS-SRV/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MSFTEDIT/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MUI/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MUI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MUI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MUI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Media-Streaming/DMC" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Media-Streaming/DMR" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Media-Streaming/MDE" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFReadWrite/Transform" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-Performance/SARStreamResource" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-PlayAPI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MemoryDiagnostics-Results/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Minstore/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Minstore/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-MobilityCenter/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Diagnostics" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Mprddm/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NCSI/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NCSI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NDF-HelperClassDiscovery/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NDIS-PacketCapture/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NDIS/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NDIS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NTLM/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NWiFi/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Narrator/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Ncasvc/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NcdAutoSetup/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NcdAutoSetup/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NdisImPlatform/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Ndu/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetShell/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Network-Connection-Broker" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Network-DataUsage/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Network-Setup/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Network-and-Sharing-Center/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkBridge/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkLocationWizard/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkProfile/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkProfile/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkProvider/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkProvisioning/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkProvisioning/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkSecurity/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NetworkStatus/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Networking-Correlation/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Networking-RealTimeCommunication/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NlaSvc/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-NlaSvc/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Ntfs/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Ntfs/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Ntfs/WHC" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OLE/Clipboard-Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OLEACC/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OLEACC/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-Core/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-DUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-DUI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OcpUpdateAgent/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/SyncLog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OneBackup/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OneX/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OneX/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OobeLdr/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-OtpCredentialProvider/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PCI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PackageStateRoaming/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PackageStateRoaming/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PackageStateRoaming/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ParentalControls/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Partition/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Partition/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PerceptionRuntime/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PerceptionSensorDataService/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-Nvdimm/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-Nvdimm/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-PmemDisk/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-PmemDisk/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Certification" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Diagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PhotoAcq/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PlayToManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Policy/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Policy/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PortableDeviceStatusProvider/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PortableDeviceSyncProvider/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Power-Meter-Polling/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerCfg/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerCpl/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PrimaryNetworkIcon/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PrintBRM/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PrintService-USBMon/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PrintService/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PrintService/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PrintService/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Privacy-Auditing/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ProcessStateManager/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Program-Compatibility-Assistant/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Proximity-Common/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Proximity-Common/Informational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Proximity-Common/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Developer/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-InProc/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Platform/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Platform/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Platform/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-QoS-Pacer/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-QoS-qWAVE/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RPC-Proxy/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RPC/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RPC/EEInfo" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RRAS/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RRAS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RadioManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RasAgileVpn/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RasAgileVpn/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ReFS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoost/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoost/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoostDriver/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoostDriver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Regsvr32/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteAssistance/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteAssistance/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteAssistance/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Remotefs-Rdbss/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Remotefs-Rdbss/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ResetEng-Trace/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Resource-Exhaustion-Detector/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ResourcePublication/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RestartManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RetailDemo/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-RetailDemo/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Graphics/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Networking/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Web-Http/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-WebAPI/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime/CreateInstance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Runtime/Error" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SENSE/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/HelperClassDiagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/ObjectStateDiagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBDirect/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBDirect/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBDirect/Netmon" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Audit" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Connectivity" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Security" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBWitnessClient/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SMBWitnessClient/Informational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SPB-ClassExtension/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SPB-HIDI2C/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Schannel-Events/Perf" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sdbus/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sdbus/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sdstor/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Search-Core/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SearchUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SearchUI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SecureAssessment/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Adminless/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Audit-Configuration-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-IdentityListener/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-IdentityStore/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Mitigations/KernelMode" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Mitigations/UserMode" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Netlogon/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX-GC/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP/Perf" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-UserConsentVerifier/Audit" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Security-Vault/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SecurityMitigationsBroker/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SecurityMitigationsBroker/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SecurityMitigationsBroker/Perf" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SendTo/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sens/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SenseIR/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sensors/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sensors/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Serial-ClassExtension-V2/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Serial-ClassExtension/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ServiceReportingApi/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Services-Svchost/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Services/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Servicing/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-Azure/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-Azure/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-OneDrive/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-OneDrive/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-OneDrive/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/VerboseDebug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Setup/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SetupCl/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SetupPlatform/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SetupQueue/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SetupUGC/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AppWizCpl/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/ActionCenter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/AppDefaults" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/LogonTasksChannel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-LockScreenContent/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-OpenWith/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-Shwebsvc" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shell-ZipFolder/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Shsvcs/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SleepStudy/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-Audit/Authentication" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-DeviceEnum/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmartScreen/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Audit" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Connectivity" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Security" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Speech-UserExperience/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Spell-Checking/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SpellChecker/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Spellchecking-Host/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SruMon/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SrumTelemetry" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Restricted" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorDiag/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorPort/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Diagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Diagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Diagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Diagnose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Health" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Tiering-IoHeat/Heat" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storage-Tiering/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageManagement/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageManagement/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSettings/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Driver/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Driver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Driver/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-ManagementAgent/WHC" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-SpaceManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Store/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Storsvc/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Subsys-Csr/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Subsys-SMSS/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Superfetch/Main" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Superfetch/PfApLog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Superfetch/StoreLog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Sysprep/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-System-Profile-HardwareId/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsHandlers/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsThreshold/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsThreshold/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsThreshold/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TCPIP/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TCPIP/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TSF-msctf/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TSF-msctf/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TSF-msutb/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TSF-msutb/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TTS/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TWinAPI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TWinUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TWinUI/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TZSync/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TZSync/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TZUtil/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Maintenance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TaskbarCPL/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TenantRestrictions/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-MediaRedirection/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Tethering-Manager/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Tethering-Station/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ThemeCPL/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ThemeUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Threat-Intelligence/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Time-Service/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Troubleshooting-Recommended/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Troubleshooting-Recommended/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-TunnelDriver" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UAC-FileVirtualization/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UAC/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UI-Shell/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UIAnimation/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UIAutomationCore/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UIAutomationCore/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UIAutomationCore/Perf" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UIRibbon/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-MAUSBHOST-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-UCX-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-USBHUB/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-USBHUB3-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-USBPORT/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-USBXHCI-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-USBVideo/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UniversalTelemetryClient/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel Performance/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel Usage/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Device Registration/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Device Registration/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Profile Service/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User Profile Service/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User-Loader/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-User-Loader/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserAccountControl/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserModePowerService/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/ActionCenter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/DeviceInstall" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/DeviceMetadata/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/SchedulerOperations" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UxInit/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-UxTheme/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VAN/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VDRVROOT/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VHDMP-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VHDMP-Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VIRTDISK-Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VPN-Client/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VPN/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VWiFi/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VerifyHardwareSecurity/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VerifyHardwareSecurity/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Volume/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VolumeControl/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VolumeSnapshot-Driver/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-VolumeSnapshot-Driver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WABSyncProvider/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WCN-Config-Registrar/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WCNWiz/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WDAG-PolicyEvaluator-CSP/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WDAG-PolicyEvaluator-GP/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WEPHOSTSVC/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WER-PayloadHealth/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WFP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WFP/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WLAN-AutoConfig/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WLAN-Autoconfig/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WLAN-Driver/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WLAN-MediaManager/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WLANConnectionFlow/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMI-Activity/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMI-Activity/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMI-Activity/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMPDMCUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMPNSS-Service/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMPNSS-Service/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WMPNSSUI/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-API/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-ClassInstaller/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-ClassInstaller/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-CompositeClassDriver/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-CompositeClassDriver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPBT/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPClassDriver/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPClassDriver/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPIP/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPUS/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WSC-SRV/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WUSA/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WWAN-CFE/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WWAN-MM-Events/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WWAN-MediaManager/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WWAN-SVC-Events/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WWAN-SVC-Events/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wcmsvc/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wcmsvc/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebAuth/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebAuthN/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebIO-NDF/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebIO/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebPlatStorage-Server" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebServices/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WebcamProvider/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Websocket-Protocol-Component/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WiFiDisplay/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Concurrency" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Contention" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Messages" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Power" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Render" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Win32k/UIPI" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinHTTP-NDF/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinHttp-Pca" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinHttp/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinHttp/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet-Capture/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet-Config/ProxyConfigChanged" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet/Pca" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet/UsageLog" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinINet/WebSocket" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinMDE/MDE" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinML/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinNat/Oper" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinNat/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinRM/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinRM/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinRM/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WinURLMon/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windeploy/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Defender/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Defender/WHC" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallDiagnostics" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsBackup/ActionCenter" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsColorSystem/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsColorSystem/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsSystemAssessmentTool/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsSystemAssessmentTool/Tracing" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsUIImmersive/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsUIImmersive/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsUpdateClient/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WindowsUpdateClient/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wininit/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Winlogon/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Winlogon/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Winsock-AFD/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Winsock-NameResolution/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Winsock-WS2HELP/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Winsrv/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wired-AutoConfig/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wired-AutoConfig/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WlanDlg/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wordpad/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wordpad/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Wordpad/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/WHC" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-Workplace Join/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-XAML-Diagnostics/Default" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-XAML/Default" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-XAudio2/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-XAudio2/Performance" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-glcnd/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-glcnd/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-glcnd/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-mobsync/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ntshrui" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-ntshrui-perf" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-osk/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-stobject/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-wmbclass/Analytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-Windows-wmbclass/Trace" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-WindowsPhone-Connectivity-WiFiConnSvc-Channel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-WindowsPhone-LocationServiceProvider/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-WindowsPhone-Net-Cellcore-CellManager/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Microsoft-WindowsPhone-Net-Cellcore-CellularAPI/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "NIS-Driver-WFP/Diagnostic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Navigator" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Network Isolation Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "OSK_SoftKeyboard_Channel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "OpenSSH/Admin" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "OpenSSH/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "OpenSSH/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Physical_Keyboard_Manager_Channel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "PlayReadyPerformanceChannel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "RTWorkQueueExtended" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "RTWorkQueueTheading" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "SMSApi" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Security" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Setup" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "SmbWmiAnalytic" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "System" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "SystemEventsBroker" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "TabletPC_InputPanel_Channel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "TabletPC_InputPanel_Channel/IHM" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "TimeBroker" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "UIManager_Channel" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Uac/Debug" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_KS_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_MFH264Enc_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_MP4SDECD_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_MSMPEG2ADEC_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_MSMPEG2VDEC_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_VC1ENC_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_WMPHOTO_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WINDOWS_wmvdecod_CHANNEL" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WMPSetup" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "WMPSyncEngine" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Windows Networking Vpn Plugin Platform/Operational" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Windows Networking Vpn Plugin Platform/OperationalVerbose" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "Windows PowerShell" 
 
C:\Users\doher\OneDrive\Desktop>wevtutil cl "muxencode" 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 22:27:19 ====

  • 0

#21
ForrestGump
Posted 14 October 2022 - 09:39 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2022
Ran by doher (administrator) on HAL900 (Hewlett-Packard HP G61 Notebook PC) (14-10-2022 23:21:31)
Running from C:\Users\doher\OneDrive\Desktop
Loaded Profiles: doher
Platform: Microsoft Windows 10 Pro Version 21H2 19044.2130 (X64) Language: English (United States) -> English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(services.exe ->) (Microsoft Windows -> ) C:\Windows\System32\OpenSSH\ssh-agent.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-03-31] (Synaptics Incorporated -> Synaptics Incorporated)
HKLM\Software\...\Authentication\Credential Providers: [{f64945df-4fa9-4068-a2fb-61af319edd33}] -> C:\WINDOWS\system32\rdpcredentialprovider.dll [2022-10-04] (Microsoft Windows -> Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03EC6479-8F8A-4D7C-83AD-B1CD92525A99} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\doher\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [21737944 2022-10-07] (ESET, spol. s r.o. -> ESET)
Task: {49FE8065-6116-4805-ABE6-8AC5A701AC01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {68C41DE8-8019-41A1-9490-B591FA93E3C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {71E5D0B3-3F2A-42B8-B236-4432C6682F72} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DC4C0EB6-2B17-4247-B480-AFD59AE8B613} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{021fd832-feba-48e3-a654-c7a10dc0b2a2}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3ef97509-01c4-40b1-9008-612705e6a517}: [DhcpNameServer] 192.168.2.1
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-14]
Edge Notifications: Default -> hxxps://www.youtube.com
Edge DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
Edge DefaultSearchKeyword: Default -> duckduckgo.com
Edge DefaultSuggestURL: Default -> hxxps://duckduckgo.com/ac/?q={searchTerms}&type=list
Edge Extension: (DuckDuckGo) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caoacbimdbbljakfhgikoodekdnlcgpk [2022-10-04]
Edge Extension: (uBlock Origin) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2022-10-04]
Edge Extension: (Enhancer for YouTube™) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlgfaleeejmphhnemjgiaekdbonkagkd [2022-10-07]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022-10-11]
Edge Extension: (MSN New Tab) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lklfbkdigihjaaeamncibechhgalldgl [2022-10-04]
Edge Extension: (Privacy Badger) - C:\Users\doher\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2022-10-04]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224192 2022-10-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [80280 2022-10-07] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [27744 2021-03-09] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 rspSanity; C:\WINDOWS\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Daniel Terhell -> Resplendence Software Projects Sp.)
S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [205552 2021-02-12] (RH Software Ltd -> Ray Hinchliffe)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-10-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [455968 2022-10-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-14] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-14 22:52 - 2022-10-14 23:01 - 000000000 ____D C:\Program Files\Recuva
2022-10-14 22:52 - 2022-10-14 22:52 - 000001701 _____ C:\Users\Public\Desktop\Recuva.lnk
2022-10-14 22:52 - 2022-10-14 22:52 - 000000000 ____D C:\ProgramData\Piriform
2022-10-14 22:04 - 2022-10-14 22:04 - 000007438 _____ C:\Users\doher\AppData\Local\Temp22.html
2022-10-14 21:51 - 2022-10-14 21:59 - 000001293 _____ C:\Users\doher\AppData\Local\Temp1.html
2022-10-14 21:50 - 2022-10-14 21:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SanityCheck
2022-10-14 21:50 - 2022-10-14 21:50 - 000000000 ____D C:\Program Files\SanityCheck
2022-10-14 21:50 - 2012-10-29 23:41 - 000031328 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspSanity64.sys
2022-10-14 20:50 - 2022-10-14 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2022-10-14 20:50 - 2022-10-14 20:50 - 000000000 ____D C:\Program Files\LatencyMon
2022-10-14 20:50 - 2021-03-09 15:07 - 000027744 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2022-10-14 20:03 - 2022-10-14 20:03 - 000000000 ____D C:\Users\doher\AppData\Local\DBG
2022-10-14 19:34 - 2022-10-14 19:34 - 000000839 _____ C:\Users\Public\Desktop\Speccy.lnk
2022-10-14 19:34 - 2022-10-14 19:34 - 000000000 ____D C:\Program Files\Speccy
2022-10-14 19:15 - 2022-10-14 19:15 - 000012638 _____ C:\junk.txt
2022-10-13 02:08 - 2022-10-13 02:09 - 030831256 _____ (Proton Technologies AG) C:\Users\doher\Downloads\ProtonVPN_win_v2.1.1.exe
2022-10-13 00:41 - 2022-10-13 00:41 - 000000000 _____ C:\Users\doher\whoami
2022-10-13 00:36 - 2022-10-13 00:38 - 000000000 _____ C:\WINDOWS\system32\whoami
2022-10-12 02:43 - 2022-10-12 02:43 - 000000000 ____D C:\Users\doher\AppData\Roaming\TSMonitor
2022-10-12 02:43 - 2022-10-12 02:43 - 000000000 ____D C:\Users\doher\AppData\Roaming\Apple Computer
2022-10-12 00:48 - 2022-10-12 00:48 - 000000016 _____ C:\ProgramData\mntemp
2022-10-12 00:37 - 2022-10-12 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-10-12 00:36 - 2022-10-12 20:13 - 000000000 ____D C:\Users\doher\AppData\Roaming\Wondershare
2022-10-11 18:56 - 2022-10-11 18:56 - 000000000 ____D C:\WINDOWS\Panther
2022-10-11 15:25 - 2022-10-11 16:51 - 000000000 ____D C:\Users\doher\AppData\Roaming\Wireshark
2022-10-11 13:31 - 2022-10-11 13:31 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-11 13:31 - 2022-10-11 13:31 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-11 13:18 - 2022-10-11 13:20 - 000000000 ___HD C:\$WinREAgent
2022-10-11 05:52 - 2022-10-11 05:52 - 000000000 ____D C:\Users\Public\Desktop\CC Support
2022-10-10 02:28 - 2022-10-10 02:28 - 000000000 ___HD C:\$Windows.~WS
2022-10-09 19:29 - 2022-10-09 19:29 - 001666080 _____ (O&O Software GmbH) C:\Users\doher\Downloads\OOSU10.exe
2022-10-09 19:16 - 2022-10-09 19:20 - 000000008 __RSH C:\ProgramData\ntuser.pol
2022-10-09 17:14 - 2022-10-09 17:18 - 000000000 ____D C:\Users\doher\OneDrive\Documents\Security
2022-10-09 13:31 - 2022-10-09 13:31 - 000000000 ____D C:\ProgramData\Package Cache
2022-10-09 09:28 - 2022-10-09 09:28 - 000000000 ____D C:\Users\doher\AppData\Local\OO Software
2022-10-09 08:45 - 2022-10-09 08:45 - 000000000 ____D C:\ProgramData\Sophos
2022-10-09 08:37 - 2022-10-12 02:18 - 000000000 ____D C:\Users\doher\AppData\Local\CrashDumps
2022-10-09 08:37 - 2022-10-09 09:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-10-09 08:26 - 2021-02-12 13:24 - 000205552 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX64.sys
2022-10-09 05:04 - 2022-10-09 05:04 - 000007452 _____ C:\WINDOWS\system32\networksettings.txt
2022-10-08 23:54 - 2022-10-08 23:54 - 000000112 ___SH C:\bootTel.dat
2022-10-08 03:32 - 2022-10-14 17:50 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-10-08 02:43 - 2022-10-08 02:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-10-07 11:38 - 2022-10-07 11:38 - 000003840 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2022-10-07 11:20 - 2022-10-07 13:49 - 000001384 _____ C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-10-07 11:20 - 2022-10-07 11:20 - 000000000 ____D C:\Users\doher\AppData\Local\ESET
2022-10-07 10:09 - 2022-10-14 20:43 - 000004150 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{E4EC256C-9C8A-4C52-84CF-751FCEF1DC04}
2022-10-07 10:08 - 2022-10-07 10:14 - 000000000 ____D C:\Users\doher\AppData\Local\ElevatedDiagnostics
2022-10-07 09:22 - 2022-10-07 09:22 - 000000000 ____D C:\WINDOWS\pss
2022-10-07 08:07 - 2022-10-07 08:07 - 000000017 _____ C:\Users\doher\AppData\Local\resmon.resmoncfg
2022-10-07 04:29 - 2019-12-07 05:12 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2022-10-07 04:28 - 2022-10-07 20:41 - 000000000 ____D C:\Program Files (x86)\AntiWebMiner
2022-10-07 03:24 - 2022-10-07 03:24 - 000080280 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2022-10-05 17:31 - 2022-10-14 23:22 - 000000000 ____D C:\FRST
2022-10-05 04:26 - 2022-10-14 21:55 - 000000000 ____D C:\Users\doher\AppData\Local\PlaceholderTileLogoFolder
2022-10-05 01:05 - 2022-10-08 03:35 - 000000000 ____D C:\Users\doher\AppData\Local\Opera Software
2022-10-05 01:03 - 2022-10-08 03:35 - 000000000 ____D C:\Users\doher\AppData\Roaming\Opera Software
2022-10-05 00:51 - 2022-10-08 03:33 - 000000000 ____D C:\Users\doher\AppData\Local\Google
2022-10-04 23:50 - 2022-10-04 23:50 - 000000000 ____D C:\Users\doher\AppData\Local\PeerDistRepub
2022-10-04 21:12 - 2022-10-04 21:12 - 000000000 ____D C:\Users\doher\AppData\Local\Apps\2.0
2022-10-04 20:54 - 2022-10-10 22:06 - 000000000 ____D C:\Users\doher\AppData\Local\Comms
2022-10-04 20:12 - 2022-10-04 20:12 - 000000000 ____D C:\Users\doher\AppData\Local\OneDrive
2022-10-04 19:21 - 2022-10-07 13:48 - 000000268 _____ C:\Users\doher\OneDrive\Documents\dism log mar 30 2022.txt
2022-10-04 19:21 - 2022-05-02 17:20 - 461187826 _____ C:\Users\doher\OneDrive\Documents\reg back up may 02 2022 518 pm.reg
2022-10-04 19:21 - 2022-04-26 21:22 - 000000000 _____ C:\Users\doher\OneDrive\Documents\Default.rdp
2022-10-04 19:20 - 2022-10-04 19:20 - 000000000 ____D C:\Users\doher\OneDrive\Documents\PCMark 7
2022-10-04 19:20 - 2022-10-04 19:20 - 000000000 ____D C:\Users\doher\OneDrive\Documents\PassMark
2022-10-04 18:47 - 2022-10-11 13:16 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-04 18:44 - 2022-10-04 18:44 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-10-04 18:23 - 2022-10-06 18:24 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1890784580-1000596592-3856219040-1001
2022-10-04 18:23 - 2022-10-06 18:24 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1890784580-1000596592-3856219040-1001
2022-10-04 18:23 - 2022-10-04 18:23 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-04 18:22 - 2022-10-11 18:49 - 000000000 ____D C:\Users\doher\AppData\Local\D3DSCache
2022-10-04 18:20 - 2022-10-14 21:25 - 000000000 ____D C:\Users\doher\AppData\Local\Packages
2022-10-04 18:20 - 2022-10-09 07:55 - 000000000 ____D C:\ProgramData\Packages
2022-10-04 18:20 - 2022-10-04 19:19 - 000000000 ____D C:\Users\doher\AppData\Local\ConnectedDevicesPlatform
2022-10-04 18:20 - 2022-10-04 18:20 - 000000020 ___SH C:\Users\doher\ntuser.ini
2022-10-04 18:20 - 2022-10-04 18:20 - 000000000 ____D C:\Users\doher\AppData\Roaming\Adobe
2022-10-04 18:20 - 2022-10-04 18:20 - 000000000 ____D C:\Users\doher\AppData\Local\VirtualStore
2022-10-04 18:20 - 2022-10-04 18:20 - 000000000 ____D C:\Users\doher\AppData\Local\Publishers
2022-10-04 17:32 - 2022-10-04 17:33 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-04 17:28 - 2022-10-04 17:28 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-10-04 17:28 - 2022-10-04 17:28 - 000000000 ____D C:\ProgramData\ssh
2022-10-04 17:20 - 2022-10-04 17:20 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-10-04 17:20 - 2022-10-04 17:20 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-10-04 17:20 - 2022-10-04 17:20 - 000479744 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000188928 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2022-10-04 17:20 - 2022-10-04 17:20 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-10-04 17:19 - 2022-10-04 17:19 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-10-04 17:19 - 2022-10-04 17:19 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-10-04 17:19 - 2022-10-04 17:19 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-10-04 17:19 - 2022-10-04 17:19 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-10-04 17:18 - 2022-10-04 17:18 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2022-10-04 17:18 - 2022-10-04 17:18 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-10-04 17:18 - 2022-10-04 17:18 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-10-04 17:18 - 2022-10-04 17:18 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2022-10-04 17:17 - 2022-10-04 17:17 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2022-10-04 17:17 - 2022-10-04 17:17 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2022-10-04 17:17 - 2022-10-04 17:17 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2022-10-04 17:16 - 2022-10-04 17:16 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-10-04 17:16 - 2022-10-04 17:16 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-10-04 17:16 - 2022-10-04 17:16 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-10-04 17:16 - 2022-10-04 17:16 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-10-04 17:16 - 2022-10-04 17:16 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2022-10-04 17:15 - 2022-10-04 17:15 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-10-04 17:15 - 2022-10-04 17:15 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2022-10-04 17:03 - 2022-10-04 17:03 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-04 17:03 - 2022-10-04 17:03 - 000000000 ____D C:\Program Files\MSBuild
2022-10-04 17:03 - 2022-10-04 17:03 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-04 17:03 - 2022-10-04 17:03 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-04 17:01 - 2022-10-04 17:01 - 000000000 ____D C:\Program Files\Synaptics
2022-10-04 16:59 - 2022-10-04 16:59 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-04 13:53 - 2022-10-14 22:45 - 000776042 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-04 13:48 - 2022-10-14 22:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-04 13:48 - 2022-10-14 21:54 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{5D5FA87D-8AD4-4FE3-8C9D-AAC9FBF2FC5C}
2022-10-04 13:48 - 2022-10-14 21:54 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{1CC0C225-8D66-4F90-BB26-44AF4225D386}
2022-10-04 13:48 - 2022-10-14 14:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-04 13:43 - 2022-10-14 23:16 - 000000000 ____D C:\Users\doher
2022-10-04 13:43 - 2022-10-06 18:24 - 000002385 _____ C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-04 13:40 - 2022-10-04 13:40 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2022-10-04 13:39 - 2022-10-04 13:39 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-10-04 13:39 - 2022-10-04 13:39 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2022-10-04 13:38 - 2022-10-14 17:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-04 13:38 - 2022-10-12 20:26 - 000266200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-04 12:41 - 2022-10-04 13:46 - 000000000 ___HD C:\$SysReset
2022-10-03 04:54 - 2022-10-03 04:55 - 000000000 ____D C:\Users\doher\AppData\LocalLow\IObit
2022-09-25 21:04 - 2022-10-04 19:20 - 000000000 ____D C:\Users\doher\OneDrive\Documents\New folder
2022-09-22 20:48 - 2022-09-22 20:48 - 000004600 _____ C:\Users\doher\OneDrive\Documents\Attossdbenchres.bmk
2022-09-22 20:23 - 2022-09-22 20:23 - 000000000 ____D C:\ATTO
2022-09-22 20:22 - 2022-09-22 20:22 - 003993048 _____ (ATTO Technology, Inc.) C:\Users\doher\Downloads\win_app_benchmark_4000f2.exe
2022-09-22 02:50 - 2022-09-22 02:50 - 000000000 ____D C:\Users\doher\.wdc
2022-09-22 02:32 - 2022-09-22 02:32 - 003637651 _____ C:\Users\doher\Downloads\c01868653.pdf
2022-09-21 00:02 - 2022-09-21 00:02 - 000001024 ____H C:\SYSTAG.BIN
2022-09-20 23:05 - 2022-09-22 23:31 - 000001024 ____H C:\AMTAG.BIN
2022-09-19 22:02 - 2022-09-26 03:09 - 000000000 ____D C:\Users\doher\OneDrive\Documents\AIDA64 Reports
2022-09-19 10:44 - 2022-09-19 21:53 - 000000000 ____D C:\Users\doher\Downloads\aida64business675_portable
2022-09-19 10:44 - 2022-09-19 10:44 - 049661152 _____ C:\Users\doher\Downloads\aida64business675_portable.zip
2022-09-19 03:15 - 2022-09-19 03:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2022-09-18 17:49 - 2022-10-03 08:37 - 000000000 ___HD C:\OneDriveTemp
2022-09-18 17:49 - 2022-09-18 17:49 - 000000000 ____D C:\Users\doher\OneDrive\Documents\Windows Imaging and Configuration Designer (WICD)
2022-09-18 17:49 - 2022-09-18 17:49 - 000000000 ____D C:\Users\doher\OneDrive\Documents\Windows Assessment Console
2022-09-18 17:49 - 2022-09-18 17:49 - 000000000 ____D C:\Users\doher\OneDrive\Documents\Sigcheck
2022-09-18 17:49 - 2022-09-13 23:49 - 000000000 _____ C:\Users\doher\OneDrive\Documents\disk results.txt
2022-09-18 17:49 - 2022-03-21 11:23 - 000000552 _____ C:\Users\doher\OneDrive\Documents\cc_20220321_112309.reg
2022-09-18 17:49 - 2022-03-21 11:21 - 000039364 _____ C:\Users\doher\OneDrive\Documents\cc_20220321_112000.reg
2022-09-18 17:48 - 2022-10-09 08:37 - 000000000 ___RD C:\Users\doher\OneDrive
2022-09-18 17:44 - 2022-10-04 18:21 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-09-18 17:44 - 2022-10-04 18:20 - 000000000 ___RD C:\Users\doher\3D Objects
2022-09-18 07:41 - 2022-09-18 07:41 - 000000000 _SHDL C:\Documents and Settings
2022-09-18 07:40 - 2022-09-18 07:40 - 000000000 ____D C:\WINDOWS\CSC
2022-09-18 07:31 - 2022-10-14 17:50 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-18 07:26 - 2022-10-14 22:41 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-16 17:10 - 2016-03-31 02:24 - 000772104 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000622784 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2022-09-16 17:10 - 2016-03-31 02:24 - 000430256 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000274968 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000267440 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo31-1.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000052904 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2022-09-16 17:10 - 2016-03-31 02:24 - 000052400 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2022-10-14 22:45 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-10-14 22:41 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-14 22:40 - 2019-12-07 05:03 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2022-10-14 21:46 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-14 21:24 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-13 03:00 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-10-13 02:31 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-12 20:26 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-10-11 18:47 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-10-11 18:47 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-10-11 18:47 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-10-11 18:47 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-10-11 18:47 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-10-11 18:47 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-10-11 18:47 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2022-10-11 13:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-11 13:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-11 13:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-11 13:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-11 13:51 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-09 19:13 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-10-09 17:10 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Registration
2022-10-07 20:52 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-10-07 20:52 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-10-07 09:30 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-10-07 08:07 - 2019-12-07 05:14 - 000000000 ____D C:\PerfLogs
2022-10-05 04:38 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-10-05 00:36 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-04 18:43 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2022-10-04 17:35 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-04 17:35 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-04 17:28 - 2019-12-07 05:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2022-10-04 17:28 - 2019-12-07 05:51 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-04 17:28 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2022-10-04 17:26 - 2019-12-07 05:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2022-10-04 17:26 - 2019-12-07 05:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2022-10-04 17:26 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-04 17:26 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-04 17:03 - 2019-12-07 05:52 - 000000000 ____D C:\WINDOWS\OCR
2022-10-04 13:56 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-04 13:55 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-10-04 13:48 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
 
==================== Files in the root of some directories ========
 
2022-10-07 08:07 - 2022-10-07 08:07 - 000000017 _____ () C:\Users\doher\AppData\Local\resmon.resmoncfg
2022-10-14 21:51 - 2022-10-14 21:59 - 000001293 _____ () C:\Users\doher\AppData\Local\Temp1.html
2022-10-14 22:04 - 2022-10-14 22:04 - 000007438 _____ () C:\Users\doher\AppData\Local\Temp22.html
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

  • 0

#22
ForrestGump
Posted 14 October 2022 - 09:40 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2022
Ran by doher (14-10-2022 23:26:48)
Running from C:\Users\doher\OneDrive\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.2130 (X64) (2022-10-04 17:55:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1890784580-1000596592-3856219040-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1890784580-1000596592-3856219040-503 - Limited - Disabled)
doher (S-1-5-21-1890784580-1000596592-3856219040-1001 - Administrator - Enabled) => C:\Users\doher
Guest (S-1-5-21-1890784580-1000596592-3856219040-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1890784580-1000596592-3856219040-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
LatencyMon 7.20 (HKLM\...\LatencyMon_is1) (Version: 7.20 - Resplendence Software Projects Sp.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 106.0.1370.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.42 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\OneDriveSetup.exe) (Version: 22.196.0918.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SanityCheck 3.52 (HKLM\...\SanityCheck_is1) (Version: 3.52 - Resplendence Software Projects Sp.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
 
Packages:
=========
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-10-14] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-06-15] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2022-06-15] (Piriform Software Ltd -> Piriform Software Ltd)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2022-10-07 19:47 - 2022-10-09 14:38 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\doher\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: SynTPEnhService => 2
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [Microsoft-Windows-Unified-Telemetry-Client] => (Block) C:\WINDOWS\system32\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
FirewallRules: [TCP Query User{57B47C20-9029-4761-AD7A-A6C2E6D10F33}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{3E8784C4-6284-43DE-B1A2-63A0F2F38DD8}C:\program files (x86)\microsoft\edge\application\msedge.exe] => (Block) C:\program files (x86)\microsoft\edge\application\msedge.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BC4ECF8C-745F-42D4-8A1D-AAB5B0B99C7D}] => (Allow) C:\Users\doher\Downloads\ios-system-repair.exe => No File
FirewallRules: [{6A070120-A38C-4E1E-A56F-D81717C1E114}] => (Allow) C:\Users\doher\Downloads\ios-system-repair.exe => No File
FirewallRules: [{CC10AA43-FD25-4E58-AD1C-E3859C98B10F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.42\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 
==================== Restore Points =========================
 
07-10-2022 20:48:35 Removed Windows PC Health Check
08-10-2022 23:33:36 Restore Point Created by FRST
09-10-2022 08:25:39 TRON v12.0.3: Pre-run checkpoint
11-10-2022 07:18:17 Removed Windows PC Health Check
11-10-2022 13:20:54 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
 
System errors:
=============
Error: (10/14/2022 10:43:41 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Microsoft App-V Client service terminated with the following service-specific error: 
There is no MTS object context
 
Error: (10/14/2022 10:41:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Media Player Network Sharing Service service terminated with the following error: 
An attempt was made to reference a token that does not exist.
 
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard F.15 05/17/2010
Motherboard: Hewlett-Packard 363F
Processor: AMD Athlon™ II Dual-Core M300
Percentage of memory in use: 39%
Total physical RAM: 7932.2 MB
Available physical RAM: 4809.62 MB
Total Virtual: 9212.2 MB
Available Virtual: 6062.97 MB
 
==================== Drives ================================
 
Drive c: (C ) (Fixed) (Total:444.36 GB) (Free:386.05 GB) (Model: WD Blue SA510 2.5 500GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (ESD-USB (D:)) (Removable) (Total:28.65 GB) (Free:17.08 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:21.1 GB) (Free:9.64 GB) (Model: WD Blue SA510 2.5 500GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: WD Blue SA510 2.5 500GB) FAT32
 
\\?\Volume{7dda13fc-0000-0000-0000-100000000000}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7DDA13FC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=108 MB) - (Type=0C)
 
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 28.7 GB) (Disk ID: 9A17DA42)
Partition 1: (Not Active) - (Size=28.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0

#23
RKinner
Posted 15 October 2022 - 09:30 AM

RKinner

    Malware Expert

  • Expert
  • 24,731 posts
  • MVP

Not seeing any sign of an infection.  You have a very old PC which was designed for Win 7 and apparently uses SATA II instead of SATA III so the SSD you have is only running at half its normal speed.  

 

I'm thinking when you ran Process Explorer that you did not start it by right click and Run As Admin since it is being blocked from many windows processes .  But it is not showing that Edge uses too much CPU.  Assuming you have all Extensions disabled it may be that one of your extensions is the cause of your problem.  When you have Sync enabled Edge will check with other PCs that use the same Microsoft login and automatically add the same extensions that they are using.  Is Edge working better without the extensions?

 

The difference in Latency Monitor reports is probably due to Windows downloading an upgrade (or uploading some of its spyware info to Microsoft).  It's possible that a new BIOS and/or a new network driver might speed things up a bit.  Your BIOS is F15.  There may be a newer BIOS available on the HP website but it needs your serial number so it won't talk to me.  I found F23 with a Google search but it is for Intel and you have AMD so I'm not sure.  Even if you find it it may not install on Win 10 since HP thinks you have Win 7.  (Won't hurt anything to try.  Worst that will happen is that it says you have the wrong version and exits.)

 

As for your network driver you have: Realtek PCIe FE Family Controller

 

Don't know what version you have but Realtek has had a real problem getting their drivers to work correctly with Win 10 so you really do want the newest one.

 

You can get a new driver from:

 

https://www.realtek....xpress-software

 

The new version is:

Win10 Auto Installation Program (NDIS)

10.60 2022/08/24

You have to go thru the Captcha process.  Sometimes they give you two number to add and they want the sum.  Other times they just want you to repeat what they show you.  Once you download it go to the download folder and right click on the file and Run as Admin.

 

You can uninstall Speccy now.  We don't need it any more.

 

We can remove a lot of Microsoft's spyware which often slows down older PCs:

 

Search for
 
task scheduler
 
When it finds it, right click and Run As Administrator
 
Click on the arrow in front of Task Scheduler Library then
 
Click on the arrow in front of Microsoft
 
Click on the arrow in front of Windows
 
Click on Application Experience.  In the next pane to the right, right click on each Task and Delete.  Should be three or four (later versions) tasks.
 
Click on Customer Experience Improvement Program.  In the next pane to the right, right click on each Task and Delete.  Should be two tasks.
 
Close Task Scheduler.
 
Search for
services.msc
hit Enter
 
Find SysMain
Right click on it and select Properties.  Change the Startup Type from Automatic to Disabled.  OK
 
 
 
Download OOSU10.exe:
 
 
Download and Save it (You will get a popup while it's downloading.  You can X out of it)
then go to the Download folder and Right click on the downloaded file and Run As Admin.
Allow it to make a System Restore Point.
Click on Actions then on Apply Recommended Settings.
 

Reboot when done.

 

I'm not seeing any sign of an infection but let's run MBAR to check for rootkits.

 

Direct download is:

https://downloads.ma...s.com/file/mbar

 

Save the file, go to the download folder and right click and Run As Admin.  Then follow the instructions.

 

Let's compare your PC to others of the same model:

 

Let's get a benchmark:

 

 

https://www.userbenchmark.com

 

 

Click on Free Download.  Save the file then right click and Run As Admin.  Close all programs and pause your antivirus before starting.

 

 

When it finishes it will open a browser.  Copy the URL and paste it into a Reply.

 

Don't know what version you have but Realtek has had a real problem getting their drivers to work correctly with Win 10 so you really do want the newest one.


  • 0

#24
ForrestGump
Posted 15 October 2022 - 10:27 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Hello,

 

Had to RESET PC as it froze up, I have downloaded the new REALTEK family controller, Deleted all the Task Scheduler tasks, Stopped & Disabled Sys Main, Ran MBAR with no detections, Changed my Admin acct to standard.

 

I have rerun all the previosly advised scans as a FYI 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2022

Ran by Rockets (administrator) on HAL900 (Hewlett-Packard HP G61 Notebook PC) (15-10-2022 21:26:05)
Running from C:\Users\Rockets\Desktop
Loaded Profiles: doher & Rockets
Platform: Microsoft Windows 10 Pro Version 21H2 19044.2130 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe <2>
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <27>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe <2>
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe <2>
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-03-31] (Synaptics Incorporated -> Synaptics Incorporated)
HKU\S-1-5-21-1890784580-1000596592-3856219040-1002\...\Run: [MicrosoftEdgeAutoLaunch_BB504241F5FCEF66E4DB313E9A525FF8] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3852200 2022-10-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1890784580-1000596592-3856219040-1002\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rockets\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1890784580-1000596592-3856219040-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Rockets\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1890784580-1000596592-3856219040-1002\...\RunOnce: [Uninstall 19.043.0304.0013\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rockets\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64" (No File)
HKU\S-1-5-21-1890784580-1000596592-3856219040-1002\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rockets\AppData\Local\Microsoft\OneDrive\19.043.0304.0013" (No File)
HKLM\Software\...\Authentication\Credential Providers: [{f64945df-4fa9-4068-a2fb-61af319edd33}] -> C:\WINDOWS\system32\rdpcredentialprovider.dll [2022-10-15] (Microsoft Windows -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1CE37D36-DA41-47D4-BD27-68D60E20CBC1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8F3C57C3-97DD-42D4-9A1C-9D79EB04C0D2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8FD85271-6AEF-4A40-8FA6-B5407B2892D0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C19FAA37-86F1-47D0-BD8D-A2598B4315D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{e77e5341-dabe-4bfc-be4d-04e0b11879c9}: [DhcpNameServer] 192.168.2.1

Edge:
=======
Edge Profile: C:\Users\Rockets\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-15]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224192 2022-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 uhssvc; "C:\Program Files\Microsoft Update Health Tools\uhssvc.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKIS; C:\WINDOWS\System32\drivers\AppleKIS.sys [66976 2022-09-14] (Apple Inc. -> Apple Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleRSM; C:\WINDOWS\System32\drivers\AppleRSM.sys [77720 2022-09-13] (Apple Inc. -> Apple Inc.)
S3 MirayRAMDrive; C:\WINDOWS\System32\drivers\mrdo.sys [65488 2022-02-10] (Miray Software AG -> Miray)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2022-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-10-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [455968 2022-10-15] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-15] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-10-15 21:26 - 2022-10-15 21:27 - 000008094 _____ C:\Users\Rockets\Desktop\FRST.txt
2022-10-15 21:25 - 2022-10-15 21:25 - 000000000 ____D C:\Users\Rockets\AppData\Local\Comms
2022-10-15 21:22 - 2022-10-15 21:22 - 002373120 _____ (Farbar) C:\Users\Rockets\Desktop\FRST64.exe
2022-10-15 21:11 - 2022-10-15 21:11 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1890784580-1000596592-3856219040-1002
2022-10-15 21:11 - 2022-10-15 21:11 - 000000000 ____D C:\Users\Rockets\AppData\Local\PlaceholderTileLogoFolder
2022-10-15 21:10 - 2022-10-15 21:11 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1890784580-1000596592-3856219040-1002
2022-10-15 21:10 - 2022-10-15 21:10 - 000000000 ___RD C:\Users\Rockets\OneDrive
2022-10-15 21:10 - 2022-10-15 21:10 - 000000000 ____D C:\Users\Rockets\AppData\Local\D3DSCache
2022-10-15 21:02 - 2022-10-15 21:20 - 000000000 ____D C:\Users\Rockets\AppData\Local\Packages
2022-10-15 21:02 - 2022-10-15 21:02 - 000000000 ___RD C:\Users\Rockets\3D Objects
2022-10-15 21:02 - 2022-10-15 21:02 - 000000000 ____D C:\Users\Rockets\AppData\Roaming\Adobe
2022-10-15 21:02 - 2022-10-15 21:02 - 000000000 ____D C:\Users\Rockets\AppData\Local\VirtualStore
2022-10-15 21:02 - 2022-10-15 21:02 - 000000000 ____D C:\Users\Rockets\AppData\Local\Publishers
2022-10-15 21:02 - 2022-10-15 21:02 - 000000000 ____D C:\Users\Rockets\AppData\Local\ConnectedDevicesPlatform
2022-10-15 20:23 - 2022-10-15 20:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2022-10-15 20:23 - 2022-10-15 20:23 - 000000000 ____D C:\Program Files (x86)\Realtek
2022-10-15 20:23 - 2022-08-18 10:47 - 001188672 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2022-10-15 20:22 - 2022-10-15 20:22 - 000000000 ____D C:\Users\doher\Downloads\Install_Win10_10060_08222022
2022-10-15 20:21 - 2022-10-15 20:21 - 004975146 _____ C:\Users\doher\Downloads\Install_Win10_10060_08222022.zip
2022-10-15 20:00 - 2022-10-15 20:00 - 000000000 ____D C:\Users\Rockets\AppData\Local\PeerDistRepub
2022-10-15 19:12 - 2022-10-15 21:11 - 000002375 _____ C:\Users\Rockets\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-15 19:12 - 2022-10-15 21:10 - 000000000 ____D C:\Users\Rockets
2022-10-15 19:12 - 2022-10-15 19:12 - 000000020 ___SH C:\Users\Rockets\ntuser.ini
2022-10-15 16:49 - 2022-10-15 16:49 - 000000000 ____D C:\Users\doher\AppData\Local\Comms
2022-10-15 16:40 - 2022-10-15 16:42 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-15 16:38 - 2022-10-15 18:54 - 000000000 ____D C:\Users\doher\AppData\Local\PlaceholderTileLogoFolder
2022-10-15 16:37 - 2022-10-15 19:01 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-10-15 16:34 - 2022-10-15 16:34 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1890784580-1000596592-3856219040-1001
2022-10-15 16:34 - 2022-10-15 16:34 - 000003362 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1890784580-1000596592-3856219040-1001
2022-10-15 16:33 - 2022-10-15 16:33 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-15 16:32 - 2022-10-15 20:02 - 000000000 ____D C:\Users\doher\AppData\Local\D3DSCache
2022-10-15 16:31 - 2022-10-15 19:05 - 000000000 ____D C:\Users\doher\AppData\Local\Packages
2022-10-15 16:31 - 2022-10-15 17:25 - 000000000 ____D C:\ProgramData\Packages
2022-10-15 16:31 - 2022-10-15 16:31 - 000000000 ____D C:\Users\doher\AppData\Roaming\Adobe
2022-10-15 16:31 - 2022-10-15 16:31 - 000000000 ____D C:\Users\doher\AppData\Local\VirtualStore
2022-10-15 16:31 - 2022-10-15 16:31 - 000000000 ____D C:\Users\doher\AppData\Local\Publishers
2022-10-15 16:30 - 2022-10-15 18:53 - 000000000 ____D C:\Users\doher\AppData\Local\ConnectedDevicesPlatform
2022-10-15 16:30 - 2022-10-15 16:30 - 000000020 ___SH C:\Users\doher\ntuser.ini
2022-10-15 08:08 - 2022-10-15 04:27 - 000000000 ____D C:\WINDOWS\Panther
2022-10-15 08:06 - 2022-10-15 04:27 - 000000000 ____D C:\Windows.old
2022-10-15 08:04 - 2022-10-15 08:05 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-15 08:01 - 2022-10-15 08:01 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-10-15 08:01 - 2022-10-15 08:01 - 000000000 ____D C:\ProgramData\ssh
2022-10-15 07:53 - 2022-10-15 07:53 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll
2022-10-15 07:53 - 2022-10-15 07:53 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2022-10-15 07:53 - 2022-10-15 07:53 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2022-10-15 07:53 - 2022-10-15 07:53 - 000479744 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2022-10-15 07:53 - 2022-10-15 07:53 - 000188928 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2022-10-15 07:53 - 2022-10-15 07:53 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2022-10-15 07:53 - 2022-10-15 07:53 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2022-10-15 07:53 - 2022-10-15 07:53 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2022-10-15 07:53 - 2022-10-15 07:53 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2022-10-15 07:53 - 2022-10-15 07:53 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2022-10-15 07:52 - 2022-10-15 07:52 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2022-10-15 07:52 - 2022-10-15 07:52 - 000693248 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-10-15 07:52 - 2022-10-15 07:52 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-10-15 07:52 - 2022-10-15 07:52 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-10-15 07:52 - 2022-10-15 07:52 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll
2022-10-15 07:52 - 2022-10-15 07:52 - 000152064 _____ C:\WINDOWS\system32\EsclProtocol.dll
2022-10-15 07:52 - 2022-10-15 07:52 - 000104448 _____ C:\WINDOWS\system32\nettraceex.dll
2022-10-15 07:52 - 2022-10-15 07:52 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2022-10-15 07:52 - 2022-10-15 07:52 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2022-10-15 07:52 - 2022-10-15 07:52 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2022-10-15 07:52 - 2022-10-15 07:52 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2022-10-15 07:52 - 2022-10-15 07:52 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mode.com
2022-10-15 07:52 - 2022-10-15 07:52 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2022-10-15 07:52 - 2022-10-15 07:52 - 000018944 _____ C:\WINDOWS\SysWOW64\WsdProviderUtil.dll
2022-10-15 07:52 - 2022-10-15 07:52 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tree.com
2022-10-15 07:52 - 2022-10-15 07:52 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2022-10-15 07:52 - 2022-10-15 07:52 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chcp.com
2022-10-15 07:51 - 2022-10-15 07:51 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2022-10-15 07:51 - 2022-10-15 07:51 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 000270848 _____ C:\WINDOWS\system32\EsclScan.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2022-10-15 07:51 - 2022-10-15 07:51 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-10-15 07:51 - 2022-10-15 07:51 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-15 07:51 - 2022-10-15 07:51 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2022-10-15 07:50 - 2022-10-15 07:50 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2022-10-15 07:50 - 2022-10-15 07:50 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2022-10-15 07:50 - 2022-10-15 07:50 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2022-10-15 07:50 - 2022-10-15 07:50 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2022-10-15 07:50 - 2022-10-15 07:50 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2022-10-15 07:50 - 2022-10-15 07:50 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2022-10-15 07:50 - 2022-10-15 07:50 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2022-10-15 07:50 - 2022-10-15 07:50 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2022-10-15 07:50 - 2022-10-15 07:50 - 000061952 _____ C:\WINDOWS\system32\printticketvalidation.dll
2022-10-15 07:50 - 2022-10-15 07:50 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-15 07:50 - 2022-10-15 07:50 - 000057344 _____ C:\WINDOWS\system32\APMonUI.dll
2022-10-15 07:50 - 2022-10-15 07:50 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2022-10-15 07:50 - 2022-10-15 07:50 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-10-15 07:49 - 2022-10-15 07:49 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2022-10-15 07:49 - 2022-10-15 07:49 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-10-15 07:49 - 2022-10-15 07:49 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-10-15 07:49 - 2022-10-15 07:49 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2022-10-15 07:49 - 2022-10-15 07:49 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2022-10-15 07:49 - 2022-10-15 07:49 - 000640512 _____ C:\WINDOWS\system32\SettingSyncDownloadHelper.dll
2022-10-15 07:49 - 2022-10-15 07:49 - 000413696 _____ C:\WINDOWS\system32\AzureCheck.dll
2022-10-15 07:49 - 2022-10-15 07:49 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2022-10-15 07:49 - 2022-10-15 07:49 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe
2022-10-15 07:49 - 2022-10-15 07:49 - 000232288 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2022-10-15 07:49 - 2022-10-15 07:49 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2022-10-15 07:49 - 2022-10-15 07:49 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2022-10-15 07:49 - 2022-10-15 07:49 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2022-10-15 07:49 - 2022-10-15 07:49 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2022-10-15 07:49 - 2022-10-15 07:49 - 000024576 _____ C:\WINDOWS\system32\WsdProviderUtil.dll
2022-10-15 07:49 - 2022-10-15 07:49 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2022-10-15 07:48 - 2022-10-15 07:48 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2022-10-15 07:48 - 2022-10-15 07:48 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2022-10-15 07:48 - 2022-10-15 07:48 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-15 07:48 - 2022-10-15 07:48 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2022-10-15 07:48 - 2022-10-15 07:48 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2022-10-15 07:48 - 2022-10-15 07:48 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2022-10-15 07:48 - 2022-10-15 07:48 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2022-10-15 07:48 - 2022-10-15 07:48 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2022-10-15 07:48 - 2022-10-15 07:48 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2022-10-15 07:48 - 2022-10-15 07:48 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2022-10-15 07:33 - 2022-10-15 07:33 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-15 07:33 - 2022-10-15 07:33 - 000000000 ____D C:\Program Files\MSBuild
2022-10-15 07:33 - 2022-10-15 07:33 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-15 07:33 - 2022-10-15 07:33 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-15 07:29 - 2022-10-15 07:29 - 000000000 ____D C:\Program Files\Synaptics
2022-10-15 07:27 - 2022-10-15 07:27 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-15 04:25 - 2022-10-15 21:05 - 000840598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-15 04:20 - 2022-10-15 21:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-15 04:20 - 2022-10-15 16:39 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-15 04:20 - 2022-10-15 04:20 - 000003612 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{A05DE810-272B-4EDD-A2E6-AD0A7D7AE9C4}
2022-10-15 04:20 - 2022-10-15 04:20 - 000003488 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{678C2896-E540-450C-9B4E-39C60D36D845}
2022-10-15 04:15 - 2022-10-15 16:34 - 000002369 _____ C:\Users\doher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-15 04:15 - 2022-10-15 16:31 - 000000000 ____D C:\Users\doher
2022-10-15 04:12 - 2022-10-15 04:12 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2022-10-15 04:12 - 2022-10-15 04:12 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2022-10-15 04:11 - 2022-10-15 04:11 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2022-10-15 04:10 - 2022-10-15 19:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-15 04:10 - 2022-10-15 04:10 - 000257824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-15 03:08 - 2022-10-15 04:18 - 000000000 ___HD C:\$SysReset
2022-10-15 00:09 - 2022-10-15 08:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiMon
2022-10-14 23:44 - 2022-10-15 08:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhySoSlow
2022-10-14 22:52 - 2022-10-14 22:52 - 000001701 _____ C:\Users\Public\Desktop\Recuva.lnk
2022-10-14 21:50 - 2022-10-15 08:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SanityCheck
2022-10-14 20:50 - 2022-10-15 08:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2022-10-14 19:34 - 2022-10-14 19:34 - 000000839 _____ C:\Users\Public\Desktop\Speccy.lnk
2022-10-14 19:15 - 2022-10-14 19:15 - 000012638 _____ C:\junk.txt
2022-10-13 02:08 - 2022-10-13 02:09 - 030831256 _____ (Proton Technologies AG) C:\Users\doher\Downloads\ProtonVPN_win_v2.1.1.exe
2022-10-13 00:41 - 2022-10-13 00:41 - 000000000 _____ C:\Users\doher\whoami
2022-10-12 02:43 - 2022-09-23 04:48 - 006126344 _____ (Apple, Inc.) C:\WINDOWS\system32\usbaaplrc.dll
2022-10-12 02:43 - 2022-09-23 04:48 - 000054784 _____ (Apple, Inc.) C:\WINDOWS\system32\Drivers\usbaapl64.sys
2022-10-12 02:43 - 2022-09-14 00:33 - 000066976 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleKIS.sys
2022-10-12 02:43 - 2022-09-14 00:33 - 000036744 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleKISInterface.dll
2022-10-12 02:43 - 2022-09-13 06:30 - 000077720 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleRSM.sys
2022-10-12 02:43 - 2022-09-13 06:30 - 000036768 _____ (Apple Inc.) C:\WINDOWS\system32\Drivers\AppleRSMInterface.dll
2022-10-12 00:37 - 2022-10-12 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2022-10-12 00:36 - 2022-09-23 14:59 - 000110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2022-10-12 00:35 - 2022-10-12 00:37 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2022-10-11 13:18 - 2022-10-11 13:20 - 000000000 ___HD C:\$WinREAgent
2022-10-11 05:52 - 2022-10-11 05:52 - 000000000 ____D C:\Users\Public\Desktop\CC Support
2022-10-10 02:28 - 2022-10-10 02:28 - 000000000 ___HD C:\$Windows.~WS
2022-10-09 19:29 - 2022-10-09 19:29 - 001666080 _____ (O&O Software GmbH) C:\Users\doher\Downloads\OOSU10.exe
2022-10-08 23:54 - 2022-10-08 23:54 - 000000112 ___SH C:\bootTel.dat
2022-10-08 03:32 - 2022-10-15 04:21 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-10-05 17:31 - 2022-10-15 21:26 - 000000000 ____D C:\FRST
2022-10-03 04:54 - 2022-10-03 04:55 - 000000000 ____D C:\Users\doher\AppData\LocalLow\IObit
2022-09-22 20:23 - 2022-09-22 20:23 - 000000000 ____D C:\ATTO
2022-09-22 20:22 - 2022-09-22 20:22 - 003993048 _____ (ATTO Technology, Inc.) C:\Users\doher\Downloads\win_app_benchmark_4000f2.exe
2022-09-22 02:50 - 2022-09-22 02:50 - 000000000 ____D C:\Users\doher\.wdc
2022-09-22 02:32 - 2022-09-22 02:32 - 003637651 _____ C:\Users\doher\Downloads\c01868653.pdf
2022-09-21 00:02 - 2022-09-21 00:02 - 000001024 ____H C:\SYSTAG.BIN
2022-09-20 23:05 - 2022-09-22 23:31 - 000001024 ____H C:\AMTAG.BIN
2022-09-19 10:44 - 2022-09-19 21:53 - 000000000 ____D C:\Users\doher\Downloads\aida64business675_portable
2022-09-19 10:44 - 2022-09-19 10:44 - 049661152 _____ C:\Users\doher\Downloads\aida64business675_portable.zip
2022-09-19 03:15 - 2022-09-19 03:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2022-09-18 17:49 - 2022-10-03 08:37 - 000000000 ___HD C:\OneDriveTemp
2022-09-18 17:48 - 2022-10-15 16:34 - 000000000 ___RD C:\Users\doher\OneDrive
2022-09-18 17:44 - 2022-10-15 21:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-09-18 17:44 - 2022-10-15 16:31 - 000000000 ___RD C:\Users\doher\3D Objects
2022-09-18 07:41 - 2022-09-18 07:41 - 000000000 _SHDL C:\Documents and Settings
2022-09-18 07:40 - 2022-09-18 07:40 - 000000000 ____D C:\WINDOWS\CSC
2022-09-18 07:31 - 2022-10-15 04:21 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-09-18 07:26 - 2022-10-15 21:00 - 000008192 ___SH C:\DumpStack.log.tmp
2022-09-16 17:10 - 2016-03-31 02:24 - 000772104 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000622784 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2022-09-16 17:10 - 2016-03-31 02:24 - 000430256 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000274968 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000267440 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo31-1.dll
2022-09-16 17:10 - 2016-03-31 02:24 - 000052904 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2022-09-16 17:10 - 2016-03-31 02:24 - 000052400 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-10-15 21:25 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-10-15 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-15 21:18 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-15 21:14 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-15 21:02 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-15 20:59 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-10-15 19:02 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-15 16:50 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-10-15 16:45 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-15 16:38 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-10-15 08:07 - 2019-12-07 05:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-15 08:07 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-15 08:01 - 2019-12-07 05:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2022-10-15 08:01 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-10-15 08:01 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-10-15 08:01 - 2019-12-07 05:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-10-15 08:01 - 2019-12-07 05:51 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\setup
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Com
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\IME
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-10-15 08:01 - 2019-12-07 05:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-10-15 08:01 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2022-10-15 07:59 - 2019-12-07 05:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2022-10-15 07:59 - 2019-12-07 05:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2022-10-15 07:59 - 2019-12-07 05:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-15 07:59 - 2019-12-07 05:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-15 07:35 - 2019-12-07 05:52 - 000000000 ____D C:\WINDOWS\OCR
2022-10-15 07:32 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-10-15 07:32 - 2019-12-07 05:50 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-10-15 04:28 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-15 04:27 - 2019-12-07 05:51 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-10-15 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-10-15 04:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-15 04:20 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-10-15 04:11 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\appcompat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)



==================== End of FRST.txt ========================.


  • 0

#25
ForrestGump
Posted 15 October 2022 - 10:30 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2022
Ran by Rockets (15-10-2022 21:39:45)
Running from C:\Users\Rockets\Desktop
Microsoft Windows 10 Pro Version 21H2 19044.2130 (X64) (2022-10-15 08:27:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1890784580-1000596592-3856219040-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1890784580-1000596592-3856219040-503 - Limited - Disabled)
doher (S-1-5-21-1890784580-1000596592-3856219040-1001 - Limited - Enabled) => C:\Users\doher
Guest (S-1-5-21-1890784580-1000596592-3856219040-501 - Limited - Disabled)
Rockets (S-1-5-21-1890784580-1000596592-3856219040-1002 - Administrator - Enabled) => C:\Users\Rockets
WDAGUtilityAccount (S-1-5-21-1890784580-1000596592-3856219040-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 106.0.1370.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.47 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1890784580-1000596592-3856219040-1002\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.60.615.2022 - Realtek)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)

Packages:
=========
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-10-15] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 05:14 - 2019-12-07 05:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1890784580-1000596592-3856219040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\doher\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1890784580-1000596592-3856219040-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{225F579C-6AAD-403A-84D4-CFC42938F43F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

15-10-2022 16:42:45 Windows Modules Installer
15-10-2022 19:18:06 Newresetsettingsmodified

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/15/2022 06:52:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (10/15/2022 06:52:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (10/15/2022 06:52:49 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (10/15/2022 06:52:49 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (10/15/2022 04:20:36 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.

Error: (10/15/2022 04:11:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1409.


System errors:
=============
Error: (10/15/2022 12:55:44 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (10/15/2022 04:47:22 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (10/15/2022 04:15:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.

Error: (10/15/2022 04:15:45 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (10/15/2022 04:13:45 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (10/15/2022 04:13:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.

Error: (10/15/2022 04:13:45 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (10/15/2022 04:11:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network List Service service terminated with the following error:
The device is not ready.


==================== Memory info ===========================

BIOS: Hewlett-Packard F.15 05/17/2010
Motherboard: Hewlett-Packard 363F
Processor: AMD Athlon™ II Dual-Core M300
Percentage of memory in use: 60%
Total physical RAM: 7932.2 MB
Available physical RAM: 3163.38 MB
Total Virtual: 9852.2 MB
Available Virtual: 5094.81 MB

==================== Drives ================================

Drive c: (C ) (Fixed) (Total:444.36 GB) (Free:379.61 GB) (Model: WD Blue SA510 2.5 500GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (ESD-USB (D:)) (Removable) (Total:28.65 GB) (Free:17.08 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:21.1 GB) (Free:9.64 GB) (Model: WD Blue SA510 2.5 500GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: WD Blue SA510 2.5 500GB) FAT32

\\?\Volume{7dda13fc-0000-0000-0000-100000000000}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7DDA13FC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=108 MB) - (Type=0C)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 28.7 GB) (Disk ID: 9A17DA42)
Partition 1: (Not Active) - (Size=28.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


  • 0

Advertisements

#26
ForrestGump
Posted 15 October 2022 - 10:33 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
  • ._________________________________________________________________________________________________________
    CONCLUSION
    _________________________________________________________________________________________________________
    Your system appears to be suitable for handling real-time audio and other tasks without dropouts.
    LatencyMon has been analyzing your system for  0:00:41  (h:mm:ss) on all processors.


    _________________________________________________________________________________________________________
    SYSTEM INFORMATION
    _________________________________________________________________________________________________________
    Computer name:                                        HAL900
    OS version:                                           Windows 10, 10.0, version 2009, build: 19044 (x64)
    Hardware:                                             HP G61 Notebook PC, Hewlett-Packard
    BIOS:                                                 Default System BIOS
    CPU:                                                  AuthenticAMD AMD Athlon™ II Dual-Core M300
    Logical processors:                                   2
    Processor groups:                                     1
    Processor group size:                                 2
    RAM:                                                  7932 MB total


    _________________________________________________________________________________________________________
    CPU SPEED
    _________________________________________________________________________________________________________
    Reported CPU speed (WMI):                             20 MHz
    Reported CPU speed (registry):                        1995 MHz

    Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.


    _________________________________________________________________________________________________________
    MEASURED INTERRUPT TO USER PROCESS LATENCIES
    _________________________________________________________________________________________________________
    The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.

    Highest measured interrupt to process latency (µs):   75.80
    Average measured interrupt to process latency (µs):   11.740399

    Highest measured interrupt to DPC latency (µs):       59.0
    Average measured interrupt to DPC latency (µs):       4.174912


    _________________________________________________________________________________________________________
     REPORTED ISRs
    _________________________________________________________________________________________________________
    Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.

    Highest ISR routine execution time (µs):              57.854637
    Driver with highest ISR routine execution time:       ndis.sys - Network Driver Interface Specification (NDIS), Microsoft Corporation

    Highest reported total ISR routine time (%):          0.060738
    Driver with highest ISR total time:                   i8042prt.sys - i8042 Port Driver, Microsoft Corporation

    Total time spent in ISRs (%)                          0.084662

    ISR count (execution time <250 µs):                   4587
    ISR count (execution time 250-500 µs):                0
    ISR count (execution time 500-1000 µs):               0
    ISR count (execution time 1000-2000 µs):              0
    ISR count (execution time 2000-4000 µs):              0
    ISR count (execution time >=4000 µs):                 0


    _________________________________________________________________________________________________________
    REPORTED DPCs
    _________________________________________________________________________________________________________
    DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.

    Highest DPC routine execution time (µs):              144.846617
    Driver with highest DPC routine execution time:       SynTP.sys - Synaptics Touchpad Win64 Driver, Synaptics Incorporated

    Highest reported total DPC routine time (%):          0.064556
    Driver with highest DPC total execution time:         rspLLL64.sys - Resplendence Latency Monitoring and Auxiliary Kernel Library, Resplendence Software Projects Sp.

    Total time spent in DPCs (%)                          0.253944

    DPC count (execution time <250 µs):                   26607
    DPC count (execution time 250-500 µs):                0
    DPC count (execution time 500-10000 µs):              0
    DPC count (execution time 1000-2000 µs):              0
    DPC count (execution time 2000-4000 µs):              0
    DPC count (execution time >=4000 µs):                 0


    _________________________________________________________________________________________________________
     REPORTED HARD PAGEFAULTS
    _________________________________________________________________________________________________________
    Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.

    NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.

    Process with highest pagefault count:                 latmon.exe

    Total number of hard pagefaults                       5
    Hard pagefault count of hardest hit process:          1
    Number of processes hit:                              5


    _________________________________________________________________________________________________________
     PER CPU DATA
    _________________________________________________________________________________________________________
    CPU 0 Interrupt cycle time (s):                       1.589828
    CPU 0 ISR highest execution time (µs):                57.854637
    CPU 0 ISR total execution time (s):                   0.058187
    CPU 0 ISR count:                                      3101
    CPU 0 DPC highest execution time (µs):                144.846617
    CPU 0 DPC total execution time (s):                   0.180502
    CPU 0 DPC count:                                      24717
    _________________________________________________________________________________________________________
    CPU 1 Interrupt cycle time (s):                       0.402043
    CPU 1 ISR highest execution time (µs):                13.804511
    CPU 1 ISR total execution time (s):                   0.011898
    CPU 1 ISR count:                                      1486
    CPU 1 DPC highest execution time (µs):                128.116291
    CPU 1 DPC total execution time (s):                   0.029718
    CPU 1 DPC count:                                      1890
    _________________________________________________________________________________________________________

  • 0

#27
ForrestGump
Posted 15 October 2022 - 10:39 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

LatencyProcesses.jpeg


  • 0

#28
ForrestGump
Posted 15 October 2022 - 10:40 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

LatencyDrivers.jpeg


  • 0

#29
ForrestGump
Posted 15 October 2022 - 10:51 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Sanity scan results

  • Analysis
    Analyzing your system ...

    Processes are running without company, product and description information

    One or more processes have been detected which have not registered any company, product and description information. This is not uncommon or necessarily the work of a virus or malware but does raise a flag of suspicion. It is suggested that you find out what this process belongs to and why it is running on your system.
     
  • The process registry does not have any product, company or description information.

    Information about the responsible process registry:

    file path: registry
    This file is no longer available. We suggest you try to find this file in another location on your hard disk.
    Click here to do a Google search on registry
     
  • The process startmenuexperiencehost.exe does not have any product, company or description information.

    Information about the responsible process startmenuexperiencehost.exe:

    file path: C:\windows\systemapps\microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy\startmenuexperiencehost.exe

  • 0

#30
ForrestGump
Posted 15 October 2022 - 11:01 PM

ForrestGump

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

TASKLIST /SVC  > \junk.txt

notepad \junk.txt

 

Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                        
System                           4 N/A                                        
Registry                        92 N/A                                        
smss.exe                       364 N/A                                        
csrss.exe                      472 N/A                                        
wininit.exe                    584 N/A                                        
csrss.exe                      592 N/A                                        
services.exe                   652 N/A                                        
lsass.exe                      660 EFS, KeyIso, SamSs, VaultSvc                
winlogon.exe                   776 N/A                                        
svchost.exe                    836 BrokerInfrastructure, DcomLaunch, PlugPlay,
                                   Power, SystemEventsBroker                  
fontdrvhost.exe                872 N/A                                        
fontdrvhost.exe                880 N/A                                        
svchost.exe                    980 RpcEptMapper, RpcSs                        
svchost.exe                     64 LSM                                        
dwm.exe                        400 N/A                                        
svchost.exe                   1060 lmhosts                                    
svchost.exe                   1068 CoreMessagingRegistrar                      
svchost.exe                   1108 NcbService                                  
svchost.exe                   1120 TimeBrokerSvc                              
svchost.exe                   1208 Schedule                                    
svchost.exe                   1248 DisplayEnhancementService                  
svchost.exe                   1256 ProfSvc                                    
svchost.exe                   1288 EventLog                                    
svchost.exe                   1396 UserManager                                
svchost.exe                   1412 DispBrokerDesktopSvc                        
svchost.exe                   1452 nsi                                        
svchost.exe                   1648 Dhcp                                        
svchost.exe                   1720 camsvc                                      
svchost.exe                   1732 StateRepository                            
svchost.exe                   1860 NlaSvc                                      
WUDFHost.exe                  1900 N/A                                        
atiesrxx.exe                  1952 AMD External Events Utility                
atieclxx.exe                  1996 N/A                                        
svchost.exe                   2032 Themes                                      
svchost.exe                   2044 EventSystem                                
svchost.exe                   1056 CscService                                  
svchost.exe                   2060 netprofm                                    
svchost.exe                   2088 SENS                                        
svchost.exe                   2160 AudioEndpointBuilder                        
svchost.exe                   2168 FontCache                                  
svchost.exe                   2292 SEMgrSvc                                    
svchost.exe                   2388 WinHttpAutoProxySvc                        
sihost.exe                    2428 N/A                                        
svchost.exe                   2480 CDPUserSvc_234ba                            
svchost.exe                   2528 Dnscache                                    
taskhostw.exe                 2572 N/A                                        
svchost.exe                   2632 WpnUserService_234ba                        
svchost.exe                   2652 TokenBroker                                
svchost.exe                   2668 Audiosrv                                    
taskhostw.exe                 2808 N/A                                        
svchost.exe                   2912 DusmSvc                                    
svchost.exe                   2936 Wcmsvc                                      
svchost.exe                   3016 TabletInputService                          
ctfmon.exe                    2316 N/A                                        
svchost.exe                   3192 WlanSvc                                    
svchost.exe                   3208 CDPSvc                                      
svchost.exe                   3260 ShellHWDetection                            
explorer.exe                  3392 N/A                                        
spoolsv.exe                   3432 Spooler                                    
svchost.exe                   3476 BFE, mpssvc                                
svchost.exe                   3556 LanmanWorkstation                          
svchost.exe                   3752 RmSvc                                      
svchost.exe                   2896 DeviceAssociationService                    
svchost.exe                   3104 CryptSvc                                    
svchost.exe                   4104 cbdhsvc_234ba                              
svchost.exe                   4116 DiagTrack                                  
svchost.exe                   4124 DPS                                        
svchost.exe                   4152 Winmgmt                                    
svchost.exe                   4236 SstpSvc                                    
svchost.exe                   4244 LanmanServer                                
SynTPEnhService.exe           4252 SynTPEnhService                            
svchost.exe                   4272 TrkWks                                      
svchost.exe                   4316 WpnService                                  
MsMpEng.exe                   4328 WinDefend                                  
svchost.exe                   4436 iphlpsvc                                    
svchost.exe                   4460 WdiSystemHost                              
SynTPEnh.exe                  4468 N/A                                        
svchost.exe                   4612 RasMan                                      
svchost.exe                   4812 WdiServiceHost                              
svchost.exe                   4936 PcaSvc                                      
svchost.exe                   4996 Appinfo                                    
SynTPHelper.exe               5096 N/A                                        
SearchIndexer.exe             5144 WSearch                                    
StartMenuExperienceHost.e     5748 N/A                                        
RuntimeBroker.exe             6088 N/A                                        
svchost.exe                   2416 UsoSvc                                      
SearchApp.exe                 5392 N/A                                        
RuntimeBroker.exe             5536 N/A                                        
LockApp.exe                   6664 N/A                                        
RuntimeBroker.exe             6724 N/A                                        
svchost.exe                   6848 BthAvctpSvc                                
svchost.exe                   7148 lfsvc                                      
RuntimeBroker.exe             6580 N/A                                        
SecurityHealthSystray.exe     6076 N/A                                        
SecurityHealthService.exe     7068 SecurityHealthService                      
OneDrive.exe                  6152 N/A                                        
svchost.exe                   3024 OneSyncSvc_234ba                            
svchost.exe                   4528 DoSvc                                      
svchost.exe                   8004 StorSvc                                    
SgrmBroker.exe                7704 SgrmBroker                                  
svchost.exe                   6220 wscsvc                                      
svchost.exe                   7424 UdkUserSvc_234ba                            
ShellExperienceHost.exe       1080 N/A                                        
RuntimeBroker.exe             7340 N/A                                        
SystemSettingsBroker.exe      3544 N/A                                        
ApplicationFrameHost.exe      3064 N/A                                        
svchost.exe                   7828 WbioSrvc                                    
svchost.exe                   8016 IKEEXT                                      
svchost.exe                   7660 PolicyAgent                                
NisSrv.exe                    5024 WdNisSvc                                    
TextInputHost.exe             5504 N/A                                        
RuntimeBroker.exe             7332 N/A                                        
dllhost.exe                   3584 N/A                                        
SearchApp.exe                 2616 N/A                                        
smartscreen.exe               8552 N/A                                        
svchost.exe                   3632 LicenseManager                              
WmiPrvSE.exe                  9064 N/A                                        
cmd.exe                       7188 N/A                                        
conhost.exe                   9132 N/A                                        
audiodg.exe                   7492 N/A                                        
notepad.exe                   3724 N/A                                        
Taskmgr.exe                   8604 N/A                                        
SearchProtocolHost.exe        2220 N/A                                        
msedge.exe                    6228 N/A                                        
msedge.exe                    8780 N/A                                        
msedge.exe                    1568 N/A                                        
msedge.exe                    7176 N/A                                        
msedge.exe                    3492 N/A                                        
svchost.exe                   5280 AppXSvc                                    
SearchFilterHost.exe          5720 N/A                                        
msedge.exe                    1592 N/A                                        
msedge.exe                    9052 N/A                                        
msedge.exe                    7844 N/A                                        
msedge.exe                    3056 N/A                                        
msedge.exe                    9136 N/A                                        
msedge.exe                    7480 N/A                                        
msedge.exe                    7292 N/A                                        
msedge.exe                    8452 N/A                                        
tasklist.exe                  5768 N/A                                        
WmiPrvSE.exe                  3252 N/A                                         


Edited by ForrestGump, 15 October 2022 - 11:05 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Virus

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP