Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan:PowerShell/Jupyiter!MTB detected by Windows Security

Started by xilogo1202 , May 17 2024 01:35 PM

Please log in to reply

#1
xilogo1202

Posted 17 May 2024 - 01:35 PM

New Member

Member
6 posts

Hello. Windows Security detects Trojan:PowerShell/Jupyiter!MTB every time the computer is turned on. I have followed the provided steps here to attempt to remove it with no success. I am hoping to get help removing this as well as any other viruses, spyware, or malware that may be on this computer. I currently use Windows Security and Malwarebytes to protect the machine. Should these continued to be used, replaced, or any other software used as well? Thanks!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01
Ran by admin (administrator) on LAPTOP-GE8FCSQN (LENOVO 20VE) (17-05-2024 13:13:00)
Running from C:\Users\Username\Desktop\FRST64.exe
Loaded Profiles: admin & Username
Platform: Microsoft Windows 10 Pro Version 22H2 19045.4412 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxEMN.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAF04E~1.INF\DAX3API.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\FnHotkeyCapsLKNumLK.exe
(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\FnHotkeyUtility.exe
(explorer.exe ->) (CANON INC. -> CANON INC.) C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE
(explorer.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5487.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <17>
(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELANFPService.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ElanIapService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_db7985d30b50e28f\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c529b210005a7e19\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_46aa7595a4cd0ecb\RstMwService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_030a6fd3020fb520\RtkAudUService64.exe <2>
(services.exe ->) (TBT_DCH_DRV_PROD -> ) C:\Windows\TbtP2pShortcutService.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5487.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_030a6fd3020fb520\RtkAudUService64.exe [1635688 2022-12-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [MFNetworkScannerSelector] => C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE [459904 2018-01-30] (CANON INC. -> CANON INC.)
HKLM\...\RunOnce: [!BCILauncher] => C:\Windows\Temp\MUBSTemp\BCILauncher.EXE [18464 2024-04-16] (Microsoft Corporation -> ) <==== ATTENTION
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\Run: [MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4081192 2024-05-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [47897984 2021-09-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Uninstall 21.129.0627.0002\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\21.129.0627.0002\amd64" [0 2021-07-24] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Uninstall 21.129.0627.0002] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\21.129.0627.0002" [0 2021-09-25] () <==== ATTENTION [zero byte File/Folder]
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [CiscoMeetingDaemon] => C:\Users\Username\AppData\Local\WebEx\WebexHost.exe [7272032 2024-04-01] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [MicrosoftEdgeAutoLaunch_AC5700D3445A3B32EF9F41CD7106186F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4081192 2024-05-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [CiscoSpark] => C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1476 2024-05-11] () [File not signed]
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\MountPoints2: {39e38df8-5750-11eb-835d-fcb3bc5f1a08} - "D:\LaunchU3.exe" -a
HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [153088 2018-01-29] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1501696 2018-10-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\125.0.6422.61\Installer\chrmstp.exe [2024-05-17] (Google LLC -> Google LLC)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {59DB40A8-D7EF-48F1-8560-0EB73F137260} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {A64851A1-2108-4FEE-91B7-08046252FF5F} - System32\Tasks\G2MUpdateTask-S-1-5-21-240337477-2287995252-3564736294-1002 => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupdate.exe [34872 2024-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {81EAAF71-514B-4127-B19C-7780892B9FFF} - System32\Tasks\G2MUploadTask-S-1-5-21-240337477-2287995252-3564736294-1002 => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupload.exe [34872 2024-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {6B67EAF6-81DF-4C17-AC0A-00EF21C09734} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6462.0{0B10C9FC-2756-405C-920B-B3EA82C04DE4} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)
Task: {1871758E-9C91-4D1E-B938-F05AA6ED1CF3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {E1B27C35-FA09-4A05-A9ED-BD0FF237CE96} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {345A3571-2FF4-4735-AE8F-8959B895B9E1} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\Windows\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {C61E003D-EE86-4D1F-90AD-FD371C813657} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\08bd7337-26ea-427e-ade9-081b62e357e9 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {1427174C-6B14-4599-8A69-B0558AD8629C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0989d3ed-fc09-4def-888d-a286cd9a6388 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {F14EF311-DCF5-4287-949D-8594C1C65484} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1391f8ee-70f2-4311-8b53-435d4d036115 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {E5BD3151-4DDF-40FC-B3EE-7A60DF29A300} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1e795698-f56f-4abe-8064-a25c89a7b3a7 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {1E50B311-351C-4AFC-A1F3-777EEC58A91F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6c07b3b7-a0d1-4142-ae4b-1ad4895e4de6 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {CA9ABCB6-10F7-454B-B578-2105C243A8B2} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {22B40815-EC47-4DE1-B850-05F5CCE397BA} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {4B8CDDDE-6C8C-4ADC-80C1-64B93AD60920} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {672A1595-FE99-4AFD-8FA6-448D06C0DC05} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {1ACAAF8C-13EF-40CE-B235-2D9B2C6117A8} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {FE84F80B-0E62-4460-B431-8CD2AB946645} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {B3EDEA26-CF6E-4F96-ABF5-466B4B7C8AD5} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {F0E4CC51-200B-40C4-9110-476B9EF7A8BE} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBatteryPartSalesMonthlyToast => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {27B14E72-A2B9-491C-B062-AB7D21D53221} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {11788514-56F9-4063-8DD5-6DB80F92D0AC} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {179FDF33-DA9B-4C0C-9CF2-6CD42CE0A465} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (No File)
Task: {1E24CFE5-3301-493F-9393-D978249BED80} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {A170EF17-55BA-4EE5-B1AF-CFCBF0C49D47} - System32\Tasks\Lenovo\Vantage\Schedule\SmartLock.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {77BC1A4F-0E56-4714-BA46-1C11CD942AC2} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {CC50FA1B-8DF6-4DC7-A735-E845C7D9E827} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)
Task: {12ED7477-2B2D-4602-B9AB-80FAEBAF487E} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {19DF18E5-B809-4426-B9EC-32556E8D842B} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\uninstall.exe [365024 2024-03-03] (Lenovo -> Lenovo)
Task: {3D4BB58A-2049-4494-BE11-0044B3E09952} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28436048 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {3527CD96-E1AB-4170-81A3-7C60CF6EDEC8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28436048 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE1EDBEA-BD09-47A2-844A-2415A6F1B45F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {92C9E29E-E563-4C7B-8754-03466216E8E9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {664E20A6-3D9B-459A-9783-1D23521509EF} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168928 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5390020D-EAAD-4B2C-ADE1-59B933FE928E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3BA72883-3D09-4C6F-A6C9-CEACC2205984} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1EA084D9-1FC8-4402-9228-E02FC259B9B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BABCA08E-2D95-48A3-B83D-138C2601DD11} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-240337477-2287995252-3564736294-1002.job => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-240337477-2287995252-3564736294-1002.job => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{45d5d7d4-26dd-4f05-b26c-4fccf75fe7ad}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}\4597C65627723702960586F6E656: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}\E45445745414257303: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-25]

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2021-09-25]
CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-02]
CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-02]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-02]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-02]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-25]
CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-23]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14248120 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe [2305576 2021-12-08] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 ElanIapService; C:\Windows\System32\ElanIapService.exe [475088 2020-07-29] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R2 FMAPOService; C:\Windows\System32\FMService64.exe [343936 2020-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
S2 GoogleUpdaterInternalService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)
S2 GoogleUpdaterService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\AS\IAS\IntelAudioService.exe [539816 2021-09-02] (Intel Corporation -> Intel)
R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe [168776 2024-04-01] (Lenovo -> Lenovo)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe [34168 2024-03-03] (Lenovo -> Lenovo)
R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1817944 2020-09-11] (Lenovo -> Lenovo(beijing) Limited)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887264 2024-04-19] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe [1489000 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522200 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [252264 2021-01-26] (TBT_DCH_DRV_PROD -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe [3236840 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe [133704 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-12] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-12] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_SPI_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2020-08-12] (Intel Corporation -> Intel Corporation)
S3 iaLPSS2_UART2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2020-08-12] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1421680 2020-09-23] (Intel® Rapid Storage Technology -> Intel Corporation)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223184 2024-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-02-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl2b77aba6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{18E11F5D-AE9F-4694-BF1F-08D9560EEE19}\MpKslDrv.sys [271648 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21056 2024-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [601496 2024-05-14] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-14] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-17 13:13 - 2024-05-17 13:13 - 000029479 _____ C:\Users\Username\Desktop\FRST.txt
2024-05-17 13:02 - 2024-05-17 13:13 - 000000000 ____D C:\FRST
2024-05-17 13:01 - 2024-05-17 13:01 - 002394112 _____ (Farbar) C:\Users\Username\Desktop\FRST64.exe
2024-05-17 12:14 - 2024-05-17 12:14 - 000000000 ___HD C:\$WinREAgent
2024-05-13 17:47 - 2024-05-13 17:47 - 017008467 _____ C:\Users\Username\Downloads\VIDEO-2024.mp4
2024-05-13 10:02 - 2024-05-13 10:02 - 004034063 _____ C:\Users\Username\Downloads\VID-WA000 (1).mp4
2024-05-13 09:29 - 2024-05-13 09:29 - 004034063 _____ C:\Users\Username\Downloads\VID-WA000.mp4
2024-05-11 16:04 - 2024-05-17 11:19 - 000000000 ____D C:\Users\Username\AppData\Local\CiscoSpark
2024-05-11 16:04 - 2024-05-11 16:05 - 000000000 ____D C:\Users\Username\AppData\Local\CiscoSparkLauncher
2024-05-11 09:58 - 2024-05-11 09:58 - 000000000 ____D C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex
2024-05-11 09:21 - 2024-05-11 09:21 - 000107654 _____ C:\Users\Username\Downloads\3591_BoardingPass (2).pdf
2024-05-11 09:21 - 2024-05-11 09:21 - 000107654 _____ C:\Users\Username\Downloads\3591_BoardingPass (1).pdf
2024-05-11 09:20 - 2024-05-11 09:20 - 000107654 _____ C:\Users\Username\Downloads\3591_BoardingPass.pdf
2024-05-09 17:11 - 2024-05-09 17:11 - 000614675 _____ C:\Users\Username\Downloads\Scope of Work ALE.pdf
2024-05-08 10:12 - 2024-05-08 10:12 - 001352186 _____ C:\Users\Username\Downloads\General_information.pdf
2024-05-08 10:11 - 2024-05-08 10:11 - 000179661 _____ C:\Users\Username\Downloads\354.pdf
2024-05-02 15:29 - 2024-05-02 15:29 - 001133713 _____ C:\Users\Username\Downloads\VIDEO-2020.mp4
2024-05-01 09:38 - 2024-05-01 09:38 - 000064336 _____ C:\Users\Username\Downloads\3591.pdf
2024-05-01 09:01 - 2024-05-01 09:01 - 004743667 _____ C:\Users\Username\Downloads\bRqQsv (1).mp4
2024-04-29 08:57 - 2024-04-29 08:57 - 002071283 _____ C:\Users\Username\Downloads\d59-c7ef-46.MP4
2024-04-26 11:43 - 2024-04-26 11:43 - 000000000 ____D C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-04-25 18:38 - 2024-04-25 18:38 - 000067420 _____ C:\Users\Username\Downloads\Surname.pdf
2024-04-25 08:12 - 2024-04-25 08:12 - 000179610 _____ C:\Users\Username\Downloads\35499.pdf
2024-04-22 10:34 - 2024-04-22 10:34 - 001819854 _____ C:\Users\Username\Downloads\London and Paris (1).pdf
2024-04-20 08:46 - 2024-04-20 08:46 - 005260625 _____ C:\Users\Username\Downloads\video (1).mp4
2024-04-20 08:21 - 2024-04-20 08:21 - 005260625 _____ C:\Users\Username\Downloads\video.mp4
2024-04-19 16:16 - 2024-04-19 16:16 - 001819854 _____ C:\Users\Username\Downloads\London and Paris.pdf
2024-04-17 11:32 - 2024-04-17 11:32 - 004743667 _____ C:\Users\Username\Downloads\aKEbRqQ_460sv.mp4

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-17 13:03 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-17 12:47 - 2023-05-12 10:22 - 000000000 ____D C:\Users\Username\AppData\Local\Malwarebytes
2024-05-17 12:44 - 2020-05-06 12:41 - 000795742 _____ C:\Windows\system32\PerfStringBackup.INI
2024-05-17 12:44 - 2019-12-07 03:13 - 000000000 ____D C:\Windows\INF
2024-05-17 12:33 - 2021-01-02 20:59 - 000000000 __SHD C:\Users\Username\IntelGraphicsProfiles
2024-05-17 12:33 - 2020-11-19 02:48 - 000000000 ___HD C:\Intel
2024-05-17 12:33 - 2020-05-06 12:33 - 000008192 ___SH C:\DumpStack.log.tmp
2024-05-17 12:33 - 2020-05-06 12:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-05-17 12:33 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ServiceState
2024-05-17 12:31 - 2019-12-07 03:03 - 001310720 _____ C:\Windows\system32\config\BBI
2024-05-17 12:30 - 2020-11-19 03:58 - 000000000 ____D C:\Windows\TempInst
2024-05-17 12:28 - 2021-12-31 17:16 - 000000000 ____D C:\Windows\SystemTemp
2024-05-17 12:28 - 2021-01-02 20:47 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-05-17 12:28 - 2021-01-02 20:47 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-05-17 12:27 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-17 12:27 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\AppReadiness
2024-05-17 12:25 - 2020-05-06 12:33 - 000642272 _____ C:\Windows\system32\FNTCACHE.DAT
2024-05-17 12:24 - 2020-11-19 03:44 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2024-05-17 12:24 - 2020-11-19 03:44 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-05-17 12:24 - 2019-12-07 03:52 - 000000000 ____D C:\Program Files\Windows Portable Devices
2024-05-17 12:24 - 2019-12-07 03:52 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2024-05-17 12:24 - 2019-12-07 03:52 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2024-05-17 12:24 - 2019-12-07 03:52 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\system32\UNP
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\system32\F12
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\PrintDialog
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SystemResources
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\setup
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\oobe
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\migwiz
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\Dism
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ShellComponents
2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\bcastdvr
2024-05-17 12:24 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\servicing
2024-05-17 12:22 - 2020-05-06 12:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-05-17 12:22 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\CbsTemp
2024-05-17 12:20 - 2022-11-19 09:01 - 000002072 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-05-17 12:20 - 2022-10-12 09:48 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-05-17 12:20 - 2021-01-02 20:43 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-05-17 12:17 - 2020-05-06 12:36 - 003017216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-05-17 12:16 - 2021-01-04 21:50 - 000000000 ____D C:\Users\Username\AppData\Local\CrashDumps
2024-05-17 12:14 - 2021-01-02 20:14 - 000000000 ____D C:\Windows\system32\MRT
2024-05-17 12:11 - 2021-03-20 18:52 - 000000000 ____D C:\Users\Username\AppData\Local\D3DSCache
2024-05-17 12:05 - 2023-10-03 16:03 - 000000000 ____D C:\Program Files\RUXIM
2024-05-17 12:05 - 2021-01-02 20:14 - 196465576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-05-17 12:00 - 2021-03-24 10:54 - 000000000 ____D C:\Users\Username\AppData\Local\WebEx
2024-05-17 11:25 - 2021-01-02 20:08 - 000000000 ____D C:\ProgramData\Packages
2024-05-17 11:21 - 2023-01-16 21:52 - 000002287 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-05-17 11:21 - 2020-11-19 03:52 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-14 10:35 - 2021-12-13 09:45 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-240337477-2287995252-3564736294-1002
2024-05-14 10:35 - 2021-01-02 21:00 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-240337477-2287995252-3564736294-1002
2024-05-14 10:35 - 2021-01-02 20:59 - 000002387 _____ C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-05-14 07:33 - 2020-05-06 12:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-05-13 17:47 - 2021-01-23 22:02 - 000000000 ____D C:\Users\Username\AppData\Roaming\vlc
2024-05-11 16:13 - 2021-01-25 11:05 - 000000000 ____D C:\Users\Username\Desktop\Financial statements
2024-05-11 10:51 - 2021-03-24 10:54 - 000000000 ____D C:\Users\Username\AppData\LocalLow\WebEx
2024-05-11 09:57 - 2021-03-24 10:55 - 000000000 ____D C:\Users\Username\AppData\Roaming\webex
2024-05-10 12:51 - 2020-11-19 03:52 - 000000000 ____D C:\Program Files\Microsoft Office
2024-05-08 08:50 - 2021-01-02 20:59 - 000000000 ____D C:\Users\Username\AppData\Local\Packages
2024-05-08 08:46 - 2020-11-19 03:51 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-08 08:46 - 2020-11-19 03:51 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-04-29 18:15 - 2021-01-02 20:59 - 000002359 _____ C:\Users\Username\Desktop\Microsoft Edge.lnk
2024-04-26 11:43 - 2023-08-22 08:09 - 000000000 ____D C:\Users\Username\AppData\Roaming\Zoom

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01
Ran by admin (17-05-2024 13:13:55)
Running from C:\Users\Username\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.4412 (X64) (2021-01-03 18:02:55)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

admin (S-1-5-21-240337477-2287995252-3564736294-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-240337477-2287995252-3564736294-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-240337477-2287995252-3564736294-503 - Limited - Disabled)
Guest (S-1-5-21-240337477-2287995252-3564736294-501 - Limited - Disabled)
Username (S-1-5-21-240337477-2287995252-3564736294-1002 - Limited - Enabled) => C:\Users\Username
WDAGUtilityAccount (S-1-5-21-240337477-2287995252-3564736294-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20759 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Canon MF741C/743C (HKLM\...\{BB46A4DC-43FD-4deb-8B8D-E0211A44D94B}) (Version: 6.4.0.3 - CANON INC.)
Cisco Webex Meetings (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\ActiveTouchMeetingClient) (Version: 44.4.0 - Cisco Webex LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 125.0.6422.61 - Google LLC)
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.20.0.19992 (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\GoToMeeting) (Version: 10.20.0.19992 - LogMeIn, Inc.)
Intel® Chipset Device Software (HKLM\...\{368C1112-09E1-4EE3-A274-9118DF101CA9}) (Version: 10.1.18460.8229 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{a2c684b7-4a4b-425f-a805-1e88940804b0}) (Version: 10.1.18460.8229 - Intel® Corporation)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.0.75.0 - Lenovo Group Ltd.)
LibreOffice 7.3.6.2 (HKLM\...\{4281811C-7F43-4020-B5AB-7AA3CC82F95D}) (Version: 7.3.6.2 - The Document Foundation)
Malwarebytes version 4.6.13.324 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.13.324 - Malwarebytes)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17531.20140 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 124.0.2478.105 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.97 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\OneDriveSetup.exe) (Version: 21.170.0822.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\OneDriveSetup.exe) (Version: 24.081.0421.0003 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Teams) (Version: 1.5.00.21463 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17531.20140 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)
Webex (HKLM\...\{B080C79D-B4E3-5424-8492-BEBBD67B1A92}) (Version: 43.10.0.28042 - Cisco Systems, Inc)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)

Packages:
=========

Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-11-21] (INTEL CORP) [Startup Task]
Smart Microphone Setting -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl_1.0.38.0_x64__4pejv7q2gmsnr [2021-09-25] (Fortemedia)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Username\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22147.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Username\AppData\Local\GoToMeeting\19796\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Username\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-01-10 20:53 - 2018-01-29 21:28 - 000005120 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6_en-US.DLL
2021-01-10 20:52 - 2018-01-29 21:26 - 000153088 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-240337477-2287995252-3564736294-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-240337477-2287995252-3564736294-1002 -> DefaultScope {003DCA94-98F2-469B-A5BA-194AE1717515} URL =
SearchScopes: HKU\S-1-5-21-240337477-2287995252-3564736294-1002 -> {003DCA94-98F2-469B-A5BA-194AE1717515} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 03:14 - 2019-12-07 03:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-240337477-2287995252-3564736294-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\StartupFolder: => "a926b4964b745999a98b8120e2816.LNk"
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_AC5700D3445A3B32EF9F41CD7106186F"
HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "CiscoSpark"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F66FE10C-0F79-4F40-97EA-A16178E767EA}C:\users\Username\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\Username\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{8D2C76DD-8F61-4AD4-B645-4D737C01F19D}C:\users\Username\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\Username\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C4DAB1EB-5674-49FE-A481-243FCD8F1CF1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CA7664C3-0A61-4D99-9060-2A4EF09D3CFD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8DEB1EEE-D596-4CE1-B075-2813101D65CD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{56886F33-FDC6-46EE-A402-B633104E6F3F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9A01B37C-DDFD-47FA-8966-E70C4AC4DD0B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2010A0F0-D7B4-4EF9-B4E3-973FCE603AD4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E8F1BAF3-0322-4C9D-99C7-1210D0EABC85}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

06-05-2024 14:00:54 Scheduled Checkpoint
17-05-2024 11:19:57 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (05/17/2024 01:03:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SecHealthUI.exe version 10.0.19041.4355 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: ff0

Start Time: 01daa888fd2b9d2e

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

Report Id: a6030eae-ff0d-4e3a-8673-7ddf1ed24af7

Faulting package full name: Microsoft.Windows.SecHealthUI_10.0.19041.4239_neutral__cw5n1h2txyewy

Faulting package-relative application ID: SecHealthUI

Hang type: Cross-process

Error: (05/17/2024 12:24:59 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (05/17/2024 12:24:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress..

Error: (05/17/2024 12:24:59 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]

Error: (05/17/2024 12:16:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x0cb7f68b
Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x81cf5d89
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x32d8
Faulting application start time: 0x01daa87e624bbdd2
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: f3d875f7-406a-4cc2-a554-0cc76bdea5bb
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (05/12/2024 09:09:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x0cb7f68b
Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x81cf5d89
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0xb9c
Faulting application start time: 0x01daa4782d555ea7
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 0963195e-e771-464e-8334-869884182f32
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (05/11/2024 11:01:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartMenuExperienceHost.exe, version: 0.0.0.0, time stamp: 0x0cb7f68b
Faulting module name: ucrtbase.dll, version: 10.0.19041.3636, time stamp: 0x81cf5d89
Exception code: 0xc0000409
Fault offset: 0x000000000007286e
Faulting process id: 0x3700
Faulting application start time: 0x01daa3b59089af24
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: 5ec15c6a-c46a-42c0-b4c4-276c11e1e12e
Faulting package full name: Microsoft.Windows.StartMenuExperienceHost_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (05/10/2024 12:51:02 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: LAPTOP-GE8FCSQN)
Description: Application or service 'Microsoft Office SDX Helper' could not be shut down.

System errors:
=============
Error: (05/17/2024 12:24:46 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (05/17/2024 12:24:46 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server:
{B91D5831-B1BD-4608-8198-D72E155020F7}

Error: (05/17/2024 12:18:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9PLFNLNT3G5G-AppUp.IntelGraphicsExperience.

Error: (05/17/2024 12:03:27 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {7c9de016-0b42-4752-ba37-a1a1bcaf4e75}, had event 74

Error: (05/17/2024 11:19:28 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {7c9de016-0b42-4752-ba37-a1a1bcaf4e75}, had event 74

Error: (05/14/2024 10:52:48 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

Error: (05/14/2024 10:52:48 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GE8FCSQN)
Description: The server Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider did not register with DCOM within the required timeout.

Error: (05/14/2024 07:32:29 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Miniport Microsoft Wi-Fi Direct Virtual Adapter #2, {7c9de016-0b42-4752-ba37-a1a1bcaf4e75}, had event 74

Windows Defender:
================
Date: 2024-05-17 13:03:46
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2024-05-17 12:21:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2024-05-17 11:19:52
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...33&enterprise=0
Name: Trojan:PowerShell/Jupyiter!MTB
Severity: Severe
Category: Trojan
Path: amsi:_\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.411.139.0, AS: 1.411.139.0, NIS: 1.411.139.0
Engine Version: AM: 1.1.24040.1, NIS: 1.1.24040.1

Date: 2024-05-14 07:32:54
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...33&enterprise=0
Name: Trojan:PowerShell/Jupyiter!MTB
Severity: Severe
Category: Trojan
Path: amsi:_\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.411.122.0, AS: 1.411.122.0, NIS: 1.411.122.0
Engine Version: AM: 1.1.24040.1, NIS: 1.1.24040.1

Date: 2024-05-13 16:45:47
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...33&enterprise=0
Name: Trojan:PowerShell/Jupyiter!MTB
Severity: Severe
Category: Trojan
Path: amsi:_\Device\HarddiskVolume3\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Security intelligence Version: AV: 1.411.122.0, AS: 1.411.122.0, NIS: 1.411.122.0
Engine Version: AM: 1.1.24040.1, NIS: 1.1.24040.1

CodeIntegrity:
===============
Date: 2024-05-17 12:56:20
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c529b210005a7e19\igd10um64xe.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO F8CN58WW(V2.21) 03/28/2024
Motherboard: LENOVO LNVNB161216
Processor: 11th Gen Intel® Core™ i7-1165G7 @ 2.80GHz
Percentage of memory in use: 49%
Total physical RAM: 16167.3 MB
Available physical RAM: 8122.73 MB
Total Virtual: 18599.3 MB
Available Virtual: 10393 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:370.83 GB) (Model: NVMe SAMSUNG MZALQ512HALU-000L2) (Protected) NTFS

\\?\Volume{d7b7e4d4-0ce0-4798-9056-31a4d8207d11}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.39 GB) NTFS
\\?\Volume{3137f5f2-edef-40f3-b51c-acfebedcfb60}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: FE97C22C)

Partition: GPT.

==================== End of Addition.txt =======================

#2
RKinner

Posted 18 May 2024 - 11:17 AM

Malware Expert

Expert
24,666 posts

Looks like it might be a false positive:

Copy this line:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Go to virustotal.com. Click on Choose File.

Ctrl + v and the copied line should appear. Hit Open.

If the file is not infected it will tell you:

No security vendors and no sandboxes flagged this file as malicious

To be sure I would run a free ESET scan. (Takes a hour or more)

Go to

https://www.eset.com...online-scanner/

Click on One Time Scan that will cause it to download a file. Go to your Downloads Folder and right click on the downloaded file (esetonlinescanner.exe).

Click on Computer Scan then Full Scan. Start Scan.

It will tell you if it finds anything.

#3
xilogo1202

Posted 18 May 2024 - 07:58 PM

New Member

Topic Starter
Member
6 posts

Hi RKinner.

I received the message "No security vendors and no sandboxes flagged this file as malicious".

I downloaded esetonlinescanner.exe. However, when I right click on the, there is not an "Computer Scan" option in the popup menu. Should I normal double left click to execute the file?

#4
RKinner

Posted 19 May 2024 - 04:51 AM

Malware Expert

Expert
24,666 posts

Sorry for the typo. it should say right click on on the downloaded file and Run As Administrator

#5
xilogo1202

Posted 19 May 2024 - 10:03 AM

New Member

Topic Starter
Member
6 posts

I ran the scan as admin and no threats were found

#6
RKinner

Posted 19 May 2024 - 12:33 PM

Malware Expert

Expert
24,666 posts

So I think it's a false positive. Go to Settings, Update & Security, Check for Updates and see if it has any updates. Often there is one for Windows Defender. Doubt you were the only one with the false positive so it will probably be fixed in the latest update.

#7
xilogo1202

Posted 19 May 2024 - 08:42 PM

New Member

Topic Starter
Member
6 posts

Windows Security has detected this for months every time I turn on the computer and I've updated often over that period of time. I don't know how to stop it if it is a false positive.

#8
RKinner

Posted 19 May 2024 - 09:15 PM

Malware Expert

Expert
24,666 posts

Let's run Rogue Killer

http://www.adlice.co...iller/#download

Click on Other Downloads

Click on Portable (64 bits)

Download and Save. (You may want to pause your Anti-Virus while downloading and Running)

(Show in Folder)

Right click on the downloaded file (RogueKiller_portable64.exe) and Run As admin

Scan

Start (Under Full Scan)

Will take about 20 minutes to complete.

Open Report

Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me. Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.

#9
xilogo1202

Posted 19 May 2024 - 09:43 PM

New Member

Topic Starter
Member
6 posts

RogueKiller did not find anything

Program : RogueKiller Anti-Malware

Version : 15.16.1.0

x64 : Yes

Program Date : Apr 12 2024

Location : C:\Users\Username\Desktop\RogueKiller_portable64.exe

Premium : No

Company : Adlice Software

Website : https://www.adlice.com/

Contact : https://adlice.com/contact/

Website : https://adlice.com/d...ad/roguekiller/

Operating System : Windows 10 (10.0.19045) 64-bit

64-bit OS : Yes

Startup : 0

WindowsPE : No

User : admin

User is Admin : Yes

Date : 2024/05/20 03:36:31

Type : Scan

Aborted : No

Scan Mode : Standard

Duration : 397

Found items : 0

Total scanned : 73205

Signatures Version : 20240514_080020

Truesight Driver : Yes

Updates Count : 9

************************* Warnings *************************

************************* Updates *************************

VLC media player (64-bit), version 3.0.14

[+] Available Version : 3.0.20

[+] Size : 0

[+] Wow6432 : No

[+] Portable : No

[+] update_location : C:\Program Files\VideoLAN\VLC

Malwarebytes version 4.6.13.324 (64-bit), version 4.6.13.324

[+] Available Version : 5.1.4.112

[+] Size : 0

[+] Wow6432 : No

[+] Portable : No

[+] update_location : C:\Program Files\Malwarebytes\Anti-Malware

LibreOffice 7.3.6.2 (64-bit), version 7.3.6.2

[+] Available Version : 24.2.3

[+] Size : 727118848

[+] Wow6432 : No

[+] Portable : No

[+] update_location : C:\Program Files\LibreOffice\

Microsoft OneDrive (64-bit), version 21.170.0822.0002

[+] Available Version : 24.070.0407.0003

[+] Size : 200375296

[+] Wow6432 : No

[+] Portable : No

Windows PC Health Check (64-bit), version 3.6.2204.08001

[+] Available Version : 3.7.2204.15001

[+] Size : 12225536

[+] Wow6432 : No

[+] Portable : No

Webex (64-bit), version 43.10.0.28042

[+] Available Version : 44.5.0.29672

[+] Size : 494693376

[+] Wow6432 : No

[+] Portable : No

[+] update_location : C:\Users\Username\AppData\Local\Programs\Cisco Spark\

Canon MF741C/743C (64-bit), version 6.4.0.3

[+] Available Version : 6.4.0.4

[+] Size : 0

[+] Wow6432 : No

[+] Portable : No

Microsoft Edge WebView2 Runtime (32-bit), version 124.0.2478.97

[+] Available Version : 125.0.2535.51

[+] Size : 0

[+] Wow6432 : Yes

[+] Portable : No

[+] update_location : C:\Program Files (x86)\Microsoft\EdgeWebView\Application

GoTo Opener (32-bit), version 1.0.533

[+] Available Version : 1.0.564

[+] Size : 344064

[+] Wow6432 : Yes

[+] Portable : No

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************

is_too_big : No

hosts_file_path : C:\Windows\System32\drivers\etc\hosts

************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************

#10
RKinner

Posted Yesterday, 10:10 PM

Malware Expert

Expert
24,666 posts

Download the attached fixlist.txt to the same location as FRST

fixlist.txt 544bytes 3 downloads

Run FRST and press Fix, The fix normally takes about 35 minutes. It will check your system files and the file that Windows Defender found

It will reboot.

A fix log will be generated please post that

Run FRST again but this time make sure Addition.txt is checked and hit Scan. Post both logs.

#11
xilogo1202

Posted Today, 07:31 PM

New Member

Topic Starter
Member
6 posts

This fix completely quickly, ~2 minutes. I did have to run it twice since the first time I did not run it as admin.

Fix result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01

Ran by admin (21-05-2024 19:05:57) Run:2

Running from C:\Users\Username\Desktop

Loaded Profiles: admin & Username

Boot Mode: Normal

==============================================

fixlist content:

*****************

File: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

CMD: DISM /Online /Cleanup-Image /RestoreHealth

CMD: SFC /scannow

CMD: findstr /c:"[SR]" \windows\logs\cbs\cbs.log

CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

Reboot:

*****************

========================= File: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe ========================

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Catalog: C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.4170.cat

File is digitally signed

MD5: 2E5A8590CF6848968FC23DE3FA1E25F1

Creation and modification date: 2024-02-14 11:15 - 2024-02-14 11:15

Size: 000455680

Attributes: ----A

Company Name: Microsoft Windows -> Microsoft Corporation

Internal Name: POWERSHELL

Original Name: PowerShell.EXE

Product: Microsoft® Windows® Operating System

Description: Windows PowerShell

File Version: 10.0.19041.3996 (WinBuild.160101.0800)

Product Version: 10.0.19041.3996

Virusscan: https://virusscan.jo...njob/vmg3kfjzka

====== End of File: ======

========= DISM /Online /Cleanup-Image /RestoreHealth =========

Deployment Image Servicing and Management tool

Version: 10.0.19041.3636

Image Version: 10.0.19045.4412

[== 3.8% ]

[== 4.8% ]

[=== 5.7% ]

[=== 6.7% ]

[==== 7.7% ]

[===== 8.7% ]

[===== 9.7% ]

[====== 10.6% ]

[====== 11.6% ]

[======= 12.6% ]

[======= 13.6% ]

[======== 14.6% ]

[========= 15.5% ]

[========= 16.5% ]

[========== 17.5% ]

[========== 18.5% ]

[=========== 19.5% ]

[=========== 20.5% ]

[============ 21.4% ]

[============= 22.4% ]

[============= 23.4% ]

[============== 24.4% ]

[============== 25.1% ]

[============== 25.2% ]

[=============== 26.2% ]

[=============== 27.2% ]

[================ 28.2% ]

[================ 29.1% ]

[================= 30.1% ]

[================== 31.1% ]

[================== 31.8% ]

[================== 32.2% ]

[================== 32.8% ]

[=================== 32.8% ]

[=================== 33.8% ]

[==================== 34.8% ]

[==================== 35.8% ]

[===================== 36.8% ]

[===================== 37.7% ]

[====================== 38.7% ]

[======================= 39.7% ]

[======================= 40.7% ]

[======================== 41.7% ]

[======================== 42.6% ]

[========================= 43.4% ]

[========================= 44.4% ]

[========================== 45.1% ]

[========================== 46.0% ]

[===========================46.6% ]

[===========================47.1% ]

[===========================47.3% ]

[===========================47.6% ]

[===========================47.8% ]

[===========================48.5% ]

[===========================49.1% ]

[===========================50.0% ]

[===========================51.0% ]

[===========================52.0% ]

[===========================53.0% ]

[===========================54.0% ]

[===========================54.1% ]

[===========================54.2% ]

[===========================54.3% ]

[===========================54.4% ]

[===========================54.5% ]

[===========================54.6% ]

[===========================54.8% ]

[===========================54.9% ]

[===========================55.0% ]

[===========================55.1% ]

[===========================55.2% ]

[===========================55.3% ]

[===========================55.5% ]

[===========================55.7% ]

[===========================55.8% ]

[===========================56.0% ]

[===========================56.1% ]

[===========================56.2% ]

[===========================56.4% ]

[===========================57.0%= ]

[===========================58.0%= ]

[===========================60.4%=== ]

[===========================62.3%==== ]

[===========================84.9%================= ]

[==========================100.0%==========================]

The restore operation completed successfully.

The operation completed successfully.

========= End of CMD: =========

========= SFC /scannow =========

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.

Verification 0% complete.

Verification 1% complete.

Verification 2% complete.

Verification 3% complete.

Verification 4% complete.

Verification 5% complete.

Verification 6% complete.

Verification 7% complete.

Verification 8% complete.

Verification 9% complete.

Verification 10% complete.

Verification 11% complete.

Verification 12% complete.

Verification 13% complete.

Verification 14% complete.

Verification 15% complete.

Verification 16% complete.

Verification 17% complete.

Verification 18% complete.

Verification 19% complete.

Verification 20% complete.

Verification 21% complete.

Verification 22% complete.

Verification 23% complete.

Verification 24% complete.

Verification 25% complete.

Verification 26% complete.

Verification 27% complete.

Verification 28% complete.

Verification 29% complete.

Verification 30% complete.

Verification 31% complete.

Verification 32% complete.

Verification 33% complete.

Verification 34% complete.

Verification 35% complete.

Verification 36% complete.

Verification 37% complete.

Verification 38% complete.

Verification 39% complete.

Verification 40% complete.

Verification 41% complete.

Verification 42% complete.

Verification 43% complete.

Verification 44% complete.

Verification 45% complete.

Verification 46% complete.

Verification 47% complete.

Verification 48% complete.

Verification 49% complete.

Verification 50% complete.

Verification 51% complete.

Verification 52% complete.

Verification 53% complete.

Verification 54% complete.

Verification 55% complete.

Verification 56% complete.

Verification 57% complete.

Verification 58% complete.

Verification 59% complete.

Verification 60% complete.

Verification 61% complete.

Verification 62% complete.

Verification 63% complete.

Verification 64% complete.

Verification 65% complete.

Verification 66% complete.

Verification 67% complete.

Verification 68% complete.

Verification 69% complete.

Verification 70% complete.

Verification 71% complete.

Verification 72% complete.

Verification 73% complete.

Verification 74% complete.

Verification 75% complete.

Verification 76% complete.

Verification 77% complete.

Verification 78% complete.

Verification 79% complete.

Verification 80% complete.

Verification 81% complete.

Verification 82% complete.

Verification 83% complete.

Verification 84% complete.

Verification 85% complete.

Verification 86% complete.

Verification 87% complete.

Verification 88% complete.

Verification 89% complete.

Verification 90% complete.

Verification 91% complete.

Verification 92% complete.

Verification 93% complete.

Verification 94% complete.

Verification 95% complete.

Verification 96% complete.

Verification 97% complete.

Verification 98% complete.

Verification 99% complete.

Verification 100% complete.

Windows Resource Protection found corrupt files and successfully repaired them.

For online repairs, details are included in the CBS log file located at

windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline

repairs, details are included in the log file provided by the /OFFLOGFILE flag.

========= End of CMD: =========

========= findstr /c:"[SR]" \windows\logs\cbs\cbs.log =========

2024-05-21 19:07:43, Info CSI 00000011 [SR] Verifying 100 components

2024-05-21 19:07:43, Info CSI 00000012 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:43, Info CSI 00000013 [SR] Verify complete

2024-05-21 19:07:43, Info CSI 00000014 [SR] Verifying 100 components

2024-05-21 19:07:43, Info CSI 00000015 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:43, Info CSI 00000016 [SR] Verify complete

2024-05-21 19:07:43, Info CSI 00000017 [SR] Verifying 100 components

2024-05-21 19:07:43, Info CSI 00000018 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:43, Info CSI 00000019 [SR] Verify complete

2024-05-21 19:07:43, Info CSI 0000001a [SR] Verifying 100 components

2024-05-21 19:07:43, Info CSI 0000001b [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:43, Info CSI 0000001c [SR] Verify complete

2024-05-21 19:07:43, Info CSI 0000001d [SR] Verifying 100 components

2024-05-21 19:07:43, Info CSI 0000001e [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:43, Info CSI 0000001f [SR] Verify complete

2024-05-21 19:07:43, Info CSI 00000020 [SR] Verifying 100 components

2024-05-21 19:07:43, Info CSI 00000021 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:44, Info CSI 00000022 [SR] Verify complete

2024-05-21 19:07:44, Info CSI 00000023 [SR] Verifying 100 components

2024-05-21 19:07:44, Info CSI 00000024 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:44, Info CSI 00000025 [SR] Verify complete

2024-05-21 19:07:44, Info CSI 00000026 [SR] Verifying 100 components

2024-05-21 19:07:44, Info CSI 00000027 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:44, Info CSI 00000028 [SR] Verify complete

2024-05-21 19:07:44, Info CSI 00000029 [SR] Verifying 100 components

2024-05-21 19:07:44, Info CSI 0000002a [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:44, Info CSI 0000002b [SR] Verify complete

2024-05-21 19:07:44, Info CSI 0000002c [SR] Verifying 100 components

2024-05-21 19:07:44, Info CSI 0000002d [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:44, Info CSI 0000002e [SR] Verify complete

2024-05-21 19:07:44, Info CSI 0000002f [SR] Verifying 100 components

2024-05-21 19:07:44, Info CSI 00000030 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:44, Info CSI 00000031 [SR] Verify complete

2024-05-21 19:07:44, Info CSI 00000032 [SR] Verifying 100 components

2024-05-21 19:07:44, Info CSI 00000033 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:45, Info CSI 00000034 [SR] Verify complete

2024-05-21 19:07:45, Info CSI 00000035 [SR] Verifying 100 components

2024-05-21 19:07:45, Info CSI 00000036 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:45, Info CSI 00000037 [SR] Verify complete

2024-05-21 19:07:45, Info CSI 00000038 [SR] Verifying 100 components

2024-05-21 19:07:45, Info CSI 00000039 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:46, Info CSI 0000003a [SR] Verify complete

2024-05-21 19:07:46, Info CSI 0000003b [SR] Verifying 100 components

2024-05-21 19:07:46, Info CSI 0000003c [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:46, Info CSI 0000003d [SR] Verify complete

2024-05-21 19:07:46, Info CSI 0000003e [SR] Verifying 100 components

2024-05-21 19:07:46, Info CSI 0000003f [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:47, Info CSI 00000040 [SR] Verify complete

2024-05-21 19:07:47, Info CSI 00000041 [SR] Verifying 100 components

2024-05-21 19:07:47, Info CSI 00000042 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:49, Info CSI 00000043 [SR] Verify complete

2024-05-21 19:07:49, Info CSI 00000044 [SR] Verifying 100 components

2024-05-21 19:07:49, Info CSI 00000045 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:52, Info CSI 00000046 [SR] Verify complete

2024-05-21 19:07:52, Info CSI 00000047 [SR] Verifying 100 components

2024-05-21 19:07:52, Info CSI 00000048 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:52, Info CSI 00000049 [SR] Verify complete

2024-05-21 19:07:53, Info CSI 0000004a [SR] Verifying 100 components

2024-05-21 19:07:53, Info CSI 0000004b [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:53, Info CSI 0000004c [SR] Verify complete

2024-05-21 19:07:53, Info CSI 0000004d [SR] Verifying 100 components

2024-05-21 19:07:53, Info CSI 0000004e [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:53, Info CSI 0000004f [SR] Verify complete

2024-05-21 19:07:53, Info CSI 00000050 [SR] Verifying 100 components

2024-05-21 19:07:53, Info CSI 00000051 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:53, Info CSI 00000052 [SR] Verify complete

2024-05-21 19:07:53, Info CSI 00000053 [SR] Verifying 100 components

2024-05-21 19:07:53, Info CSI 00000054 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:53, Info CSI 00000055 [SR] Verify complete

2024-05-21 19:07:53, Info CSI 00000056 [SR] Verifying 100 components

2024-05-21 19:07:53, Info CSI 00000057 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:54, Info CSI 00000058 [SR] Verify complete

2024-05-21 19:07:54, Info CSI 00000059 [SR] Verifying 100 components

2024-05-21 19:07:54, Info CSI 0000005a [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:54, Info CSI 0000005b [SR] Verify complete

2024-05-21 19:07:54, Info CSI 0000005c [SR] Verifying 100 components

2024-05-21 19:07:54, Info CSI 0000005d [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:54, Info CSI 0000005e [SR] Verify complete

2024-05-21 19:07:54, Info CSI 0000005f [SR] Verifying 100 components

2024-05-21 19:07:54, Info CSI 00000060 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:54, Info CSI 00000061 [SR] Verify complete

2024-05-21 19:07:54, Info CSI 00000062 [SR] Verifying 100 components

2024-05-21 19:07:54, Info CSI 00000063 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:55, Info CSI 00000064 [SR] Verify complete

2024-05-21 19:07:55, Info CSI 00000065 [SR] Verifying 100 components

2024-05-21 19:07:55, Info CSI 00000066 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:55, Info CSI 00000067 [SR] Verify complete

2024-05-21 19:07:55, Info CSI 00000068 [SR] Verifying 100 components

2024-05-21 19:07:55, Info CSI 00000069 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:55, Info CSI 0000006a [SR] Verify complete

2024-05-21 19:07:55, Info CSI 0000006b [SR] Verifying 100 components

2024-05-21 19:07:55, Info CSI 0000006c [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:56, Info CSI 0000006d [SR] Verify complete

2024-05-21 19:07:56, Info CSI 0000006e [SR] Verifying 100 components

2024-05-21 19:07:56, Info CSI 0000006f [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:56, Info CSI 00000070 [SR] Verify complete

2024-05-21 19:07:56, Info CSI 00000071 [SR] Verifying 100 components

2024-05-21 19:07:56, Info CSI 00000072 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:56, Info CSI 00000073 [SR] Verify complete

2024-05-21 19:07:56, Info CSI 00000074 [SR] Verifying 100 components

2024-05-21 19:07:56, Info CSI 00000075 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:57, Info CSI 00000076 [SR] Verify complete

2024-05-21 19:07:57, Info CSI 00000077 [SR] Verifying 100 components

2024-05-21 19:07:57, Info CSI 00000078 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:57, Info CSI 00000079 [SR] Verify complete

2024-05-21 19:07:57, Info CSI 0000007a [SR] Verifying 100 components

2024-05-21 19:07:57, Info CSI 0000007b [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:57, Info CSI 0000007c [SR] Verify complete

2024-05-21 19:07:57, Info CSI 0000007d [SR] Verifying 100 components

2024-05-21 19:07:57, Info CSI 0000007e [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:58, Info CSI 0000007f [SR] Verify complete

2024-05-21 19:07:58, Info CSI 00000080 [SR] Verifying 100 components

2024-05-21 19:07:58, Info CSI 00000081 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:58, Info CSI 00000082 [SR] Verify complete

2024-05-21 19:07:58, Info CSI 00000083 [SR] Verifying 100 components

2024-05-21 19:07:58, Info CSI 00000084 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:58, Info CSI 00000085 [SR] Verify complete

2024-05-21 19:07:58, Info CSI 00000086 [SR] Verifying 100 components

2024-05-21 19:07:58, Info CSI 00000087 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:58, Info CSI 00000088 [SR] Verify complete

2024-05-21 19:07:58, Info CSI 00000089 [SR] Verifying 100 components

2024-05-21 19:07:58, Info CSI 0000008a [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:59, Info CSI 0000008b [SR] Verify complete

2024-05-21 19:07:59, Info CSI 0000008c [SR] Verifying 100 components

2024-05-21 19:07:59, Info CSI 0000008d [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:59, Info CSI 0000008e [SR] Verify complete

2024-05-21 19:07:59, Info CSI 0000008f [SR] Verifying 100 components

2024-05-21 19:07:59, Info CSI 00000090 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:59, Info CSI 00000091 [SR] Verify complete

2024-05-21 19:07:59, Info CSI 00000092 [SR] Verifying 100 components

2024-05-21 19:07:59, Info CSI 00000093 [SR] Beginning Verify and Repair transaction

2024-05-21 19:07:59, Info CSI 00000094 [SR] Verify complete

2024-05-21 19:07:59, Info CSI 00000095 [SR] Verifying 100 components

2024-05-21 19:07:59, Info CSI 00000096 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:00, Info CSI 00000097 [SR] Verify complete

2024-05-21 19:08:00, Info CSI 00000098 [SR] Verifying 100 components

2024-05-21 19:08:00, Info CSI 00000099 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:00, Info CSI 0000009a [SR] Verify complete

2024-05-21 19:08:00, Info CSI 0000009b [SR] Verifying 100 components

2024-05-21 19:08:00, Info CSI 0000009c [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:00, Info CSI 0000009d [SR] Verify complete

2024-05-21 19:08:00, Info CSI 0000009e [SR] Verifying 100 components

2024-05-21 19:08:00, Info CSI 0000009f [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:01, Info CSI 000000a0 [SR] Verify complete

2024-05-21 19:08:01, Info CSI 000000a1 [SR] Verifying 100 components

2024-05-21 19:08:01, Info CSI 000000a2 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:01, Info CSI 000000a6 [SR] Verify complete

2024-05-21 19:08:01, Info CSI 000000a7 [SR] Verifying 100 components

2024-05-21 19:08:01, Info CSI 000000a8 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:01, Info CSI 000000a9 [SR] Verify complete

2024-05-21 19:08:01, Info CSI 000000aa [SR] Verifying 100 components

2024-05-21 19:08:01, Info CSI 000000ab [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:02, Info CSI 000000ac [SR] Verify complete

2024-05-21 19:08:02, Info CSI 000000ad [SR] Verifying 100 components

2024-05-21 19:08:02, Info CSI 000000ae [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:02, Info CSI 000000af [SR] Verify complete

2024-05-21 19:08:02, Info CSI 000000b0 [SR] Verifying 100 components

2024-05-21 19:08:02, Info CSI 000000b1 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:02, Info CSI 000000b2 [SR] Verify complete

2024-05-21 19:08:03, Info CSI 000000b3 [SR] Verifying 100 components

2024-05-21 19:08:03, Info CSI 000000b4 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:03, Info CSI 000000b5 [SR] Verify complete

2024-05-21 19:08:03, Info CSI 000000b6 [SR] Verifying 100 components

2024-05-21 19:08:03, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:03, Info CSI 000000b8 [SR] Verify complete

2024-05-21 19:08:03, Info CSI 000000b9 [SR] Verifying 100 components

2024-05-21 19:08:03, Info CSI 000000ba [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:03, Info CSI 000000bb [SR] Verify complete

2024-05-21 19:08:03, Info CSI 000000bc [SR] Verifying 100 components

2024-05-21 19:08:03, Info CSI 000000bd [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:03, Info CSI 000000be [SR] Verify complete

2024-05-21 19:08:04, Info CSI 000000bf [SR] Verifying 100 components

2024-05-21 19:08:04, Info CSI 000000c0 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:04, Info CSI 000000c1 [SR] Verify complete

2024-05-21 19:08:04, Info CSI 000000c2 [SR] Verifying 100 components

2024-05-21 19:08:04, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:05, Info CSI 000000c4 [SR] Verify complete

2024-05-21 19:08:05, Info CSI 000000c5 [SR] Verifying 100 components

2024-05-21 19:08:05, Info CSI 000000c6 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:05, Info CSI 000000c7 [SR] Verify complete

2024-05-21 19:08:05, Info CSI 000000c8 [SR] Verifying 100 components

2024-05-21 19:08:05, Info CSI 000000c9 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:06, Info CSI 000000ca [SR] Verify complete

2024-05-21 19:08:06, Info CSI 000000cb [SR] Verifying 100 components

2024-05-21 19:08:06, Info CSI 000000cc [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:06, Info CSI 000000cd [SR] Verify complete

2024-05-21 19:08:06, Info CSI 000000ce [SR] Verifying 100 components

2024-05-21 19:08:06, Info CSI 000000cf [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:06, Info CSI 000000d0 [SR] Verify complete

2024-05-21 19:08:06, Info CSI 000000d1 [SR] Verifying 100 components

2024-05-21 19:08:06, Info CSI 000000d2 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:07, Info CSI 000000d3 [SR] Verify complete

2024-05-21 19:08:07, Info CSI 000000d4 [SR] Verifying 100 components

2024-05-21 19:08:07, Info CSI 000000d5 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:07, Info CSI 000000d6 [SR] Verify complete

2024-05-21 19:08:07, Info CSI 000000d7 [SR] Verifying 100 components

2024-05-21 19:08:07, Info CSI 000000d8 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:07, Info CSI 000000d9 [SR] Verify complete

2024-05-21 19:08:08, Info CSI 000000da [SR] Verifying 100 components

2024-05-21 19:08:08, Info CSI 000000db [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:08, Info CSI 000000dc [SR] Verify complete

2024-05-21 19:08:08, Info CSI 000000dd [SR] Verifying 100 components

2024-05-21 19:08:08, Info CSI 000000de [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:09, Info CSI 000000df [SR] Verify complete

2024-05-21 19:08:09, Info CSI 000000e0 [SR] Verifying 100 components

2024-05-21 19:08:09, Info CSI 000000e1 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:09, Info CSI 000000e2 [SR] Verify complete

2024-05-21 19:08:09, Info CSI 000000e3 [SR] Verifying 100 components

2024-05-21 19:08:09, Info CSI 000000e4 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:09, Info CSI 000000e5 [SR] Verify complete

2024-05-21 19:08:09, Info CSI 000000e6 [SR] Verifying 100 components

2024-05-21 19:08:09, Info CSI 000000e7 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:10, Info CSI 000000e8 [SR] Verify complete

2024-05-21 19:08:10, Info CSI 000000e9 [SR] Verifying 100 components

2024-05-21 19:08:10, Info CSI 000000ea [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:10, Info CSI 000000eb [SR] Verify complete

2024-05-21 19:08:10, Info CSI 000000ec [SR] Verifying 100 components

2024-05-21 19:08:10, Info CSI 000000ed [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:11, Info CSI 000000ee [SR] Verify complete

2024-05-21 19:08:11, Info CSI 000000ef [SR] Verifying 100 components

2024-05-21 19:08:11, Info CSI 000000f0 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:11, Info CSI 000000f1 [SR] Verify complete

2024-05-21 19:08:11, Info CSI 000000f2 [SR] Verifying 100 components

2024-05-21 19:08:11, Info CSI 000000f3 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:11, Info CSI 000000f4 [SR] Verify complete

2024-05-21 19:08:12, Info CSI 000000f5 [SR] Verifying 100 components

2024-05-21 19:08:12, Info CSI 000000f6 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:12, Info CSI 000000f7 [SR] Verify complete

2024-05-21 19:08:12, Info CSI 000000f8 [SR] Verifying 100 components

2024-05-21 19:08:12, Info CSI 000000f9 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:12, Info CSI 000000fa [SR] Verify complete

2024-05-21 19:08:12, Info CSI 000000fb [SR] Verifying 100 components

2024-05-21 19:08:12, Info CSI 000000fc [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:13, Info CSI 000000fd [SR] Verify complete

2024-05-21 19:08:13, Info CSI 000000fe [SR] Verifying 100 components

2024-05-21 19:08:13, Info CSI 000000ff [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:13, Info CSI 00000100 [SR] Verify complete

2024-05-21 19:08:13, Info CSI 00000101 [SR] Verifying 100 components

2024-05-21 19:08:13, Info CSI 00000102 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:14, Info CSI 00000103 [SR] Verify complete

2024-05-21 19:08:14, Info CSI 00000104 [SR] Verifying 100 components

2024-05-21 19:08:14, Info CSI 00000105 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:14, Info CSI 00000106 [SR] Verify complete

2024-05-21 19:08:14, Info CSI 00000107 [SR] Verifying 100 components

2024-05-21 19:08:14, Info CSI 00000108 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:14, Info CSI 00000109 [SR] Verify complete

2024-05-21 19:08:14, Info CSI 0000010a [SR] Verifying 100 components

2024-05-21 19:08:14, Info CSI 0000010b [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:15, Info CSI 0000010c [SR] Verify complete

2024-05-21 19:08:15, Info CSI 0000010d [SR] Verifying 100 components

2024-05-21 19:08:15, Info CSI 0000010e [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:15, Info CSI 0000010f [SR] Verify complete

2024-05-21 19:08:15, Info CSI 00000110 [SR] Verifying 100 components

2024-05-21 19:08:15, Info CSI 00000111 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:15, Info CSI 00000112 [SR] Verify complete

2024-05-21 19:08:15, Info CSI 00000113 [SR] Verifying 100 components

2024-05-21 19:08:15, Info CSI 00000114 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:16, Info CSI 00000115 [SR] Verify complete

2024-05-21 19:08:16, Info CSI 00000116 [SR] Verifying 100 components

2024-05-21 19:08:16, Info CSI 00000117 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:16, Info CSI 00000118 [SR] Verify complete

2024-05-21 19:08:16, Info CSI 00000119 [SR] Verifying 100 components

2024-05-21 19:08:16, Info CSI 0000011a [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:17, Info CSI 0000011b [SR] Verify complete

2024-05-21 19:08:17, Info CSI 0000011c [SR] Verifying 100 components

2024-05-21 19:08:17, Info CSI 0000011d [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:17, Info CSI 0000011e [SR] Verify complete

2024-05-21 19:08:17, Info CSI 0000011f [SR] Verifying 100 components

2024-05-21 19:08:17, Info CSI 00000120 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:18, Info CSI 00000124 [SR] Verify complete

2024-05-21 19:08:18, Info CSI 00000125 [SR] Verifying 100 components

2024-05-21 19:08:18, Info CSI 00000126 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:19, Info CSI 00000128 [SR] Verify complete

2024-05-21 19:08:19, Info CSI 00000129 [SR] Verifying 100 components

2024-05-21 19:08:19, Info CSI 0000012a [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:19, Info CSI 0000012b [SR] Verify complete

2024-05-21 19:08:19, Info CSI 0000012c [SR] Verifying 100 components

2024-05-21 19:08:19, Info CSI 0000012d [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:20, Info CSI 0000012e [SR] Verify complete

2024-05-21 19:08:20, Info CSI 0000012f [SR] Verifying 100 components

2024-05-21 19:08:20, Info CSI 00000130 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:20, Info CSI 00000131 [SR] Verify complete

2024-05-21 19:08:20, Info CSI 00000132 [SR] Verifying 100 components

2024-05-21 19:08:20, Info CSI 00000133 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:21, Info CSI 00000134 [SR] Verify complete

2024-05-21 19:08:21, Info CSI 00000135 [SR] Verifying 100 components

2024-05-21 19:08:21, Info CSI 00000136 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:21, Info CSI 00000137 [SR] Verify complete

2024-05-21 19:08:21, Info CSI 00000138 [SR] Verifying 100 components

2024-05-21 19:08:21, Info CSI 00000139 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:22, Info CSI 0000013a [SR] Verify complete

2024-05-21 19:08:22, Info CSI 0000013b [SR] Verifying 100 components

2024-05-21 19:08:22, Info CSI 0000013c [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:22, Info CSI 0000013d [SR] Verify complete

2024-05-21 19:08:22, Info CSI 0000013e [SR] Verifying 100 components

2024-05-21 19:08:22, Info CSI 0000013f [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:23, Info CSI 00000140 [SR] Verify complete

2024-05-21 19:08:23, Info CSI 00000141 [SR] Verifying 100 components

2024-05-21 19:08:23, Info CSI 00000142 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:23, Info CSI 00000143 [SR] Verify complete

2024-05-21 19:08:23, Info CSI 00000144 [SR] Verifying 100 components

2024-05-21 19:08:23, Info CSI 00000145 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:23, Info CSI 00000146 [SR] Verify complete

2024-05-21 19:08:23, Info CSI 00000147 [SR] Verifying 100 components

2024-05-21 19:08:23, Info CSI 00000148 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:23, Info CSI 00000149 [SR] Verify complete

2024-05-21 19:08:23, Info CSI 0000014a [SR] Verifying 100 components

2024-05-21 19:08:23, Info CSI 0000014b [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:24, Info CSI 0000014c [SR] Verify complete

2024-05-21 19:08:24, Info CSI 0000014d [SR] Verifying 100 components

2024-05-21 19:08:24, Info CSI 0000014e [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:24, Info CSI 0000014f [SR] Verify complete

2024-05-21 19:08:24, Info CSI 00000150 [SR] Verifying 100 components

2024-05-21 19:08:24, Info CSI 00000151 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:24, Info CSI 00000152 [SR] Verify complete

2024-05-21 19:08:24, Info CSI 00000153 [SR] Verifying 100 components

2024-05-21 19:08:24, Info CSI 00000154 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:25, Info CSI 00000155 [SR] Verify complete

2024-05-21 19:08:25, Info CSI 00000156 [SR] Verifying 100 components

2024-05-21 19:08:25, Info CSI 00000157 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:25, Info CSI 00000158 [SR] Verify complete

2024-05-21 19:08:25, Info CSI 00000159 [SR] Verifying 100 components

2024-05-21 19:08:25, Info CSI 0000015a [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:25, Info CSI 0000015b [SR] Verify complete

2024-05-21 19:08:25, Info CSI 0000015c [SR] Verifying 100 components

2024-05-21 19:08:25, Info CSI 0000015d [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:26, Info CSI 0000015e [SR] Verify complete

2024-05-21 19:08:26, Info CSI 0000015f [SR] Verifying 100 components

2024-05-21 19:08:26, Info CSI 00000160 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:26, Info CSI 00000161 [SR] Verify complete

2024-05-21 19:08:26, Info CSI 00000162 [SR] Verifying 100 components

2024-05-21 19:08:26, Info CSI 00000163 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:26, Info CSI 00000164 [SR] Verify complete

2024-05-21 19:08:26, Info CSI 00000165 [SR] Verifying 100 components

2024-05-21 19:08:26, Info CSI 00000166 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:27, Info CSI 00000167 [SR] Verify complete

2024-05-21 19:08:27, Info CSI 00000168 [SR] Verifying 100 components

2024-05-21 19:08:27, Info CSI 00000169 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:27, Info CSI 0000016a [SR] Verify complete

2024-05-21 19:08:27, Info CSI 0000016b [SR] Verifying 100 components

2024-05-21 19:08:27, Info CSI 0000016c [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:27, Info CSI 0000016d [SR] Verify complete

2024-05-21 19:08:27, Info CSI 0000016e [SR] Verifying 100 components

2024-05-21 19:08:27, Info CSI 0000016f [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:27, Info CSI 00000170 [SR] Verify complete

2024-05-21 19:08:28, Info CSI 00000171 [SR] Verifying 100 components

2024-05-21 19:08:28, Info CSI 00000172 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:28, Info CSI 00000173 [SR] Verify complete

2024-05-21 19:08:28, Info CSI 00000174 [SR] Verifying 100 components

2024-05-21 19:08:28, Info CSI 00000175 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:28, Info CSI 00000176 [SR] Verify complete

2024-05-21 19:08:28, Info CSI 00000177 [SR] Verifying 100 components

2024-05-21 19:08:28, Info CSI 00000178 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:29, Info CSI 00000179 [SR] Verify complete

2024-05-21 19:08:29, Info CSI 0000017a [SR] Verifying 100 components

2024-05-21 19:08:29, Info CSI 0000017b [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:29, Info CSI 0000017c [SR] Verify complete

2024-05-21 19:08:29, Info CSI 0000017d [SR] Verifying 100 components

2024-05-21 19:08:29, Info CSI 0000017e [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:30, Info CSI 00000180 [SR] Verify complete

2024-05-21 19:08:30, Info CSI 00000181 [SR] Verifying 100 components

2024-05-21 19:08:30, Info CSI 00000182 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:30, Info CSI 00000183 [SR] Verify complete

2024-05-21 19:08:30, Info CSI 00000184 [SR] Verifying 100 components

2024-05-21 19:08:30, Info CSI 00000185 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:30, Info CSI 00000186 [SR] Verify complete

2024-05-21 19:08:30, Info CSI 00000187 [SR] Verifying 100 components

2024-05-21 19:08:30, Info CSI 00000188 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:30, Info CSI 00000189 [SR] Verify complete

2024-05-21 19:08:30, Info CSI 0000018a [SR] Verifying 100 components

2024-05-21 19:08:30, Info CSI 0000018b [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:31, Info CSI 0000018c [SR] Verify complete

2024-05-21 19:08:31, Info CSI 0000018d [SR] Verifying 100 components

2024-05-21 19:08:31, Info CSI 0000018e [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:31, Info CSI 0000018f [SR] Verify complete

2024-05-21 19:08:31, Info CSI 00000190 [SR] Verifying 100 components

2024-05-21 19:08:31, Info CSI 00000191 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:31, Info CSI 00000192 [SR] Verify complete

2024-05-21 19:08:31, Info CSI 00000193 [SR] Verifying 100 components

2024-05-21 19:08:31, Info CSI 00000194 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:31, Info CSI 00000195 [SR] Verify complete

2024-05-21 19:08:31, Info CSI 00000196 [SR] Verifying 100 components

2024-05-21 19:08:31, Info CSI 00000197 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:32, Info CSI 00000198 [SR] Verify complete

2024-05-21 19:08:32, Info CSI 00000199 [SR] Verifying 100 components

2024-05-21 19:08:32, Info CSI 0000019a [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:32, Info CSI 0000019b [SR] Verify complete

2024-05-21 19:08:32, Info CSI 0000019c [SR] Verifying 100 components

2024-05-21 19:08:32, Info CSI 0000019d [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:32, Info CSI 0000019e [SR] Verify complete

2024-05-21 19:08:32, Info CSI 0000019f [SR] Verifying 100 components

2024-05-21 19:08:32, Info CSI 000001a0 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:33, Info CSI 000001a4 [SR] Verify complete

2024-05-21 19:08:33, Info CSI 000001a5 [SR] Verifying 100 components

2024-05-21 19:08:33, Info CSI 000001a6 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:33, Info CSI 000001a7 [SR] Verify complete

2024-05-21 19:08:33, Info CSI 000001a8 [SR] Verifying 100 components

2024-05-21 19:08:33, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:33, Info CSI 000001aa [SR] Verify complete

2024-05-21 19:08:33, Info CSI 000001ab [SR] Verifying 100 components

2024-05-21 19:08:33, Info CSI 000001ac [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:33, Info CSI 000001ad [SR] Verify complete

2024-05-21 19:08:33, Info CSI 000001ae [SR] Verifying 100 components

2024-05-21 19:08:33, Info CSI 000001af [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:33, Info CSI 000001b0 [SR] Verify complete

2024-05-21 19:08:33, Info CSI 000001b1 [SR] Verifying 100 components

2024-05-21 19:08:33, Info CSI 000001b2 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:34, Info CSI 000001b3 [SR] Verify complete

2024-05-21 19:08:34, Info CSI 000001b4 [SR] Verifying 100 components

2024-05-21 19:08:34, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:34, Info CSI 000001b6 [SR] Verify complete

2024-05-21 19:08:34, Info CSI 000001b7 [SR] Verifying 100 components

2024-05-21 19:08:34, Info CSI 000001b8 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:34, Info CSI 000001b9 [SR] Verify complete

2024-05-21 19:08:34, Info CSI 000001ba [SR] Verifying 100 components

2024-05-21 19:08:34, Info CSI 000001bb [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:35, Info CSI 000001bc [SR] Verify complete

2024-05-21 19:08:35, Info CSI 000001bd [SR] Verifying 100 components

2024-05-21 19:08:35, Info CSI 000001be [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:35, Info CSI 000001bf [SR] Verify complete

2024-05-21 19:08:35, Info CSI 000001c0 [SR] Verifying 100 components

2024-05-21 19:08:35, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:35, Info CSI 000001c2 [SR] Verify complete

2024-05-21 19:08:35, Info CSI 000001c3 [SR] Verifying 100 components

2024-05-21 19:08:35, Info CSI 000001c4 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:36, Info CSI 000001c5 [SR] Verify complete

2024-05-21 19:08:36, Info CSI 000001c6 [SR] Verifying 100 components

2024-05-21 19:08:36, Info CSI 000001c7 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:36, Info CSI 000001c8 [SR] Verify complete

2024-05-21 19:08:36, Info CSI 000001c9 [SR] Verifying 100 components

2024-05-21 19:08:36, Info CSI 000001ca [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:36, Info CSI 000001cb [SR] Verify complete

2024-05-21 19:08:36, Info CSI 000001cc [SR] Verifying 100 components

2024-05-21 19:08:36, Info CSI 000001cd [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:37, Info CSI 000001ce [SR] Verify complete

2024-05-21 19:08:37, Info CSI 000001cf [SR] Verifying 100 components

2024-05-21 19:08:37, Info CSI 000001d0 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:37, Info CSI 000001d1 [SR] Verify complete

2024-05-21 19:08:37, Info CSI 000001d2 [SR] Verifying 100 components

2024-05-21 19:08:37, Info CSI 000001d3 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:37, Info CSI 000001d4 [SR] Verify complete

2024-05-21 19:08:37, Info CSI 000001d5 [SR] Verifying 100 components

2024-05-21 19:08:37, Info CSI 000001d6 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:37, Info CSI 000001db [SR] Verify complete

2024-05-21 19:08:37, Info CSI 000001dc [SR] Verifying 100 components

2024-05-21 19:08:37, Info CSI 000001dd [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:38, Info CSI 000001de [SR] Verify complete

2024-05-21 19:08:38, Info CSI 000001df [SR] Verifying 100 components

2024-05-21 19:08:38, Info CSI 000001e0 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:38, Info CSI 000001e1 [SR] Verify complete

2024-05-21 19:08:38, Info CSI 000001e2 [SR] Verifying 100 components

2024-05-21 19:08:38, Info CSI 000001e3 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:38, Info CSI 000001e4 [SR] Verify complete

2024-05-21 19:08:38, Info CSI 000001e5 [SR] Verifying 100 components

2024-05-21 19:08:38, Info CSI 000001e6 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:39, Info CSI 000001e7 [SR] Verify complete

2024-05-21 19:08:39, Info CSI 000001e8 [SR] Verifying 100 components

2024-05-21 19:08:39, Info CSI 000001e9 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:39, Info CSI 000001ea [SR] Verify complete

2024-05-21 19:08:39, Info CSI 000001eb [SR] Verifying 100 components

2024-05-21 19:08:39, Info CSI 000001ec [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:39, Info CSI 000001ed [SR] Verify complete

2024-05-21 19:08:39, Info CSI 000001ee [SR] Verifying 100 components

2024-05-21 19:08:39, Info CSI 000001ef [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:40, Info CSI 000001f0 [SR] Verify complete

2024-05-21 19:08:40, Info CSI 000001f1 [SR] Verifying 100 components

2024-05-21 19:08:40, Info CSI 000001f2 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:40, Info CSI 000001f3 [SR] Verify complete

2024-05-21 19:08:40, Info CSI 000001f4 [SR] Verifying 100 components

2024-05-21 19:08:40, Info CSI 000001f5 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:40, Info CSI 000001f6 [SR] Verify complete

2024-05-21 19:08:40, Info CSI 000001f7 [SR] Verifying 100 components

2024-05-21 19:08:40, Info CSI 000001f8 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:41, Info CSI 000001f9 [SR] Verify complete

2024-05-21 19:08:41, Info CSI 000001fa [SR] Verifying 100 components

2024-05-21 19:08:41, Info CSI 000001fb [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:41, Info CSI 000001fc [SR] Verify complete

2024-05-21 19:08:41, Info CSI 000001fd [SR] Verifying 100 components

2024-05-21 19:08:41, Info CSI 000001fe [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:41, Info CSI 000001ff [SR] Verify complete

2024-05-21 19:08:41, Info CSI 00000200 [SR] Verifying 100 components

2024-05-21 19:08:41, Info CSI 00000201 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:41, Info CSI 00000202 [SR] Verify complete

2024-05-21 19:08:41, Info CSI 00000203 [SR] Verifying 100 components

2024-05-21 19:08:41, Info CSI 00000204 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:42, Info CSI 00000205 [SR] Verify complete

2024-05-21 19:08:42, Info CSI 00000206 [SR] Verifying 100 components

2024-05-21 19:08:42, Info CSI 00000207 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:42, Info CSI 00000208 [SR] Verify complete

2024-05-21 19:08:42, Info CSI 00000209 [SR] Verifying 100 components

2024-05-21 19:08:42, Info CSI 0000020a [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:42, Info CSI 0000020b [SR] Verify complete

2024-05-21 19:08:42, Info CSI 0000020c [SR] Verifying 4 components

2024-05-21 19:08:42, Info CSI 0000020d [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:42, Info CSI 0000020e [SR] Verify complete

2024-05-21 19:08:42, Info CSI 0000020f [SR] Repairing 0 components

2024-05-21 19:08:42, Info CSI 00000210 [SR] Beginning Verify and Repair transaction

2024-05-21 19:08:42, Info CSI 00000211 [SR] Repair complete

========= End of CMD: =========

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

C:\Users\Username\Desktop>wevtutil cl "AMSI/Debug"

C:\Users\Username\Desktop>wevtutil cl "AirSpaceChannel"

C:\Users\Username\Desktop>wevtutil cl "Analytic"

C:\Users\Username\Desktop>wevtutil cl "Application"

C:\Users\Username\Desktop>wevtutil cl "DirectShowFilterGraph"

C:\Users\Username\Desktop>wevtutil cl "DirectShowPluginControl"

C:\Users\Username\Desktop>wevtutil cl "Els_Hyphenation/Analytic"

C:\Users\Username\Desktop>wevtutil cl "EndpointMapper"

C:\Users\Username\Desktop>wevtutil cl "FirstUXPerf-Analytic"

C:\Users\Username\Desktop>wevtutil cl "ForwardedEvents"

C:\Users\Username\Desktop>wevtutil cl "General Logging"

C:\Users\Username\Desktop>wevtutil cl "HardwareEvents"

C:\Users\Username\Desktop>wevtutil cl "IHM_DebugChannel"

C:\Users\Username\Desktop>wevtutil cl "Intel-GFX-Info/Application"

C:\Users\Username\Desktop>wevtutil cl "Intel-GFX-Info/System"

C:\Users\Username\Desktop>wevtutil cl "Intel-SST-BUS/Debug"

C:\Users\Username\Desktop>wevtutil cl "Intel-SST-CFD-DMIC/IntelSST"

C:\Users\Username\Desktop>wevtutil cl "Intel-SST-OED/IntcOED_ETW_Debug"

C:\Users\Username\Desktop>wevtutil cl "Intel-iaLPSS-GPIO/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Intel-iaLPSS-I2C/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Intel-iaLPSS2-GPIO2/Debug"

C:\Users\Username\Desktop>wevtutil cl "Intel-iaLPSS2-GPIO2/Performance"

C:\Users\Username\Desktop>wevtutil cl "Intel-iaLPSS2-I2C/Debug"

C:\Users\Username\Desktop>wevtutil cl "Intel-iaLPSS2-I2C/Performance"

C:\Users\Username\Desktop>wevtutil cl "Intel-iaLPSS2-SPI/Debug"

C:\Users\Username\Desktop>wevtutil cl "Intel-iaLPSS2-SPI/Performance"

C:\Users\Username\Desktop>wevtutil cl "Intel-iaLPSS2-UART2/Analytic"

C:\Users\Username\Desktop>wevtutil cl "IntelAudioServiceLog"

C:\Users\Username\Desktop>wevtutil cl "Internet Explorer"

C:\Users\Username\Desktop>wevtutil cl "Key Management Service"

C:\Users\Username\Desktop>wevtutil cl "Lenovo-Sif-Companion/Operational"

C:\Users\Username\Desktop>wevtutil cl "Lenovo-Sif-Core/Operational"

C:\Users\Username\Desktop>wevtutil cl "Lenovo-Sif-Device/Operational"

C:\Users\Username\Desktop>wevtutil cl "Lenovo-Sif-Settings/Operational"

C:\Users\Username\Desktop>wevtutil cl "MF_MediaFoundationDeviceMFT"

C:\Users\Username\Desktop>wevtutil cl "MF_MediaFoundationDeviceProxy"

C:\Users\Username\Desktop>wevtutil cl "MF_MediaFoundationFrameServer"

C:\Users\Username\Desktop>wevtutil cl "MedaFoundationVideoProc"

C:\Users\Username\Desktop>wevtutil cl "MedaFoundationVideoProcD3D"

C:\Users\Username\Desktop>wevtutil cl "MediaFoundationAsyncWrapper"

C:\Users\Username\Desktop>wevtutil cl "MediaFoundationContentProtection"

C:\Users\Username\Desktop>wevtutil cl "MediaFoundationDS"

C:\Users\Username\Desktop>wevtutil cl "MediaFoundationDeviceProxy"

C:\Users\Username\Desktop>wevtutil cl "MediaFoundationMP4"

C:\Users\Username\Desktop>wevtutil cl "MediaFoundationMediaEngine"

C:\Users\Username\Desktop>wevtutil cl "MediaFoundationPerformance"

C:\Users\Username\Desktop>wevtutil cl "MediaFoundationPerformanceCore"

C:\Users\Username\Desktop>wevtutil cl "MediaFoundationPipeline"

C:\Users\Username\Desktop>wevtutil cl "MediaFoundationPlatform"

C:\Users\Username\Desktop>wevtutil cl "MediaFoundationSrcPrefetch"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-AppV-Client-Streamingux/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-AppV-Client/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-AppV-Client/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-AppV-Client/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-AppV-Client/Virtual Applications"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-AppV-SharedPerformance/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Client-License-Flexible-Platform/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Client-License-Flexible-Platform/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Client-License-Flexible-Platform/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Client-Licensing-Platform/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Client-Licensing-Platform/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Client-Licensing-Platform/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-IE/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-IEFRAME/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-JSDumpHeap/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-OneCore-Setup/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-PerfTrack-IEFRAME/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-PerfTrack-MSHTML/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-Admin/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-Agent Driver/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-Agent Driver/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-App Agent/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-App Agent/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-App Agent/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-IPC/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-SQM Uploader/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-SQM Uploader/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-User Experience Virtualization-SQM Uploader/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AAD/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AAD/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ADSI/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ASN1/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ATAPort/General"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ATAPort/SATA-LPM"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ActionQueue/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-All-User-Install-Agent/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AllJoyn/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AllJoyn/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppHost/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppHost/ApplicationTracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppHost/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppHost/Internal"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppID/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/EXE and DLL"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/MSI and Script"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/Packaged app-Deployment"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppLocker/Packaged app-Execution"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppModel-Runtime/Diagnostics"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppModel-State/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppModel-State/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppReadiness/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppReadiness/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppReadiness/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppSruProv"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppXDeployment/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppXDeployment/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppXDeploymentServer/Restricted"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ApplicabilityEngine/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ApplicabilityEngine/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Application Server-Applications/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Inventory"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Program-Telemetry"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Application-Experience/Steps-Recorder"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppxPackaging/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppxPackaging/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AppxPackaging/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccess/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccess/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccessBroker/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AssignedAccessBroker/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AsynchronousCausality/Causality"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Audio/CaptureMonitor"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Audio/GlitchDetection"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Audio/Informational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Audio/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Audio/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Audio/PlaybackManager"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Audit/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Authentication User Interface/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Authentication/ProtectedUser-Client"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-AxInstallService/Log"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHPORT/HCI"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHPORT/L2CAP"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHUSB/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BTH-BTHUSB/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BackgroundTaskInfrastructure/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Backup"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Base-Filtering-Engine-Connections/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Battery/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Biometrics/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Biometrics/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BitLocker-DrivePreparationTool/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BitLocker-Driver-Performance/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BitLocker/BitLocker Management"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BitLocker/BitLocker Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BitLocker/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Bits-Client/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Bits-Client/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-Bthmini/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-MTPEnum/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Bluetooth-Policy/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BranchCache/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheEventProvider/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheMonitoring/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheSMB/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-BranchCacheSMB/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CAPI2/Catalog Database Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CAPI2/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CDROM/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-COM/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-COM/ApartmentInitialize"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-COM/ApartmentUninitialize"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-COM/Call"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-COM/CreateInstance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-COM/ExtensionCatalog"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-COM/FreeUnusedLibrary"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-COM/RundownInstrumentation"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-COMRuntime/Activations"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-COMRuntime/MessageProcessing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-COMRuntime/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CertPoleEng/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Cleanmgr/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ClearTypeTextTuner/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CloudRestoreLauncher/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CloudStore/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CloudStore/Initialization"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CloudStore/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CmiSetup/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CodeIntegrity/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CodeIntegrity/Verbose"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ComDlg32/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ComDlg32/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Compat-Appraiser/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Compat-Appraiser/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Containers-BindFlt/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Containers-BindFlt/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcifs/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcifs/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcnfs/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Containers-Wcnfs/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CoreApplication/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CoreApplication/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CoreApplication/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CoreWindow/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CoreWindow/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CorruptedFileRecovery-Client/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CorruptedFileRecovery-Server/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Crashdump/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-CredUI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Crypto-BCRYPT/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Crypto-CNG/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DPAPI/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DPAPI/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Crypto-DSSEnh/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Crypto-NCrypt/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Crypto-RNG/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Crypto-RSAEnh/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-D3D10Level9/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-D3D10Level9/PerfTiming"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DAL-Provider/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DAL-Provider/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DAMM/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DCLocator/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DDisplay/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DDisplay/Logging"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DLNA-Namespace/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DNS-Client/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DSC/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DSC/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DSC/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DSC/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DUI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DUSER/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DXGI/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DXGI/Logging"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DXP/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Data-Pdf/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DataIntegrityScan/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DataIntegrityScan/CrashRecovery"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DateTimeControlPanel/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DateTimeControlPanel/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DateTimeControlPanel/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Deduplication/Scrubbing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Defrag-Core/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Deplorch/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DesktopActivityModerator/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceAssociationService/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceConfidence/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceGuard/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceGuard/Verbose"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceSetupManager/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceSync/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceSync/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceUpdateAgent/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceUx/Informational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DeviceUx/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Devices-Background/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dhcp-Client/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dhcp-Client/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dhcpv6-Client/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dhcpv6-Client/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DiagCpl/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-DPS/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-DPS/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-DPS/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-MSDE/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PCW/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PCW/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PCW/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PLA/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-PLA/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Perfhost/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scheduled/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-Scripted/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-WDC/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnosis-WDI/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Networking/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Networking/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Diagnostics-Performance/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Direct3D10/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Direct3D10_1/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Direct3D11/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Direct3D11/Logging"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Direct3D11/PerfTiming"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Direct3D12/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Direct3D12/Logging"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Direct3D12/PerfTiming"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Direct3D9/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Direct3DShaderCache/Default"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DirectComposition/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DirectManipulation/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DirectShow-KernelSupport/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DirectSound/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Disk/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DiskDiagnostic/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DiskDiagnosticDataCollector/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DiskDiagnosticResolver/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dism-Api/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dism-Api/ExternalAnalytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dism-Api/InternalAnalytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dism-Cli/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DisplayColorCalibration/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DisplayColorCalibration/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DisplaySwitch/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Documents/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dot3MM/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DriverFrameworks-UserMode/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DucUpdateAgent/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dwm-API/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Core/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Dwm/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Redir/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Dwm-Udwm/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl-Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl-Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Contention"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DxgKrnl/Power"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-DxpTaskSyncProvider/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EDP-Application-Learning/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EDP-Audit-Regular/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EDP-Audit-TCB/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EFS/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ESE/IODiagnose"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ESE/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EapHost/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EapHost/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EapHost/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-RasChap/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-RasTls/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-Sim/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EapMethods-Ttls/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EaseOfAccess/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Energy-Estimation-Engine/EventLog"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Energy-Estimation-Engine/Trace"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EventCollector/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EventCollector/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EventLog-WMIProvider/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EventLog/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-EventLog/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FMS/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FMS/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FMS/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FailoverClustering-Client/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Fault-Tolerant-Heap/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FeatureConfiguration/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FeatureConfiguration/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Catalog/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Catalog/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-ConfigManager/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-ConfigManager/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Core/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Core/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Core/WHC"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Engine/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Engine/BackupLog"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Engine/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-EventListener/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-EventListener/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Service/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-Service/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-UI-Events/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileHistory-UI-Events/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-FileInfoMinifilter/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Firewall-CPL/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Folder Redirection/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Forwarding/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Forwarding/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-GPIO-ClassExtension/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-GenericRoaming/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-GroupPolicy/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HAL/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HealthCenter/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HealthCenter/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HealthCenterCPL/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HelloForBusiness/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Help/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Control Panel/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Listener Service/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup Provider Service/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HomeGroup-ListenerService"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HotspotAuth/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HotspotAuth/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HttpService/Log"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-HttpService/Trace"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Guest-Drivers/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Hypervisor-Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Hypervisor-Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-Hypervisor-Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-NETVSC/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-VID-Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Hyper-V-VID-Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IE-SmartScreen"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IKE/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IKEDBG/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-Broker/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-CandidateUI/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-CustomerFeedbackManager/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-JPAPI/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-JPLMP/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-JPPRED/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-JPSetting/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-JPTIP/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-KRAPI/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-KRTIP/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-OEDCompiler/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-TCCORE/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-TCTIP/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IME-TIP/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IPNAT/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IPSEC-SRV/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IPxlatCfg/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IPxlatCfg/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IdCtrls/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IdCtrls/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Input-HIDCLASS-Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-InputSwitch/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-International-RegionalOptionsControlPanel/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Iphlpsvc/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Iphlpsvc/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Iphlpsvc/Trace"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-KdsSvc/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kerberos/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Acpi/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-AppCompat/General"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-AppCompat/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ApphelpCache/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ApphelpCache/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ApphelpCache/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Boot/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Boot/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Disk/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-EventTracing/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-EventTracing/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-File/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-IO/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-IoTrace/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-LiveDump/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-LiveDump/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Memory/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Network/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Pdc/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Pep/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Boot Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Configuration"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Driver Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-PnP/Driver Watchdog"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Power/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Power/Thermal-Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Power/Thermal-Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Prefetch/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Process/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Processor-Power/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Registry/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-Registry/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ShimEngine/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ShimEngine/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-ShimEngine/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-StoreMgr/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-StoreMgr/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WDI/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WDI/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WDI/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WHEA/Errors"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-WHEA/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Kernel-XDV/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-KeyboardFilter/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-KeyboardFilter/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-KeyboardFilter/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Known Folders API Service"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-L2NA/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LAPS/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LDAP-Client/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LSA/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LSA/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LSA/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LUA-ConsentUI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LanguagePackSetup/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LanguagePackSetup/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LanguagePackSetup/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LimitsManagement/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LiveId/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-LiveId/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MPS-CLNT/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MPS-DRV/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MPS-SRV/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MSFTEDIT/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MSPaint/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MSPaint/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MSPaint/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MUI/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MUI/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MUI/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MUI/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Media-Streaming/DMC"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Media-Streaming/DMR"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Media-Streaming/MDE"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-MFReadWrite/Transform"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-Performance/SARStreamResource"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MediaFoundation-PlayAPI/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MemoryDiagnostics-Results/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Minstore/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Minstore/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-MobilityCenter/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Diagnostics"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Mprddm/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NCSI/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NCSI/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NDF-HelperClassDiscovery/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NDIS-PacketCapture/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NDIS/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NDIS/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NTLM/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NWiFi/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Narrator/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Ncasvc/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NcdAutoSetup/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NcdAutoSetup/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NdisImPlatform/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Ndu/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NetShell/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Network-Connection-Broker"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Network-DataUsage/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Network-Setup/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Network-and-Sharing-Center/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NetworkBridge/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NetworkLocationWizard/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NetworkProfile/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NetworkProfile/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NetworkProvider/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NetworkProvisioning/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NetworkProvisioning/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NetworkSecurity/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NetworkStatus/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Networking-Correlation/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Networking-RealTimeCommunication/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NlaSvc/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-NlaSvc/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Ntfs/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Ntfs/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Ntfs/WHC"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OLE/Clipboard-Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OLEACC/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OLEACC/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-Core/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-DUI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-DUI/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OcpUpdateAgent/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OfflineFiles/SyncLog"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OneBackup/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OneX/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OneX/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OobeLdr/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-OtpCredentialProvider/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PCI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PackageStateRoaming/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PackageStateRoaming/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PackageStateRoaming/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ParentalControls/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Partition/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Partition/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PerceptionRuntime/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PerceptionSensorDataService/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-Nvdimm/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-Nvdimm/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-PmemDisk/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-PmemDisk/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Certification"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Diagnose"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PersistentMemory-ScmBus/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PhotoAcq/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PlayToManager/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Policy/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Policy/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PortableDeviceStatusProvider/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PortableDeviceSyncProvider/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Power-Meter-Polling/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PowerCfg/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PowerCpl/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PowerShell/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PrimaryNetworkIcon/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PrintBRM/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PrintService-USBMon/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PrintService/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PrintService/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PrintService/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Privacy-Auditing/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ProcessStateManager/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Program-Compatibility-Assistant/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Proximity-Common/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Proximity-Common/Informational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Proximity-Common/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Developer/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-InProc/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Platform/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Platform/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-PushNotification-Platform/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-QoS-Pacer/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-QoS-qWAVE/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RPC-Proxy/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RPC/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RPC/EEInfo"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RRAS/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RRAS/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RadioManager/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RasAgileVpn/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RasAgileVpn/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ReFS/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoost/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoost/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoostDriver/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ReadyBoostDriver/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Regsvr32/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RemoteAssistance/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RemoteAssistance/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RemoteAssistance/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Remotefs-Rdbss/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Remotefs-Rdbss/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ResetEng-Trace/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Resource-Exhaustion-Detector/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ResourcePublication/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RestartManager/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RetailDemo/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-RetailDemo/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Graphics/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Networking/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Web-Http/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Runtime-WebAPI/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Runtime/CreateInstance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Runtime/Error"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SENSE/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/HelperClassDiagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/ObjectStateDiagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBClient/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBDirect/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBDirect/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBDirect/Netmon"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Audit"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Connectivity"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBServer/Security"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBWitnessClient/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SMBWitnessClient/Informational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SPB-ClassExtension/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SPB-HIDI2C/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Schannel-Events/Perf"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Sdbus/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Sdbus/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Sdstor/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Search-Core/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SearchUI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SearchUI/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SecureAssessment/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-Adminless/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-Audit-Configuration-Client/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-IdentityListener/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-IdentityStore/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-Mitigations/KernelMode"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-Mitigations/UserMode"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-Netlogon/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX-GC/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP-UX/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-SPP/Perf"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-UserConsentVerifier/Audit"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Security-Vault/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SecurityMitigationsBroker/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SecurityMitigationsBroker/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SecurityMitigationsBroker/Perf"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SendTo/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Sens/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SenseIR/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Sensors/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Sensors/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Serial-ClassExtension-V2/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Serial-ClassExtension/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ServiceReportingApi/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Services-Svchost/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Services/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Servicing/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-Azure/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-Azure/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-OneDrive/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-OneDrive/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SettingSync-OneDrive/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SettingSync/VerboseDebug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Setup/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SetupCl/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SetupPlatform/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SetupQueue/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SetupUGC/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-AppWizCpl/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/ActionCenter"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/AppDefaults"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/LogonTasksChannel"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-Core/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-LockScreenContent/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-OpenWith/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-Shwebsvc"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shell-ZipFolder/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Shsvcs/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SleepStudy/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-Audit/Authentication"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-DeviceEnum/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SmartScreen/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Audit"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Connectivity"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SmbClient/Security"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Speech-UserExperience/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Spell-Checking/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SpellChecker/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Spellchecking-Host/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SruMon/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SrumTelemetry"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StateRepository/Restricted"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StorDiag/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StorPort/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Diagnose"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-ATAPort/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Diagnose"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-ClassPnP/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Diagnose"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-Disk/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Diagnose"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Health"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-Storport/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-Tiering-IoHeat/Heat"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storage-Tiering/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StorageManagement/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StorageManagement/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StorageSettings/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Driver/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Driver/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-Driver/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-ManagementAgent/WHC"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-StorageSpaces-SpaceManager/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Store/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Storsvc/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Subsys-Csr/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Subsys-SMSS/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Superfetch/Main"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Superfetch/PfApLog"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Superfetch/StoreLog"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Sysprep/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-System-Profile-HardwareId/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsHandlers/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsThreshold/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsThreshold/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-SystemSettingsThreshold/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TCPIP/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TCPIP/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TSF-msctf/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TSF-msctf/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TSF-msutb/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TSF-msutb/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TTS/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TWinAPI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TWinUI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TWinUI/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TZSync/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TZSync/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TZUtil/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Maintenance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TaskScheduler/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TaskbarCPL/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TenantRestrictions/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-MediaRedirection/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-PnPDevices/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-Printers/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RDPClient/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Capture"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RdpSoundDriver/Playback"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Tethering-Manager/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Tethering-Station/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ThemeCPL/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ThemeUI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Threat-Intelligence/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Time-Service-PTP-Provider/PTP-Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Time-Service/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Troubleshooting-Recommended/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Troubleshooting-Recommended/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-TunnelDriver"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UAC-FileVirtualization/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UAC/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UI-Shell/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UIAnimation/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UIAutomationCore/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UIAutomationCore/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UIAutomationCore/Perf"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UIRibbon/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-USB-MAUSBHOST-Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-USB-UCX-Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-USB-USBHUB/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-USB-USBHUB3-Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-USB-USBPORT/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-USB-USBXHCI-Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-USB-USBXHCI-Trustlet-Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-USBVideo/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UniversalTelemetryClient/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel Performance/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel Usage/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-User Control Panel/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-User Device Registration/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-User Device Registration/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-User Profile Service/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-User Profile Service/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-User-Loader/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-User-Loader/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UserAccountControl/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UserModePowerService/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/ActionCenter"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/DeviceInstall"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/DeviceMetadata/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UserPnp/SchedulerOperations"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UserSettingsBackup-BackupUnitProcessor/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UserSettingsBackup-Orchestrator/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UxInit/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-UxTheme/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-VAN/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-VDRVROOT/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-VHDMP-Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-VHDMP-Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-VIRTDISK-Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-VPN-Client/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-VPN/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-VWiFi/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-VerifyHardwareSecurity/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-VerifyHardwareSecurity/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Volume/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-VolumeControl/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-VolumeSnapshot-Driver/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-VolumeSnapshot-Driver/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WABSyncProvider/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WCN-Config-Registrar/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WCNWiz/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WDAG-PolicyEvaluator-CSP/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WDAG-PolicyEvaluator-GP/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WEPHOSTSVC/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WER-PayloadHealth/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WFP/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WFP/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WLAN-AutoConfig/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WLAN-Autoconfig/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WLAN-Driver/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WLAN-MediaManager/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WLANConnectionFlow/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WMI-Activity/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WMI-Activity/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WMI-Activity/Trace"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WMPDMCUI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WMPNSS-PublicAPI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WMPNSS-Service/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WMPNSS-Service/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WMPNSSUI/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WPD-API/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WPD-ClassInstaller/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WPD-ClassInstaller/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WPD-CompositeClassDriver/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WPD-CompositeClassDriver/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPBT/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPClassDriver/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPClassDriver/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPIP/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WPD-MTPUS/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WSC-SRV/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WUSA/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WWAN-CFE/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WWAN-MM-Events/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WWAN-MediaManager/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WWAN-NDISUIO-EVENTS/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WWAN-SVC-Events/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WWAN-SVC-Events/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Wcmsvc/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Wcmsvc/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WebAuth/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WebAuthN/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WebIO-NDF/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WebIO/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WebPlatStorage-Server"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WebServices/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WebcamProvider/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Websocket-Protocol-Component/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WiFiDisplay/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Concurrency"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Contention"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Messages"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Power"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Render"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Win32k/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Win32k/UIPI"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinHTTP-NDF/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinHttp-Pca"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinHttp/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinHttp/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinINet-Capture/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinINet-Config/ProxyConfigChanged"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinINet/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinINet/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinINet/Pca"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinINet/UsageLog"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinINet/WebSocket"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinMDE/MDE"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinML/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinNat/Oper"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinNat/Trace"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinRM/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinRM/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinRM/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WinURLMon/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Windeploy/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Windows Defender/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Windows Defender/WHC"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurity"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/ConnectionSecurityVerbose"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallDiagnostics"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Windows Firewall With Advanced Security/FirewallVerbose"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WindowsBackup/ActionCenter"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WindowsColorSystem/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WindowsColorSystem/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WindowsSystemAssessmentTool/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WindowsSystemAssessmentTool/Tracing"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WindowsUIImmersive/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WindowsUIImmersive/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WindowsUpdateClient/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WindowsUpdateClient/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Wininit/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Winlogon/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Winlogon/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Winsock-AFD/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Winsock-NameResolution/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Winsock-WS2HELP/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Winsrv/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Wired-AutoConfig/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Wired-AutoConfig/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WlanDlg/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Wordpad/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Wordpad/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Wordpad/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/Operational"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-WorkFolders/WHC"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-Workplace Join/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-XAML-Diagnostics/Default"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-XAML/Default"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-XAudio2/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-XAudio2/Performance"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-glcnd/Admin"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-glcnd/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-glcnd/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-mobsync/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ntshrui"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-ntshrui-perf"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-osk/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-stobject/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-wmbclass/Analytic"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-Windows-wmbclass/Trace"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-WindowsPhone-Connectivity-WiFiConnSvc-Channel"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-WindowsPhone-LocationServiceProvider/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-WindowsPhone-Net-Cellcore-CellManager/Debug"

C:\Users\Username\Desktop>wevtutil cl "Microsoft-WindowsPhone-Net-Cellcore-CellularAPI/Debug"

C:\Users\Username\Desktop>wevtutil cl "NIS-Driver-WFP/Diagnostic"

C:\Users\Username\Desktop>wevtutil cl "Navigator"

C:\Users\Username\Desktop>wevtutil cl "Network Isolation Operational"

C:\Users\Username\Desktop>wevtutil cl "OAlerts"

C:\Users\Username\Desktop>wevtutil cl "OSK_SoftKeyboard_Channel"

C:\Users\Username\Desktop>wevtutil cl "OfficeChannel"

C:\Users\Username\Desktop>wevtutil cl "OfficeDebugChannel"

C:\Users\Username\Desktop>wevtutil cl "OneApp_IGCC"

C:\Users\Username\Desktop>wevtutil cl "OpenSSH/Admin"

C:\Users\Username\Desktop>wevtutil cl "OpenSSH/Debug"

C:\Users\Username\Desktop>wevtutil cl "OpenSSH/Operational"

C:\Users\Username\Desktop>wevtutil cl "Physical_Keyboard_Manager_Channel"

C:\Users\Username\Desktop>wevtutil cl "PlayReadyPerformanceChannel"

C:\Users\Username\Desktop>wevtutil cl "RTWorkQueueExtended"

C:\Users\Username\Desktop>wevtutil cl "RTWorkQueueTheading"

C:\Users\Username\Desktop>wevtutil cl "SMSApi"

C:\Users\Username\Desktop>wevtutil cl "Security"

C:\Users\Username\Desktop>wevtutil cl "Setup"

C:\Users\Username\Desktop>wevtutil cl "SmbWmiAnalytic"

C:\Users\Username\Desktop>wevtutil cl "System"

C:\Users\Username\Desktop>wevtutil cl "SystemEventsBroker"

C:\Users\Username\Desktop>wevtutil cl "TabletPC_InputPanel_Channel"

C:\Users\Username\Desktop>wevtutil cl "TabletPC_InputPanel_Channel/IHM"

C:\Users\Username\Desktop>wevtutil cl "TimeBroker"

C:\Users\Username\Desktop>wevtutil cl "UIManager_Channel"

C:\Users\Username\Desktop>wevtutil cl "Uac/Debug"

C:\Users\Username\Desktop>wevtutil cl "WINDOWS_KS_CHANNEL"

C:\Users\Username\Desktop>wevtutil cl "WINDOWS_MFH264Enc_CHANNEL"

C:\Users\Username\Desktop>wevtutil cl "WINDOWS_MP4SDECD_CHANNEL"

C:\Users\Username\Desktop>wevtutil cl "WINDOWS_MSMPEG2ADEC_CHANNEL"

C:\Users\Username\Desktop>wevtutil cl "WINDOWS_MSMPEG2VDEC_CHANNEL"

C:\Users\Username\Desktop>wevtutil cl "WINDOWS_VC1ENC_CHANNEL"

C:\Users\Username\Desktop>wevtutil cl "WINDOWS_WMPHOTO_CHANNEL"

C:\Users\Username\Desktop>wevtutil cl "WINDOWS_wmvdecod_CHANNEL"

C:\Users\Username\Desktop>wevtutil cl "WMPSetup"

C:\Users\Username\Desktop>wevtutil cl "WMPSyncEngine"

C:\Users\Username\Desktop>wevtutil cl "Windows Networking Vpn Plugin Platform/Operational"

C:\Users\Username\Desktop>wevtutil cl "Windows Networking Vpn Plugin Platform/OperationalVerbose"

C:\Users\Username\Desktop>wevtutil cl "Windows PowerShell"

C:\Users\Username\Desktop>wevtutil cl "WordChannel"

C:\Users\Username\Desktop>wevtutil cl "muxencode"

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 19:08:59 ====

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19.04.2024 01

Ran by admin (administrator) on LAPTOP-GE8FCSQN (LENOVO 20VE) (21-05-2024 19:19:53)

Running from C:\Users\Username\Desktop\FRST64.exe

Loaded Profiles: admin & Username

Platform: Microsoft Windows 10 Pro Version 22H2 19045.4412 (X64) Language: English (United States)

Default browser: Edge

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantage-(DeviceSettingsSystemAddin).exe

(C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantage-(GenericMessagingAddin).exe

(C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantage-(VantageCoreAddin).exe

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe

(DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxEMN.exe

(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAF04E~1.INF\DAX3API.exe

(DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\FnHotkeyCapsLKNumLK.exe

(explorer.exe ->) (CANON INC. -> CANON INC.) C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE

(explorer.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5487.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe

(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>

(LNBITSSvc.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\AutoModeDetect.exe

(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe

(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELANFPService.exe

(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ElanIapService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxCUIServiceN.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_db7985d30b50e28f\OneApp.IGCC.WinService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c529b210005a7e19\IntelCpHDCPSvc.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe

(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\AS\IAS\IntelAudioService.exe

(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe

(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_46aa7595a4cd0ecb\RstMwService.exe

(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe

(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe

(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe

(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe

(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe

(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe

(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_030a6fd3020fb520\RtkAudUService64.exe <2>

(services.exe ->) (TBT_DCH_DRV_PROD -> ) C:\Windows\TbtP2pShortcutService.exe

(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5487.0_x64__8j3eq9eme6ctt\IGCC.exe

(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ad4654f43fda305f\igfxextN.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_030a6fd3020fb520\RtkAudUService64.exe [1635688 2022-12-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [MFNetworkScannerSelector] => C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE [459904 2018-01-30] (CANON INC. -> CANON INC.)

HKLM\...\RunOnce: [!BCILauncher] => C:\Windows\Temp\MUBSTemp\BCILauncher.EXE [18464 2024-04-16] (Microsoft Corporation -> ) <==== ATTENTION

HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\Run: [MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4136896 2024-05-17] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [47897984 2021-09-25] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)

HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Uninstall 21.129.0627.0002\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\21.129.0627.0002\amd64" [0 2021-07-24] () <==== ATTENTION [zero byte File/Folder]

HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\RunOnce: [Uninstall 21.129.0627.0002] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\admin\AppData\Local\Microsoft\OneDrive\21.129.0627.0002" [0 2021-09-25] () <==== ATTENTION [zero byte File/Folder]

HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [CiscoMeetingDaemon] => C:\Users\Username\AppData\Local\WebEx\WebexHost.exe [7272032 2024-04-01] (Cisco WebEx LLC -> Cisco Webex LLC)

HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [MicrosoftEdgeAutoLaunch_AC5700D3445A3B32EF9F41CD7106186F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4136896 2024-05-17] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Run: [CiscoSpark] => C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1476 2024-05-11] () [File not signed]

HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\MountPoints2: {39e38df8-5750-11eb-835d-fcb3bc5f1a08} - "D:\LaunchU3.exe" -a

HKLM\...\Print\Monitors\Canon MFNP Port: C:\Windows\system32\CNCENPM6.dll [153088 2018-01-29] (CANON INC.) [File not signed]

HKLM\...\Print\Monitors\CPCA Language Monitor4: C:\Windows\system32\CNAS0MPK.DLL [1501696 2018-10-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)

HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\125.0.6422.61\Installer\chrmstp.exe [2024-05-17] (Google LLC -> Google LLC)

GroupPolicy: Restriction ? <==== ATTENTION

Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {59DB40A8-D7EF-48F1-8560-0EB73F137260} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)

Task: {A64851A1-2108-4FEE-91B7-08046252FF5F} - System32\Tasks\G2MUpdateTask-S-1-5-21-240337477-2287995252-3564736294-1002 => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupdate.exe [34872 2024-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.)

Task: {81EAAF71-514B-4127-B19C-7780892B9FFF} - System32\Tasks\G2MUploadTask-S-1-5-21-240337477-2287995252-3564736294-1002 => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupload.exe [34872 2024-04-11] (LogMeIn, Inc. -> LogMeIn, Inc.)

Task: {6B67EAF6-81DF-4C17-AC0A-00EF21C09734} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem126.0.6462.0{0B10C9FC-2756-405C-920B-B3EA82C04DE4} => C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)

Task: {1871758E-9C91-4D1E-B938-F05AA6ED1CF3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)

Task: {E1B27C35-FA09-4A05-A9ED-BD0FF237CE96} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService

Task: {345A3571-2FF4-4735-AE8F-8959B895B9E1} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\Windows\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32

Task: {4F67E0E8-7B2F-4EF5-B887-EE1AECB7C51B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0dcb2d33-bc2d-4f79-be98-e22eff3bf84f => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)

Task: {571D46A8-EFC8-4427-B449-6F44DEA8A82A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\6fb4d247-81b3-41d1-8001-65e27ae26a96 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)

Task: {A6F5574A-8A87-432F-8579-6567B9D80550} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\84e916a0-1daf-499e-bfd1-8dc958e69223 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)

Task: {785549F2-A28A-4857-A5BC-E682B1FE258C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\aeb5bf65-1ff1-4e52-82cb-8978b379c9ad => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)

Task: {1DE022A3-B773-402C-AA2E-840F8459111F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\af6db551-a7aa-4aa1-a107-7a7e409eb885 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)

Task: {CA9ABCB6-10F7-454B-B578-2105C243A8B2} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService

Task: {22B40815-EC47-4DE1-B850-05F5CCE397BA} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)

Task: {4B8CDDDE-6C8C-4ADC-80C1-64B93AD60920} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)

Task: {672A1595-FE99-4AFD-8FA6-448D06C0DC05} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)

Task: {1ACAAF8C-13EF-40CE-B235-2D9B2C6117A8} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)

Task: {FE84F80B-0E62-4460-B431-8CD2AB946645} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)

Task: {B3EDEA26-CF6E-4F96-ABF5-466B4B7C8AD5} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)

Task: {F0E4CC51-200B-40C4-9110-476B9EF7A8BE} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBatteryPartSalesMonthlyToast => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)

Task: {27B14E72-A2B9-491C-B062-AB7D21D53221} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)

Task: {11788514-56F9-4063-8DD5-6DB80F92D0AC} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)

Task: {179FDF33-DA9B-4C0C-9CF2-6CD42CE0A465} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (No File)

Task: {1E24CFE5-3301-493F-9393-D978249BED80} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)

Task: {A170EF17-55BA-4EE5-B1AF-CFCBF0C49D47} - System32\Tasks\Lenovo\Vantage\Schedule\SmartLock.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)

Task: {77BC1A4F-0E56-4714-BA46-1C11CD942AC2} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)

Task: {CC50FA1B-8DF6-4DC7-A735-E845C7D9E827} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\ScheduleEventAction.exe [30176 2024-03-03] (Lenovo -> Lenovo)

Task: {12ED7477-2B2D-4602-B9AB-80FAEBAF487E} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)

Task: {19DF18E5-B809-4426-B9EC-32556E8D842B} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\uninstall.exe [365024 2024-03-03] (Lenovo -> Lenovo)

Task: {3D4BB58A-2049-4494-BE11-0044B3E09952} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28436048 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {3527CD96-E1AB-4170-81A3-7C60CF6EDEC8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28436048 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {EE1EDBEA-BD09-47A2-844A-2415A6F1B45F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {92C9E29E-E563-4C7B-8754-03466216E8E9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309936 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {664E20A6-3D9B-459A-9783-1D23521509EF} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [168928 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Task: {5390020D-EAAD-4B2C-ADE1-59B933FE928E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {3BA72883-3D09-4C6F-A6C9-CEACC2205984} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {1EA084D9-1FC8-4402-9228-E02FC259B9B2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {BABCA08E-2D95-48A3-B83D-138C2601DD11} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-240337477-2287995252-3564736294-1002.job => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupdate.exe

Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-240337477-2287995252-3564736294-1002.job => C:\Users\Username\AppData\Local\GoToMeeting\19992\g2mupload.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{45d5d7d4-26dd-4f05-b26c-4fccf75fe7ad}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}\4597C65627723702960586F6E656: [DhcpNameServer] 172.20.10.1

Tcpip\..\Interfaces\{e9356987-cd63-4569-b2df-d8258e5d4d91}\E45445745414257303: [DhcpNameServer] 192.168.1.1

Edge:

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-25]

FireFox:

========

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)

FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)

FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-05-11] (Adobe Inc. -> Adobe Systems Inc.)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)

Chrome:

=======

CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2021-09-25]

CHR Extension: (Slides) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-01-02]

CHR Extension: (Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-01-02]

CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-01-02]

CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-01-02]

CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-09-25]

CHR Extension: (Sheets) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-01-02]

CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-24]

CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-23]

CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-01-02]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14248120 2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_41de6367ef0679f0\DAX3API.exe [2305576 2021-12-08] (Dolby Laboratories, Inc. -> Dolby Laboratories)

R2 ElanIapService; C:\Windows\System32\ElanIapService.exe [475088 2020-07-29] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)

R2 FMAPOService; C:\Windows\System32\FMService64.exe [343936 2020-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)

S2 GoogleUpdaterInternalService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)

S2 GoogleUpdaterService126.0.6462.0; C:\Program Files (x86)\Google\GoogleUpdater\126.0.6462.0\updater.exe [4794656 2024-05-06] (Google LLC -> Google LLC)

R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)

R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd6a7ef14d856351\AS\IAS\IntelAudioService.exe [539816 2021-09-02] (Intel Corporation -> Intel)

R2 LenovoFnAndFunctionKeys; C:\Windows\System32\DriverStore\FileRepository\lenovofnandfunctionkeys.inf_amd64_7d126bda2f653af7\LenovoUtilityService.exe [168776 2024-04-01] (Lenovo -> Lenovo)

R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.0.75.0\LenovoVantageService.exe [34168 2024-03-03] (Lenovo -> Lenovo)

R2 LITSSVC; C:\Windows\System32\LNBITSSvc.exe [1817944 2020-09-11] (Lenovo -> Lenovo(beijing) Limited)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8887344 2024-05-20] (Malwarebytes Inc. -> Malwarebytes)

S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-05-20] (Malwarebytes Inc. -> Malwarebytes)

R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe [1489000 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522200 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [252264 2021-01-26] (TBT_DCH_DRV_PROD -> )

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe [3236840 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe [133704 2024-05-14] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2024-05-17] (Microsoft Windows -> Microsoft Corporation)

R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-12] (Intel Corporation -> Intel Corporation)

R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-12] (Intel Corporation -> Intel Corporation)

S3 iaLPSS2_SPI_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2020-08-12] (Intel Corporation -> Intel Corporation)

S3 iaLPSS2_UART2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2020-08-12] (Intel Corporation -> Intel Corporation)

R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1421680 2020-09-23] (Intel® Rapid Storage Technology -> Intel Corporation)

R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223184 2024-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MpKsl5b1cc357; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FEEF4545-D0C4-4BA1-B070-C968B31182AB}\MpKslDrv.sys [271648 2024-05-20] (Microsoft Windows -> Microsoft Corporation)

R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21056 2024-05-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [601496 2024-05-14] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-14] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-21 19:05 - 2024-05-21 19:08 - 000158035 _____ C:\Users\Username\Desktop\Fixlog.txt

2024-05-20 17:52 - 2024-05-20 17:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.6

2024-05-20 17:51 - 2024-05-20 17:52 - 000000000 ____D C:\Program Files\LibreOffice

2024-05-18 19:56 - 2024-05-18 20:26 - 000001389 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk

2024-05-18 19:56 - 2024-05-18 19:59 - 000001388 _____ C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk

2024-05-18 19:56 - 2024-05-18 19:56 - 000000000 ____D C:\Users\Username\AppData\Local\ESET

2024-05-18 19:56 - 2024-05-18 19:56 - 000000000 ____D C:\Users\admin\AppData\Local\ESET

2024-05-17 13:13 - 2024-05-21 19:20 - 000030135 _____ C:\Users\Username\Desktop\FRST.txt

2024-05-17 13:13 - 2024-05-17 13:14 - 000024395 _____ C:\Users\Username\Desktop\Addition.txt

2024-05-17 13:02 - 2024-05-21 19:20 - 000000000 ____D C:\FRST

2024-05-17 13:01 - 2024-05-17 13:01 - 002394112 _____ (Farbar) C:\Users\Username\Desktop\FRST64.exe

2024-05-17 12:14 - 2024-05-17 12:14 - 000000000 ___HD C:\$WinREAgent

2024-05-13 17:47 - 2024-05-13 17:47 - 017008467 _____ C:\Users\Username\Downloads\VIDEO-2024.mp4

2024-05-13 09:29 - 2024-05-13 09:29 - 004034063 _____ C:\Users\Username\Downloads\VID-20240412-WA0000.mp4

2024-05-11 16:04 - 2024-05-17 11:19 - 000000000 ____D C:\Users\Username\AppData\Local\CiscoSpark

2024-05-11 16:04 - 2024-05-11 16:05 - 000000000 ____D C:\Users\Username\AppData\Local\CiscoSparkLauncher

2024-05-11 09:58 - 2024-05-11 09:58 - 000000000 ____D C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex

2024-05-11 09:20 - 2024-05-11 09:20 - 000107654 _____ C:\Users\Username\Downloads\3591_BoardingPass.pdf

2024-05-09 17:11 - 2024-05-09 17:11 - 000614675 _____ C:\Users\Username\Downloads\Scope of Work ALE.pdf

2024-05-08 10:12 - 2024-05-08 10:12 - 001352186 _____ C:\Users\Username\Downloads\General_information.pdf

2024-05-05 13:02 - 2024-05-05 13:02 - 000055991 _____ C:\Users\Username\Downloads\354.pdf

2024-05-02 15:29 - 2024-05-02 15:29 - 001133713 _____ C:\Users\Username\Downloads\VIDEO-2020.mp4

2024-05-01 09:38 - 2024-05-01 09:38 - 000064336 _____ C:\Users\Username\Downloads\3591.pdf

2024-04-29 08:57 - 2024-04-29 08:57 - 002071283 _____ C:\Users\Username\Downloads\d59-c7ef-46.MP4

2024-04-26 11:43 - 2024-04-26 11:43 - 000000000 ____D C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom

2024-04-25 18:38 - 2024-04-25 18:38 - 000067420 _____ C:\Users\Username\Downloads\Surname.pdf

2024-04-25 08:12 - 2024-04-25 08:12 - 000179610 _____ C:\Users\Username\Downloads\35499.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-05-21 19:20 - 2023-05-12 10:22 - 000000000 ____D C:\Users\Username\AppData\Local\Malwarebytes

2024-05-21 19:15 - 2020-05-06 12:41 - 000795742 _____ C:\Windows\system32\PerfStringBackup.INI

2024-05-21 19:15 - 2019-12-07 03:13 - 000000000 ____D C:\Windows\INF

2024-05-21 19:10 - 2022-12-10 20:27 - 000239576 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys

2024-05-21 19:10 - 2021-01-02 20:59 - 000000000 __SHD C:\Users\Username\IntelGraphicsProfiles

2024-05-21 19:10 - 2021-01-02 20:59 - 000000000 ____D C:\Users\Username\AppData\Local\Packages

2024-05-21 19:10 - 2021-01-02 20:08 - 000000000 ____D C:\ProgramData\Packages

2024-05-21 19:10 - 2020-11-19 02:48 - 000000000 ___HD C:\Intel

2024-05-21 19:10 - 2020-05-06 12:33 - 000008192 ___SH C:\DumpStack.log.tmp

2024-05-21 19:10 - 2020-05-06 12:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT

2024-05-21 19:10 - 2019-12-07 03:14 - 000000000 ___HD C:\Program Files\WindowsApps

2024-05-21 19:10 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ServiceState

2024-05-21 19:10 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\AppReadiness

2024-05-21 19:10 - 2019-12-07 03:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2024-05-21 19:09 - 2019-12-07 03:03 - 001572864 _____ C:\Windows\system32\config\BBI

2024-05-21 19:07 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\CbsTemp

2024-05-21 19:02 - 2020-05-06 12:33 - 000644832 _____ C:\Windows\system32\FNTCACHE.DAT

2024-05-21 18:59 - 2021-01-04 21:50 - 000000000 ____D C:\Users\Username\AppData\Local\CrashDumps

2024-05-21 18:58 - 2021-12-13 09:45 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-240337477-2287995252-3564736294-1002

2024-05-21 18:58 - 2021-01-02 21:00 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-240337477-2287995252-3564736294-1002

2024-05-21 18:58 - 2021-01-02 20:59 - 000002387 _____ C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2024-05-21 18:57 - 2020-05-06 12:33 - 000000000 ____D C:\Windows\system32\SleepStudy

2024-05-20 17:30 - 2021-01-02 20:28 - 000002104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2024-05-20 17:29 - 2021-01-02 20:28 - 000000000 ____D C:\ProgramData\Malwarebytes

2024-05-20 17:29 - 2021-01-02 20:27 - 000000000 ____D C:\Program Files\Malwarebytes

2024-05-19 10:28 - 2024-04-20 11:25 - 000000000 ____D C:\Users\Username\Desktop\Oil rights information

2024-05-18 20:25 - 2021-05-23 19:28 - 000000000 ____D C:\Users\admin\AppData\Local\CrashDumps

2024-05-18 19:53 - 2023-01-16 21:52 - 000002287 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2024-05-18 19:53 - 2020-11-19 03:52 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2024-05-17 12:30 - 2020-11-19 03:58 - 000000000 ____D C:\Windows\TempInst

2024-05-17 12:28 - 2021-12-31 17:16 - 000000000 ____D C:\Windows\SystemTemp

2024-05-17 12:28 - 2021-01-02 20:47 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2024-05-17 12:28 - 2021-01-02 20:47 - 000002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2024-05-17 12:24 - 2020-11-19 03:44 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents

2024-05-17 12:24 - 2020-11-19 03:44 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection

2024-05-17 12:24 - 2019-12-07 03:52 - 000000000 ____D C:\Program Files\Windows Portable Devices

2024-05-17 12:24 - 2019-12-07 03:52 - 000000000 ____D C:\Program Files\Windows Multimedia Platform

2024-05-17 12:24 - 2019-12-07 03:52 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices

2024-05-17 12:24 - 2019-12-07 03:52 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\SysWOW64\F12

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\system32\UNP

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\system32\F12

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\PrintDialog

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\setup

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\oobe

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SysWOW64\Dism

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\SystemResources

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\ShellExperiences

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\setup

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\oobe

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\migwiz

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\system32\Dism

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ShellExperiences

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\ShellComponents

2024-05-17 12:24 - 2019-12-07 03:14 - 000000000 ____D C:\Windows\bcastdvr

2024-05-17 12:24 - 2019-12-07 03:03 - 000000000 ____D C:\Windows\servicing

2024-05-17 12:20 - 2022-11-19 09:01 - 000002072 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk

2024-05-17 12:20 - 2022-10-12 09:48 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk

2024-05-17 12:20 - 2021-01-02 20:43 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task

2024-05-17 12:17 - 2020-05-06 12:36 - 003017216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

2024-05-17 12:14 - 2021-01-02 20:14 - 000000000 ____D C:\Windows\system32\MRT

2024-05-17 12:11 - 2021-03-20 18:52 - 000000000 ____D C:\Users\Username\AppData\Local\D3DSCache

2024-05-17 12:05 - 2023-10-03 16:03 - 000000000 ____D C:\Program Files\RUXIM

2024-05-17 12:05 - 2021-01-02 20:14 - 196465576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2024-05-17 12:00 - 2021-03-24 10:54 - 000000000 ____D C:\Users\Username\AppData\Local\WebEx

2024-05-14 07:33 - 2020-05-06 12:33 - 000000000 ____D C:\Windows\system32\Drivers\wd

2024-05-13 17:47 - 2021-01-23 22:02 - 000000000 ____D C:\Users\Username\AppData\Roaming\vlc

2024-05-11 16:13 - 2021-01-25 11:05 - 000000000 ____D C:\Users\Username\Desktop\Financial statements

2024-05-11 10:51 - 2021-03-24 10:54 - 000000000 ____D C:\Users\Username\AppData\LocalLow\WebEx

2024-05-11 09:57 - 2021-03-24 10:55 - 000000000 ____D C:\Users\Username\AppData\Roaming\webex

2024-05-10 12:51 - 2020-11-19 03:52 - 000000000 ____D C:\Program Files\Microsoft Office

2024-05-08 08:46 - 2020-11-19 03:51 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2024-05-08 08:46 - 2020-11-19 03:51 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2024-04-26 11:43 - 2023-08-22 08:09 - 000000000 ____D C:\Users\Username\AppData\Roaming\Zoom

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.04.2024 01

Ran by admin (21-05-2024 19:21:11)

Running from C:\Users\Username\Desktop

Microsoft Windows 10 Pro Version 22H2 19045.4412 (X64) (2021-01-03 18:02:55)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

admin (S-1-5-21-240337477-2287995252-3564736294-1001 - Administrator - Enabled) => C:\Users\admin

Administrator (S-1-5-21-240337477-2287995252-3564736294-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-240337477-2287995252-3564736294-503 - Limited - Disabled)

Guest (S-1-5-21-240337477-2287995252-3564736294-501 - Limited - Disabled)

Username (S-1-5-21-240337477-2287995252-3564736294-1002 - Limited - Enabled) => C:\Users\Username

WDAGUtilityAccount (S-1-5-21-240337477-2287995252-3564736294-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 24.002.20759 - Adobe)

Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden

Canon MF741C/743C (HKLM\...\{BB46A4DC-43FD-4deb-8B8D-E0211A44D94B}) (Version: 6.4.0.3 - CANON INC.)

Cisco Webex Meetings (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\ActiveTouchMeetingClient) (Version: 44.4.0 - Cisco Webex LLC)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 125.0.6422.61 - Google LLC)

GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)

GoToMeeting 10.20.0.19992 (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\GoToMeeting) (Version: 10.20.0.19992 - LogMeIn, Inc.)

Intel® Chipset Device Software (HKLM\...\{368C1112-09E1-4EE3-A274-9118DF101CA9}) (Version: 10.1.18460.8229 - Intel Corporation) Hidden

Intel® Chipset Device Software (HKLM-x32\...\{a2c684b7-4a4b-425f-a805-1e88940804b0}) (Version: 10.1.18460.8229 - Intel® Corporation)

Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.0.75.0 - Lenovo Group Ltd.)

LibreOffice 7.6.7.2 (HKLM\...\{F77B9F35-B52D-4C13-AE7D-1F4C8127C505}) (Version: 7.6.7.2 - The Document Foundation)

Malwarebytes version 5.1.4.112 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.4.112 - Malwarebytes)

Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17531.20140 - Microsoft Corporation)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 125.0.2535.51 - Microsoft Corporation)

Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 124.0.2478.97 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-240337477-2287995252-3564736294-1001\...\OneDriveSetup.exe) (Version: 21.170.0822.0002 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\OneDriveSetup.exe) (Version: 24.086.0428.0003 - Microsoft Corporation)

Microsoft Teams (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\Teams) (Version: 1.5.00.21463 - Microsoft Corporation)

Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17425.20146 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17531.20140 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden

Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)

VLC media player (HKLM\...\VLC media player) (Version: 3.0.14 - VideoLAN)

Webex (HKLM\...\{B080C79D-B4E3-5424-8492-BEBBD67B1A92}) (Version: 43.10.0.28042 - Cisco Systems, Inc)

Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Zoom (HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)

Packages:

=========

Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3370.0_x64__8j3eq9eme6ctt [2021-11-21] (INTEL CORP) [Startup Task]

Smart Microphone Setting -> C:\Program Files\WindowsApps\4505Fortemedia.FMAPOControl_1.0.38.0_x64__4pejv7q2gmsnr [2021-09-25] (Fortemedia)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)

CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Username\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22147.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)

CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Username\AppData\Local\GoToMeeting\19796\G2MOutlookAddin64.dll => No File

CustomCLSID: HKU\S-1-5-21-240337477-2287995252-3564736294-1002_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Username\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-01-10 20:53 - 2018-01-29 21:28 - 000005120 _____ (CANON INC.) [File not signed] C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6_en-US.DLL

2021-01-10 20:52 - 2018-01-29 21:26 - 000153088 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNCENPM6.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-240337477-2287995252-3564736294-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/

HKU\S-1-5-21-240337477-2287995252-3564736294-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/

SearchScopes: HKU\S-1-5-21-240337477-2287995252-3564736294-1002 -> DefaultScope {003DCA94-98F2-469B-A5BA-194AE1717515} URL =

SearchScopes: HKU\S-1-5-21-240337477-2287995252-3564736294-1002 -> {003DCA94-98F2-469B-A5BA-194AE1717515} URL =

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-05-10] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 03:14 - 2019-12-07 03:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-240337477-2287995252-3564736294-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg

HKU\S-1-5-21-240337477-2287995252-3564736294-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg

DNS Servers: 192.168.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\StartupFolder: => "a926b4964b745999a98b8120e2816.LNk"

HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "CiscoMeetingDaemon"

HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_AC5700D3445A3B32EF9F41CD7106186F"

HKU\S-1-5-21-240337477-2287995252-3564736294-1002\...\StartupApproved\Run: => "CiscoSpark"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F66FE10C-0F79-4F40-97EA-A16178E767EA}C:\users\Username\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\Username\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [UDP Query User{8D2C76DD-8F61-4AD4-B645-4D737C01F19D}C:\users\Username\appdata\local\microsoft\teams\current\teams.exe] => (Block) C:\users\Username\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{C4DAB1EB-5674-49FE-A481-243FCD8F1CF1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{CA7664C3-0A61-4D99-9060-2A4EF09D3CFD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\124.0.2478.97\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{8DEB1EEE-D596-4CE1-B075-2813101D65CD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{56886F33-FDC6-46EE-A402-B633104E6F3F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{9A01B37C-DDFD-47FA-8966-E70C4AC4DD0B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{2010A0F0-D7B4-4EF9-B4E3-973FCE603AD4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

FirewallRules: [{E8F1BAF3-0322-4C9D-99C7-1210D0EABC85}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

06-05-2024 14:00:54 Scheduled Checkpoint

17-05-2024 11:19:57 Windows Modules Installer

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:

==================

System errors:

=============

CodeIntegrity:

===============

Date: 2024-05-21 19:20:53

Description:

Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c529b210005a7e19\igd10um64xe.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

BIOS: LENOVO F8CN58WW(V2.21) 03/28/2024

Motherboard: LENOVO LNVNB161216

Processor: 11th Gen Intel® Core™ i7-1165G7 @ 2.80GHz

Percentage of memory in use: 35%

Total physical RAM: 16167.3 MB

Available physical RAM: 10482.75 MB

Total Virtual: 18599.3 MB

Available Virtual: 11930.91 MB

==================== Drives ================================

Drive c: (Windows-SSD) (Fixed) (Total:475.69 GB) (Free:367.39 GB) (Model: NVMe SAMSUNG MZALQ512HALU-000L2) (Protected) NTFS

\\?\Volume{d7b7e4d4-0ce0-4798-9056-31a4d8207d11}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.39 GB) NTFS