Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win 10 laptop keeps freezing and needs restart [Solved]

Started by peter plus , Feb 09 2024 05:09 AM

  • This topic is locked This topic is locked

#1
peter plus
Posted 09 February 2024 - 05:09 AM

peter plus

    Member

  • Member
  • PipPipPip
  • 278 posts

My Asus laptop freezes multiple times per day.

A restart is required each time and will work for a while.

 

Any help much appreciated

 

Logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.02.2024 01
Ran by nwort (administrator) on LAPTOP-GN573EL9 (ASUSTeK COMPUTER INC. VivoBook_ASUSLaptop X513EA_X513EA) (09-02-2024 11:02:15)
Running from C:\Users\nwort\Desktop\FRST64.exe
Loaded Profiles: nwort
Platform: Microsoft Windows 10 Home Version 22H2 19045.3996 (X64) Language: English (United Kingdom)
Default browser not detected!
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSOptimization\AsusOSD.exe
(C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\LocalService.exe ->) () [File not signed] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> ) C:\Program Files\Malwarebytes\Anti-Malware\MBAMCrashHandler.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSOptimization\AsusOptimization.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSOptimization\AsusOptimizationStartupTask.exe
(DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSoftwareManager\AsusSoftwareManager.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.​) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSoftwareManager\AsusSoftwareManagerAgent.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_ea0f2e956b37b3be\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ea0f2e956b37b3be\igfxEMN.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <18>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\AsusAppService\AsusAppService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSOptimization\AsusOptimization.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSoftwareManager\AsusSoftwareManager.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSwitch\AsusSwitch.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSystemAnalysis\AsusSystemAnalysis.exe <2>
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
(services.exe ->) (DTS, Inc. -> DTS Inc.) C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_ea0f2e956b37b3be\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_a5ea1b1d8db1527e\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_98ad395a329efc54\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_89b1ad385fab2e0b\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_21e0cf0737fd48af\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_e72614dff5a8a910\Intel_PIE_Service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel® pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_uf.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Shenzhen iMyFone Technology Co., Ltd -> ) C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\LocalService.exe
(sihost.exe ->) (649690DD-9BE8-48E7-8019-88DCA877AF4E -> McAfee, LLC) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\Win32\mcafee-security-ft.exe
(svchost.exe ->) (649690DD-9BE8-48E7-8019-88DCA877AF4E -> McAfee LLC) C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy\mcafee-security.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.124.1221.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.124.1221.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\nwort\AppData\Local\Microsoft\OneDrive\24.015.0121.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_97f3cd9b850501f1\RtkAudUService64.exe <3>
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM\...\Run: [UniConverterUpdateHelper] => C:\Program Files\Wondershare\UniConverter 14\WSVCUUpdateHelper.exe (No File)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKU\S-1-5-21-1660784041-1680324514-1991157008-1001\...\Run: [MicrosoftEdgeAutoLaunch_1A0352803E0A09F4D32D90747118FE51] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788736 2024-02-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1660784041-1680324514-1991157008-1001\...\MountPoints2: {79e156ac-470a-11ee-b47a-646ee0fd5a56} - "D:\Startme.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\121.0.6167.161\Installer\chrmstp.exe [2024-02-08] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {DD1B02F3-FC0D-4140-B59D-3906A5B47094} - System32\Tasks\ASUS Optimization 36D18D69AFC3 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSOptimization\AsusHotkey.exe [311944 2024-01-10] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {639CEFDD-0DCA-4F4A-BD64-532192C075A6} - System32\Tasks\ASUS Update Checker 2.0 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSoftwareManager\AsusUpdateChecker.exe [802440 2024-01-10] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {2D5E4D77-6DC5-4EDE-934D-B2B1DC8D8717} - System32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 => C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSystemAnalysis\AsusSystemAnalysis.exe [4789384 2024-01-10] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {98F04A03-DEB9-49F9-86BD-F7A303565AC4} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6268.0{4940B634-EB26-4C50-8242-FD0F15898EDE} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6268.0\updater.exe [4638496 2024-01-27] (Google LLC -> Google LLC) <==== ATTENTION
Task: {24AB160E-3481-4B0D-9C44-25021656BCCB} - System32\Tasks\McAfee Subscription job => \\?\C:\Program Files\McAfee\NexsJobs\McSubscriptionJob.exe  (No File)
Task: {226FAEDF-F0E2-4D8A-AD25-8E2E29DC39FB} - System32\Tasks\McAfee\DAD.Execute.Updates => "C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe"  (No File)
Task: {122F2739-1FF4-42DE-9EB3-1DB4E415032A} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe  /hcmode=periodic /periodicruncount=5 (No File)
Task: {CBDC5AFC-A3EB-4AD2-9713-EA2098B660D2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28371568 2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {71AC9C1A-D16A-4B7E-B28B-ACB755D0AE57} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28371568 2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {89CA93F7-9D6D-4EF5-802F-1CAE9498CB32} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306352 2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {C4479F87-863F-49F7-98F2-429C3A845851} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306352 2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {9331B6A5-CDD4-4561-806E-C42BA585175E} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170128 2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {31884222-C93B-4685-8B8C-FC635FD9BFD4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {07B5E7E3-932F-4957-BF25-CFAA96C545C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {942F68B5-06CF-46D7-980E-C27FDF440519} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0507557B-F127-48F2-945E-C9D6324D7B96} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F99ED33-4805-4CD9-A4CA-70CE20DCE4F4} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2023-12-21] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {4CB2319D-0F72-42B4-8303-FD78930EECFE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-12-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {98681065-222D-4A17-A8C3-16BB38BC8C80} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_97f3cd9b850501f1\RtkAudUService64.exe [3453816 2022-03-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{258058e1-d061-4ad8-bc82-42735737b32b}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{258058e1-d061-4ad8-bc82-42735737b32b}\244584572663D205157374: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{258058e1-d061-4ad8-bc82-42735737b32b}\244584572663D205157374: [DhcpDomain] home
Tcpip\..\Interfaces\{258058e1-d061-4ad8-bc82-42735737b32b}\353554022427F616462616E64602241364649353: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{258058e1-d061-4ad8-bc82-42735737b32b}\353554022427F616462616E64602241364649353: [DhcpDomain] lan
Tcpip\..\Interfaces\{258058e1-d061-4ad8-bc82-42735737b32b}\35B4950303632323: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{258058e1-d061-4ad8-bc82-42735737b32b}\35B4950303632323: [DhcpDomain] Home
Tcpip\..\Interfaces\{258058e1-d061-4ad8-bc82-42735737b32b}\35B495A54415D455: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{258058e1-d061-4ad8-bc82-42735737b32b}\35B495A54415D455: [DhcpDomain] Home
Tcpip\..\Interfaces\{258058e1-d061-4ad8-bc82-42735737b32b}\45E4341405441363631413: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{258058e1-d061-4ad8-bc82-42735737b32b}\45E4341405441363631413: [DhcpDomain] lan
Tcpip\..\Interfaces\{258058e1-d061-4ad8-bc82-42735737b32b}\65D453232313438303: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{29eb9f1b-a044-4c0d-814b-c21f9d30ce4a}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{776cdf07-e39e-4dd4-8790-e0e3e0027fb5}: [DhcpNameServer] 10.66.144.1
Tcpip\..\Interfaces\{776cdf07-e39e-4dd4-8790-e0e3e0027fb5}: [DhcpDomain] BN29DL2.com
 
Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\nwort\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-09]
Edge Extension: (Google Docs Offline) - C:\Users\nwort\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-25]
Edge Extension: (Edge relevant text changes) - C:\Users\nwort\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-25]
Edge Extension: (uBlock Origin) - C:\Users\nwort\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-01-04]
 
FireFox:
========
FF DefaultProfile: g80wa9hb.default
FF ProfilePath: C:\Users\nwort\AppData\Roaming\Mozilla\Firefox\Profiles\g80wa9hb.default [2023-11-01]
FF ProfilePath: C:\Users\nwort\AppData\Roaming\Mozilla\Firefox\Profiles\w8moyui1.default-release-1702217715008 [2024-01-27]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\nwort\AppData\Local\Google\Chrome\User Data\Default [2024-02-09]
CHR Notifications: Default -> hxxps://lpnottech.com; hxxps://meet.google.com
CHR Extension: (Torrent Scanner) - C:\Users\nwort\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2024-01-09]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\nwort\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-02-08]
CHR Extension: (uBlock Origin) - C:\Users\nwort\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-01-16]
CHR Extension: (High Contrast) - C:\Users\nwort\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2021-11-20]
CHR Extension: (Auto HD/4k/8k for YouTube™ - YouTube™ Auto HD) - C:\Users\nwort\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjdmkanbdloodhegphphhklnjfngoffa [2023-10-04]
CHR Extension: (Google Docs Offline) - C:\Users\nwort\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nwort\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-11-20]
CHR Profile: C:\Users\nwort\AppData\Local\Google\Chrome\User Data\System Profile [2021-12-29]
 
Opera: 
=======
OPR Profile: C:\Users\nwort\AppData\Roaming\Opera Software\Opera Stable [2023-10-04]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\nwort\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-02-20]
OPR Extension: (Opera Wallet) - C:\Users\nwort\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-02-20]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\nwort\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2023-02-20]
 
Brave: 
=======
BRA Profile: C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2023-11-01]
BRA Extension: (Torrent Scanner) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-10-26]
BRA Extension: (Adblock Plus - free ad blocker) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-10-26]
BRA Extension: (Auto HD/4k/8k for YouTube™ - YouTube™ Auto HD) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fjdmkanbdloodhegphphhklnjfngoffa [2023-10-26]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2023-10-29]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2023-11-01]
BRA Extension: (Brave NTP background images) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2023-10-26]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2023-11-01]
BRA Extension: (Wallet Data Files Updater) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\BraveWallet [2023-10-31]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2023-11-01]
BRA Extension: (Brave Ads Resources) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\cmdlemldhabgmejfognbhdejendfeikd [2023-10-26]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2023-11-01]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2023-10-26]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2023-11-01]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2023-10-31]
BRA Extension: (Brave NTP sponsored images) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\mjpbonbjgpinifgnneajcbigekbpfige [2023-11-01]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\nwort\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2023-10-26]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsusAppService; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\AsusAppService\AsusAppService.exe [1177224 2024-01-10] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSOptimization; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSOptimization\AsusOptimization.exe [529552 2024-01-10] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSoftwareManager; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSoftwareManager\AsusSoftwareManager.exe [1369232 2024-01-10] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSwitch; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSwitch\AsusSwitch.exe [641272 2024-01-10] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemAnalysis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSystemAnalysis\AsusSystemAnalysis.exe [4789384 2024-01-10] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 ASUSSystemDiagnosis; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe [845456 2024-01-10] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14045768 2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
R2 DtsApo4Service; C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe [215560 2021-06-06] (DTS, Inc. -> DTS Inc.)
S2 GoogleUpdaterInternalService123.0.6268.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6268.0\updater.exe [4638496 2024-01-27] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService123.0.6268.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6268.0\updater.exe [4638496 2024-01-27] (Google LLC -> Google LLC) <==== ATTENTION
R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\AS\IAS\IntelAudioService.exe [532024 2022-06-02] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-07] (Malwarebytes Inc. -> Malwarebytes)
R2 MFLocalService; C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\LocalService.exe [54664 2022-04-28] (Shenzhen iMyFone Technology Co., Ltd -> )
S3 ss_conn_launcher_service; C:\Windows\System32\Samsung\EasySetup\ss_conn_launcher.exe [193776 2022-05-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-05-13] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-05-13] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AcxHdAudio; C:\Windows\System32\drivers\AcxHdAudio.sys [526848 2023-11-06] (Microsoft Windows -> Microsoft Corporation)
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [115176 2021-07-08] (ASUSTeK COMPUTER INC. -> ASUSTek COMPUTER INC.)
R3 AsusSAIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSystemAnalysis\AsusSAIO.sys [49224 2024-01-10] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R1 ATKWMIACPIIO; C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSOptimization\AsusWmiAcpi.sys [48928 2024-01-10] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [32240 2020-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Dev47Apps)
S3 DroidCamVideo; C:\Windows\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys [33784 2021-04-10] (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider)
S3 GSCAuxDriver; C:\Windows\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_c88f56fe4c2427d9\GSCAuxDriverx64.sys [76040 2021-02-17] (Intel® pGFX 2020 -> Intel Corporation)
S3 GSCx64; C:\Windows\System32\DriverStore\FileRepository\gscheci.inf_amd64_8eebd147e5c5a413\TeeDriverGSCW8x64.sys [251120 2021-02-17] (Intel® pGFX 2020 -> Intel Corporation)
R3 iaLPSS2_GPIO2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_d0e63c4e3754f42f\iaLPSS2_GPIO2_TGL.sys [128152 2020-08-12] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_ab87bf17a571e523\iaLPSS2_I2C_TGL.sys [197272 2020-08-12] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_SPI_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_b6ea3d48ee329530\iaLPSS2_SPI_TGL.sys [155816 2020-08-12] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_TGL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_1a8e964d43720594\iaLPSS2_UART2_TGL.sys [310440 2020-08-12] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\Windows\System32\drivers\iaStorVD.sys [1544912 2021-08-26] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_d97909364d9908a5\IntcUSB.sys [892968 2022-06-02] (Intel Corporation -> Intel® Corporation)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_689d3d5fefeef458\gna.sys [84880 2020-11-06] (Gaussian Mixture Models and Neural Networks Accelerator -> Intel Corporation)
S3 iriuna0; C:\Windows\system32\drivers\iriuna0.sys [46976 2021-04-06] (Iriun Oy -> Windows ® Win 7 DDK provider)
S3 iriunvid; C:\Windows\System32\DriverStore\FileRepository\iriunvid.inf_amd64_daa9f7b9ae89ea8c\iriunvid.sys [164976 2022-08-24] (Iriun Oy -> Windows ® Win 7 DDK provider)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223296 2024-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-04-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-01-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKslaaf6e153; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C2926EB-CA36-463C-9401-DAC33A633F71}\MpKslDrv.sys [263560 2024-02-09] (Microsoft Windows -> Microsoft Corporation)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2019-11-11] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) (Whitelisted) =========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-09 11:02 - 2024-02-09 11:02 - 000032714 _____ C:\Users\nwort\Desktop\FRST.txt
2024-02-09 11:01 - 2024-02-09 11:02 - 000000000 ____D C:\FRST
2024-02-09 11:01 - 2024-02-09 11:01 - 000000000 ____D C:\Users\nwort\Desktop\FRST-OlderVersion
2024-02-09 11:00 - 2024-02-09 11:01 - 002389504 _____ (Farbar) C:\Users\nwort\Desktop\FRST64.exe
2024-02-03 18:50 - 2024-02-03 18:50 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-01-26 17:33 - 2024-01-26 17:33 - 000019697 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-01-26 17:33 - 2024-01-26 17:33 - 000019697 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2024-01-26 17:27 - 2024-01-26 17:27 - 000000000 ___HD C:\$WinREAgent
2024-01-11 10:40 - 2024-01-11 10:40 - 000000072 _____ C:\Windows\system32\AdsInfoCls
2024-01-11 09:26 - 2024-01-11 09:26 - 000000000 ____D C:\Windows\system32\Tasks\GoogleSystem
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2024-02-09 10:55 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-09 10:41 - 2022-10-27 11:51 - 000000000 ____D C:\Users\nwort\AppData\LocalLow\IGDump
2024-02-09 10:39 - 2023-05-09 19:47 - 000000000 ____D C:\Users\nwort\AppData\Local\Malwarebytes
2024-02-09 10:23 - 2021-11-21 06:30 - 000003752 _____ C:\Windows\system32\Tasks\AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474
2024-02-09 10:23 - 2021-07-04 17:36 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2024-02-09 10:23 - 2019-12-07 09:13 - 000000000 ____D C:\Windows\INF
2024-02-09 10:16 - 2021-11-20 15:37 - 000000000 __SHD C:\Users\nwort\IntelGraphicsProfiles
2024-02-09 10:16 - 2021-07-04 18:29 - 000000000 ___HD C:\Intel
2024-02-09 10:16 - 2020-11-21 12:38 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-09 10:16 - 2020-11-21 12:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-02-09 10:16 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\ServiceState
2024-02-09 10:15 - 2019-12-07 09:03 - 000786432 _____ C:\Windows\system32\config\BBI
2024-02-09 09:33 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-09 09:33 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\AppReadiness
2024-02-09 09:12 - 2022-01-22 11:47 - 000000000 ____D C:\Users\nwort\AppData\Local\CrashDumps
2024-02-09 08:29 - 2021-11-20 15:38 - 000000000 ____D C:\Users\nwort\AppData\Local\Packages
2024-02-08 19:23 - 2020-11-21 12:38 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-02-08 19:19 - 2021-12-15 22:35 - 000000000 ____D C:\Windows\SystemTemp
2024-02-08 19:18 - 2021-11-20 16:01 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-08 19:18 - 2021-11-20 16:01 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-02-07 19:21 - 2020-11-21 12:40 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-07 18:50 - 2021-11-20 17:09 - 000000000 ____D C:\Users\nwort\AppData\Roaming\vlc
2024-02-05 21:15 - 2020-11-21 12:40 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-05 21:15 - 2020-11-21 12:40 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-05 18:20 - 2021-12-11 15:56 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1660784041-1680324514-1991157008-1001
2024-02-05 18:20 - 2021-11-20 15:39 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1660784041-1680324514-1991157008-1001
2024-02-05 18:20 - 2021-11-20 15:34 - 000002385 _____ C:\Users\nwort\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-04 19:05 - 2021-11-20 21:34 - 000000000 ____D C:\Users\nwort\AppData\Roaming\Microsoft\Excel
2024-02-03 18:50 - 2020-11-21 12:43 - 000000000 ____D C:\Program Files\Microsoft Office
2024-02-02 18:19 - 2021-11-20 21:01 - 000000000 ____D C:\Users\nwort\AppData\Roaming\Microsoft\Word
2024-02-01 17:59 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\LiveKernelReports
2024-01-30 09:20 - 2021-07-04 18:29 - 000004122 _____ C:\Windows\system32\Tasks\ASUS Update Checker 2.0
2024-01-30 09:20 - 2021-07-04 18:29 - 000003756 _____ C:\Windows\system32\Tasks\ASUS Optimization 36D18D69AFC3
2024-01-27 08:26 - 2023-11-01 07:53 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-01-26 22:04 - 2020-11-21 12:38 - 000493376 _____ C:\Windows\system32\FNTCACHE.DAT
2024-01-26 22:03 - 2019-12-07 09:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-01-26 22:03 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-01-26 22:03 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-01-26 22:03 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SystemResources
2024-01-26 22:03 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-01-26 22:03 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\setup
2024-01-26 22:03 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2024-01-26 22:03 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\oobe
2024-01-26 22:03 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\migwiz
2024-01-26 22:03 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\appraiser
2024-01-26 22:03 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\ShellComponents
2024-01-26 22:03 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\bcastdvr
2024-01-26 17:36 - 2019-12-07 09:03 - 000000000 ____D C:\Windows\CbsTemp
2024-01-26 17:33 - 2020-11-21 12:40 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-01-17 09:25 - 2022-11-07 19:01 - 000000378 _____ C:\Users\nwort\Desktop\Tiger.txt
2024-01-16 10:16 - 2022-07-25 20:41 - 000000000 ____D C:\Users\nwort\AppData\Roaming\Microsoft\MMC
2024-01-12 17:56 - 2022-10-09 15:17 - 000000000 ____D C:\Users\nwort\AppData\Local\ElevatedDiagnostics
2024-01-12 08:36 - 2021-11-21 10:59 - 000918944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2024-01-11 09:26 - 2021-11-20 16:01 - 000000000 ____D C:\Program Files (x86)\Google
2024-01-10 22:18 - 2019-12-07 09:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-01-10 22:18 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-01-10 08:47 - 2021-11-20 21:08 - 000000000 ____D C:\Windows\system32\MRT
2024-01-10 08:45 - 2021-11-20 21:07 - 189718008 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.02.2024 01
Ran by nwort (09-02-2024 11:03:25)
Running from C:\Users\nwort\Desktop
Microsoft Windows 10 Home Version 22H2 19045.3996 (X64) (2021-11-21 06:28:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
 
(If an entry is included in the fixlist, it will be removed.)
 
Administrator (S-1-5-21-1660784041-1680324514-1991157008-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1660784041-1680324514-1991157008-503 - Limited - Disabled)
Guest (S-1-5-21-1660784041-1680324514-1991157008-501 - Limited - Disabled)
nwort (S-1-5-21-1660784041-1680324514-1991157008-1001 - Administrator - Enabled) => C:\Users\nwort
WDAGUtilityAccount (S-1-5-21-1660784041-1680324514-1991157008-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AVG Update Helper (HKLM-x32\...\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}) (Version: 1.8.1650.5 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{907757DD-35FC-4A00-90BD-C7B8A03F4FF3}) (Version: 5.32.0 - Kovid Goyal)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 121.0.6167.161 - Google LLC)
iMazing 2.15.4.0 (HKLM\...\iMazing_is1) (Version: 2.15.4.0 - DigiDNA)
iPod Support (HKLM\...\{BE71B07A-9576-49A8-8358-D69826AA1382}) (Version: 12.11.3.7 - Apple Inc.)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Microsoft .NET Core Host - 3.1.32 (x86) (HKLM-x32\...\{3C73457A-1A33-4DE0-B6C2-6FBA877E1FCF}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Host FX Resolver - 3.1.32 (x86) (HKLM-x32\...\{CE1A992F-4571-423D-9CAE-1184E8F29471}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft .NET Core Runtime - 3.1.32 (x86) (HKLM-x32\...\{841FE4B1-2C3F-4304-A686-6DF41B4CC1A1}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17231.20194 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.106 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 121.0.2277.106 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (HKLM\...\{90140000-002A-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (HKLM\...\{90140000-0116-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2010 (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (English) 2010 (HKLM-x32\...\{90140000-0017-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1660784041-1680324514-1991157008-1001\...\OneDriveSetup.exe) (Version: 24.015.0121.0003 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM-x32\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 (HKLM-x32\...\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}) (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 (HKLM-x32\...\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}) (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 3.1.32 (x86) (HKLM-x32\...\{25D5B94A-E3CD-44E8-9C3A-FE320B7B38FC}) (Version: 24.192.31915 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 3.1.32 (x86) (HKLM-x32\...\{4f894285-fd43-43ac-8669-33e8b7c0a97d}) (Version: 3.1.32.31915 - Microsoft Corporation)
MKVToolNix 79.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 79.0.0 - Moritz Bunkus)
Mozilla Firefox (x64 en-GB) (HKLM\...\Mozilla Firefox 121.0 (x64 en-GB)) (Version: 121.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 120.0.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20194 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20194 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.56.0 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0000-0000-0000000FF1CE}_Office14.SharePointDesigner_{8B883A57-E4BC-4745-8E6C-68168850F9DD}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{E0477A97-787B-4A23-8A23-F59429780A3E}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SharePointDesigner_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SharePointDesigner_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SharePointDesigner_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{945F1D43-451D-4383-9BBE-241F37950B15}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.SharePointDesigner_{8DD50F3B-E0BD-4E39-AF1F-2F316B4FC528}) (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.SharePointDesigner_{03AE1408-7BF1-4AC6-A327-E32E7799BCE4}) (Version:  - Microsoft) Hidden
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23123.1 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23123.1 - Samsung Electronics Co., Ltd.)
Telegram Desktop (HKU\S-1-5-21-1660784041-1680324514-1991157008-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.9.4 - Telegram FZ-LLC)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/06/2021 4.8.0.0) (HKLM\...\A24A5DD571B1BD4FED5E3558FDDBD8579A5EE14C) (Version: 01/06/2021 4.8.0.0 - Google, Inc.)
Windows Driver Package - HS Incorporated (massfilter_hs) USB  (10/20/2010 2.0.0.8) (HKLM\...\80E97631DA49E8B2E4C5B606C9597BC75EE612F5) (Version: 10/20/2010 2.0.0.8 - HS Incorporated)
Windows Driver Package - HTC, Corporation (HTCAND64) USB  (07/30/2015 2.0.0007.00030) (HKLM\...\C45A70BDABC1DAE5CCD49C4E701E67757AB039E6) (Version: 07/30/2015 2.0.0007.00030 - HTC, Corporation)
Windows Driver Package - LG Electronics Inc. (Andbus) USB  (11/30/2010 2.2.0.0) (HKLM\...\7972D4F247E02C0849331540773B9ABFA384B182) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\A3F0461CF2623C40BC42C38D4C0E7319E5C458CA) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics Inc. (usbbus) USB  (02/17/2016 5.3.0.0) (HKLM\...\6188905E45DED139E292A4F6A3CA637A65162F4D) (Version: 02/17/2016 5.3.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics, Inc. (AndnetBus) USB  (01/06/2021 4.8.0.0) (HKLM\...\4F72F5ED592B4C4B69E07DA9895BAE687A32F8AA) (Version: 01/06/2021 4.8.0.0 - LG Electronics, Inc.)
Windows Driver Package - Motorola (motccgp) USB  (03/01/2013 3.4.0.0) (HKLM\...\73BEF56236CE0FD380A1692BBA70B9C6B533518B) (Version: 03/01/2013 3.4.0.0 - Motorola)
Windows Driver Package - PANTECH Co., Ltd.  (PSKTBUS) USB  (06/20/2012 4.0.21.0) (HKLM\...\31F11A15A3058696191A3708600383CAA429752E) (Version: 06/20/2012 4.0.21.0 - PANTECH Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (06/10/2014 2.11.10.0) (HKLM\...\7C7D77F30DA293C8D56A9D5FB8C3E70F4E17DA7F) (Version: 06/10/2014 2.11.10.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssadbus) USB  (11/30/2012 5.30.14.0) (HKLM\...\C9AEC81E4D365534AF50161EDA7C9CC56B205507) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaebus) USB  (02/05/2010 5.14.0.0) (HKLM\...\8CDE6EEFC346A059EC210060FC7B7DAA8279D584) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SHARP (shu0bus) USB  (08/11/2011 5.28.4.0) (HKLM\...\8A1FC0FFE8E99DF8171E25D8C5AFF587290A67EF) (Version: 08/11/2011 5.28.4.0 - SHARP)
Windows PC Health Check (HKLM\...\{6798C408-2636-448C-8AC6-F4E341102D27}) (Version: 3.6.2204.08001 - Microsoft Corporation)
 
Packages:
=========
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2023.11.13.0_neutral__6rarf9sa4v8jt [2023-11-21] (Disney)
DTS Audio Processing -> C:\Program Files\WindowsApps\DTSInc.DTSAudioProcessing_1.10.15.0_x64__t5j2fzbtdg37r [2023-08-31] (DTS, Inc.)
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5287.0_x64__8j3eq9eme6ctt [2024-01-15] (INTEL CORP) [Startup Task]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa [2024-02-08] (Apple Inc.) [Startup Task]
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.68.0_x64__wafk5atnkzcwy [2024-02-08] (McAfee LLC.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21027.539.0_x64__8wekyb3d8bbwe [2024-02-09] (Microsoft Corporation)
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.6.0_x64__qmba6cd70vzyy [2024-01-25] (ASUSTeK COMPUTER INC.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-21] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.35.268.0_x64__dt26b99r8h8gj [2022-05-05] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-08] (Microsoft Studios) [MS Ad]
SongPop Classic -> C:\Program Files\WindowsApps\FreshPlanetInc.SongPop2_2.26.6.0_x64__qameptgjm6k7c [2024-02-08] (FreshPlanet Inc.)
Web Search from Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-09] (Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1660784041-1680324514-1991157008-1001_Classes\CLSID\{D332E8D3-59B3-4013-9D01-33AEBFF55FF5}\localserver32 -> "C:\Users\nwort\AppData\Local\Vivaldi\Application\6.4.3160.42\notification_helper.exe" => No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-06] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-06] (Malwarebytes Inc. -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2020-11-21 12:44 - 2020-11-21 12:44 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-11-21 12:44 - 2020-11-21 12:44 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2022-11-05 19:35 - 2022-08-18 15:21 - 001012224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\platforms\qwindows.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2019-12-07 09:14 - 2019-12-07 09:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1660784041-1680324514-1991157008-1001\Control Panel\Desktop\\Wallpaper -> D:\Pics\Wallpaper\linesy.jfif
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKU\S-1-5-21-1660784041-1680324514-1991157008-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_1A0352803E0A09F4D32D90747118FE51"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7F3859C8-09F8-4E52-95D6-3BC75F6EDCAC}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{BAC53C81-13DE-4E0D-807F-303D7909CCE0}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{74A08DF7-03CD-4F99-B359-C3233C22FAA7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [TCP Query User{BF6A9455-47CA-4620-9C77-1B8481053EE6}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{616A7921-1B85-4126-8DB1-4A877AAD1E81}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{62ECE685-79A8-44DB-82BC-0BCF26BADD28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{88653C66-90FD-42E6-8504-C78DA9114CBD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E1E07423-A1DA-4A4B-A765-BFA3DF60C705}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8A1A0A75-67B2-41BA-97A5-0B9E9E20F78F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F1796E76-7F83-4C6D-B99C-A78BB6B8CCB1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe => No File
FirewallRules: [{81E2B12F-DBB7-4F4A-B513-A4E45B467C26}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe => No File
FirewallRules: [{2B6BBC0C-0A64-44A4-9715-26F2D599CA96}] => (Allow) C:\Program Files (x86)\Iriun Webcam\IriunWebcam.exe => No File
FirewallRules: [{8AAF0C42-4470-4E84-A3DF-6733C06D0C50}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F800D9BF-A1DF-41D2-94B1-B03263179BD9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{5F8D7DCC-5D05-4570-8648-6392F26A68E7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{A4AD0B81-2013-40A0-9966-A14185CE739C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{E6E7A762-564A-4EEE-8DA3-29F5FE7B66AC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{E3101747-B39E-40B7-940C-552EB9B2DB93}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{E095469C-E890-4394-ACCD-3F0CAE19139A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{656C7F3E-7D97-4B10-BF28-CBA0D6E1431F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{EED74DAE-04F9-4FBC-AB62-4E2862801B5C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{4AE0E54A-841F-4D0B-B3BD-2C7A0335FE43}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{D541B66D-65EC-4955-AEDC-9F606760EEA5}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_4fc38a913e0f2ea5\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No File
FirewallRules: [{02636A4F-DD99-40E1-895D-36E983C7797A}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_4fc38a913e0f2ea5\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No File
FirewallRules: [{F1F23A70-FA4A-4044-A72B-EB85D1C532C7}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.6.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{1183BD76-C708-4C60-AD2F-9A0DF5714A4A}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.6.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{1DE07C98-66E5-4095-A08A-6B5C3D87335A}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.6.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{9C17BBF4-C3CC-41ED-A08E-28D1DE803109}] => (Allow) C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_4.0.6.0_x64__qmba6cd70vzyy\MyASUS\AsusMyASUS.exe (38BC0208-0916-4E44-909B-E6832F47CDE7 -> ASUSTeK COMPUTER INC.)
FirewallRules: [{858421A5-5391-4D2C-86EE-CEA0C4A0D467}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2DB62953-8573-48AC-9A84-90C81A03DAEA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D6B7B207-4C44-4D4C-894F-D5B1FB811215}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{32629257-1576-4975-AE9B-52206412B240}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A61D77CB-F6B3-4F35-8209-E92A33A7C9F5}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.106\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0863BF46-0464-4574-8F34-7FBB59FDEB4E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6315805C-0836-4008-97B6-5DC74956D1FC}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_f2eed2fae3b45a67\ASUSSwitch\AsusSwitchNetMDNS.exe (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
 
==================== Restore Points =========================
 
30-01-2024 09:20:00 Windows Update
07-02-2024 20:04:01 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (02/09/2024 09:15:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ff9dc1e124c
Faulting process ID: 0x1a18
Faulting application start time: 0x01da5b3227b73507
Faulting application path: bad_module_info
Faulting module path: unknown
Report ID: f7d3f25a-9c72-41bd-95bd-b4c7a3c6df9f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/09/2024 09:12:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06
Faulting module name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06
Exception code: 0xc0000005
Fault offset: 0x0001f4d9
Faulting process ID: 0x213c
Faulting application start time: 0x01da5b322dd0ba9e
Faulting application path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe
Faulting module path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe
Report ID: fcd48180-9cce-4039-b06e-39eea183375a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/08/2024 09:11:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06
Faulting module name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06
Exception code: 0xc0000005
Fault offset: 0x0001f4d9
Faulting process ID: 0x2edc
Faulting application start time: 0x01da5acac11f9236
Faulting application path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe
Faulting module path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe
Report ID: ec5c3d63-023c-4e40-b7b6-687bb4030860
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/08/2024 08:09:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (02/08/2024 08:09:09 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (02/08/2024 08:09:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress..
 
Error: (02/08/2024 08:09:08 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.]
 
Error: (02/08/2024 09:11:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06
Faulting module name: MFResident.exe, version: 1.2.0.1, time stamp: 0x640aff06
Exception code: 0xc0000005
Fault offset: 0x0001f4d9
Faulting process ID: 0x2d48
Faulting application start time: 0x01da5a6a98375cb1
Faulting application path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe
Faulting module path: C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\MFResident.exe
Report ID: 269f8007-693d-4350-ac36-dbdefadc8f55
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (02/09/2024 09:16:08 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a pre-shutdown control.
 
Error: (02/08/2024 08:09:02 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-GN573EL9)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.19041.3636_neutral_neutral_cw5n1h2txyewy!App.AppX447jn8wbjb1qsw3jxkndb19cwgsrtrkk.mca did not register with DCOM within the required timeout.
 
Error: (02/08/2024 02:58:26 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR4.
 
Error: (02/08/2024 01:37:25 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR4.
 
Error: (02/08/2024 10:29:56 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
Error: (02/08/2024 09:03:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
 
Error: (02/08/2024 08:41:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Intel Corporation - Extension - 22.1120.0.1.
 
Error: (02/07/2024 06:58:20 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
 
Windows Defender:
================
Date: 2024-02-09 09:34:51
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-09 08:53:31
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-08 09:25:10
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-08 09:02:39
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2024-02-07 09:08:54
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
 
Date: 2023-10-27 10:05:31
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.399.1389.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.23090.2007
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2023-07-24 08:11:59
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.393.1262.0
Previous security intelligence Version: 1.393.1254.0
Update Source: User
Security intelligence Type: AntiSpyware
Update Type: Delta
Current Engine Version: 1.1.23060.1005
Previous Engine Version: 1.1.23060.1005
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2023-07-24 08:11:59
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 1.393.1262.0
Previous security intelligence Version: 1.393.1254.0
Update Source: User
Security intelligence Type: AntiVirus
Update Type: Delta
Current Engine Version: 1.1.23060.1005
Previous Engine Version: 1.1.23060.1005
Error code: 0x80509004
Error description: An unexpected problem occurred. Install any available updates, then try to start the program again. For information on installing updates, see Help and Support. 
 
Date: 2023-07-21 22:20:09
Description: 
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Network Inspection System
Error Code: 0x8007045b
Error description: A system shutdown is in progress. 
Reason: The system is missing updates that are required for running Network Inspection System.  Install the required updates and restart the device.
 
CodeIntegrity:
===============
Date: 2024-02-09 11:03:25
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2024-02-09 11:03:09
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
 
Date: 2024-02-09 11:02:40
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_89b1ad385fab2e0b\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
BIOS: American Megatrends International, LLC. X513EA.308 07/27/2021
Motherboard: ASUSTeK COMPUTER INC. X513EA
Processor: 11th Gen Intel® Core™ i5-1135G7 @ 2.40GHz
Percentage of memory in use: 79%
Total physical RAM: 7873.98 MB
Available physical RAM: 1630.91 MB
Total Virtual: 9089.98 MB
Available Virtual: 2118.72 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:236.98 GB) (Free:22.14 GB) (Model: NVMe WDC PC SN530 SDBPNPZ-256G-1002) (Protected) NTFS
Drive d: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:118.44 GB) (Model: Samsung M3 Portable USB Device) NTFS
 
\\?\Volume{bfe5b1ad-0760-419e-87ae-b8b1a3ee38c5}\ (RECOVERY) (Fixed) (Total:1.03 GB) (Free:0.08 GB) NTFS
\\?\Volume{da72bc49-83a7-4cb0-a34a-a7a49de3c878}\ (MYASUS) (Fixed) (Total:0.19 GB) (Free:0.13 GB) FAT32
\\?\Volume{3394475a-1d72-4666-8d44-dae7cf41f821}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 1819B2AC)
 
Partition: GPT.
 
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 28676295)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements

#2
DR M
Posted 09 February 2024 - 02:31 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,122 posts

Hello, peter plus.
 
Your logs indicate several issues, however, the major one, that probably is causing you the freezing issues, is related with this line in the logs:
 
Error: (02/07/2024 06:58:20 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
This error has to do with hard disk issues.
 
Before we do anything else, please do the following:

  • Download CrystalDiskInfo from here and save it to your Desktop.
  • Run the installer to install the program.
  • When finished, open the installed program by double clicking on it.
  • If everything is working properly, you should see the status “Good“ displayed. Other statuses you might see include “Bad” (which usually indicates a drive that’s dead or near death), “Caution” (which indicates a drive that you should most likely be thinking about backing up and replacing), and “Unknown” (which just means that information could not be obtained).
  • Let me know your result. It would be useful to take a screenshot and attach it in your next reply. 

  • 0

#3
peter plus
Posted 09 February 2024 - 03:40 PM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

Status Good 94%

 

See attached


  • 0

#4
peter plus
Posted 09 February 2024 - 03:41 PM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

Attached screenshot this time

Attached Thumbnails

  • crystaldisk1.jpg

  • 0

#5
DR M
Posted 10 February 2024 - 09:24 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,122 posts

Hi, Peter.

1. Check disk C

  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
       chkdsk C: /r
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

 

2. Check disk D

  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
       chkdsk D: /r
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

 

 

In your next reply please post:

  1. The two notepad files, as attachments. 

  • 0

#6
peter plus
Posted 10 February 2024 - 10:04 AM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

Ran chkdsk on c 

Notepad file below

 

Could not run chkdsk on d.

Said drive needed to dismount.

Hit Yes and it said it was going to take around  8 hours so paused it

I'll wait for further reply before going further

 

 ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 10/02/2024 15:49:01 >------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 26226
Record Number: 115657
Source Name: Chkdsk
Time Written: 12-22-2023 @ 14:17:08
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume9
Volume label is NIGEL 500Gb.

Stage 1: Examining basic file system structure ...
  1024 file records processed.                                                       

File verification completed.
Phase duration (File record verification): 499.28 milliseconds.
  1 large file records processed.                                  

Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                    

Phase duration (Bad file record checking): 0.01 milliseconds.

Stage 2: Examining file name linkage ...
  33 reparse records processed.                                     

  1110 index entries processed.                                                      

Index verification completed.
Phase duration (Index verification): 454.94 milliseconds.

Phase duration (Orphan reconnection): 0.24 milliseconds.

Phase duration (Orphan recovery to lost and found): 0.07 milliseconds.
  33 reparse records processed.                                     

Phase duration (Reparse point and Object ID verification): 0.22 milliseconds.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Phase duration (Security descriptor verification): 30.69 milliseconds.
  43 data files processed.                                          

Phase duration (Data attribute verification): 0.02 milliseconds.
Windows has found problems that must be fixed offline.
Please run "chkdsk /f" to fix the issues.

488385526 KB total disk space.
396186132 KB in 732 files.
       464 KB in 45 indexes.
     81902 KB in use by the system.
     65536 KB occupied by the log file.
  92117028 KB available on disk.

      4096 bytes in each allocation unit.
122096381 total allocation units on disk.
  23029257 allocation units available on disk.
Total duration: 985.74 milliseconds (985 ms).

----------------------------------------------------------------------


Stage 1: Examining basic file system structure ...

Stage 2: Examining file name linkage ...

Stage 3: Examining security descriptors ...

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 1001
Record Number: 113565
Source Name: Microsoft-Windows-Wininit
Time Written: 12-12-2023 @ 09:17:15
Event Type: Information
User:
Message:

Checking file system on D:
The type of the file system is NTFS.
Volume label is SAMSUNG.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                        

Stage 1: Examining basic file system structure ...
  206592 file records processed.                                                       

File verification completed.
Phase duration (File record verification): 6.77 seconds.
  491 large file records processed.                                  


Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                    

Phase duration (Bad file record checking): 1.44 milliseconds.

Stage 2: Examining file name linkage ...
The object id in file 0xb391 does not appear in the object
id index in file 0x19.
Inserting an index entry into index $O of file 19.
  6443 reparse records processed.                                     

The object id in file 0xb392 does not appear in the object
id index in file 0x19.
Inserting an index entry into index $O of file 19.
Index entry 11_Spanish.srt of index $I30 in file 0x41c4 points to unused file 0x43f0.
Deleting index entry 11_Spanish.srt in index $I30 of file 41C4.
Index entry 11_SPA~1.SRT of index $I30 in file 0x41c4 points to unused file 0x43f0.
Deleting index entry 11_SPA~1.SRT in index $I30 of file 41C4.
Index entry 12_Finnish.srt of index $I30 in file 0x41c4 points to unused file 0x43f1.
Deleting index entry 12_Finnish.srt in index $I30 of file 41C4.
Index entry 12_FIN~1.SRT of index $I30 in file 0x41c4 points to unused file 0x43f1.
Deleting index entry 12_FIN~1.SRT in index $I30 of file 41C4.
Index entry 13_fil.srt of index $I30 in file 0x41c4 points to unused file 0x43f2.
Deleting index entry 13_fil.srt in index $I30 of file 41C4.
Index entry 14_French.srt of index $I30 in file 0x41c4 points to unused file 0x43f3.
Deleting index entry 14_French.srt in index $I30 of file 41C4.
Index entry 14_FRE~1.SRT of index $I30 in file 0x41c4 points to unused file 0x43f3.
Deleting index entry 14_FRE~1.SRT in index $I30 of file 41C4.
Index entry 15_Hebrew.srt of index $I30 in file 0x41c4 points to unused file 0x4406.
Deleting index entry 15_Hebrew.srt in index $I30 of file 41C4.
Index entry 15_HEB~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4406.
Deleting index entry 15_HEB~1.SRT in index $I30 of file 41C4.
Index entry 16_hrv.srt of index $I30 in file 0x41c4 points to unused file 0x4407.
Deleting index entry 16_hrv.srt in index $I30 of file 41C4.
Index entry 17_Hungarian.srt of index $I30 in file 0x41c4 points to unused file 0x4408.
Deleting index entry 17_Hungarian.srt in index $I30 of file 41C4.
Index entry 17_HUN~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4408.
Deleting index entry 17_HUN~1.SRT in index $I30 of file 41C4.
Index entry 18_Indonesian.srt of index $I30 in file 0x41c4 points to unused file 0x4409.
Deleting index entry 18_Indonesian.srt in index $I30 of file 41C4.
Index entry 18_IND~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4409.
Deleting index entry 18_IND~1.SRT in index $I30 of file 41C4.
Index entry 19_Italian.srt of index $I30 in file 0x41c4 points to unused file 0x440a.
Deleting index entry 19_Italian.srt in index $I30 of file 41C4.
Index entry 19_ITA~1.SRT of index $I30 in file 0x41c4 points to unused file 0x440a.
Deleting index entry 19_ITA~1.SRT in index $I30 of file 41C4.
Index entry 20_Japanese.srt of index $I30 in file 0x41c4 points to unused file 0x440b.
Deleting index entry 20_Japanese.srt in index $I30 of file 41C4.
Index entry 20_JAP~1.SRT of index $I30 in file 0x41c4 points to unused file 0x440b.
Deleting index entry 20_JAP~1.SRT in index $I30 of file 41C4.
Index entry 21_Korean.srt of index $I30 in file 0x41c4 points to unused file 0x440c.
Deleting index entry 21_Korean.srt in index $I30 of file 41C4.
Index entry 21_KOR~1.SRT of index $I30 in file 0x41c4 points to unused file 0x440c.
Deleting index entry 21_KOR~1.SRT in index $I30 of file 41C4.
Index entry 22_may.srt of index $I30 in file 0x41c4 points to unused file 0x440d.
Deleting index entry 22_may.srt in index $I30 of file 41C4.
Index entry 23_Bokmal.srt of index $I30 in file 0x41c4 points to unused file 0x440e.
Deleting index entry 23_Bokmal.srt in index $I30 of file 41C4.
Index entry 23_BOK~1.SRT of index $I30 in file 0x41c4 points to unused file 0x440e.
Deleting index entry 23_BOK~1.SRT in index $I30 of file 41C4.
Index entry 24_Dutch.srt of index $I30 in file 0x41c4 points to unused file 0x442f.
Deleting index entry 24_Dutch.srt in index $I30 of file 41C4.
Index entry 25_Polish.srt of index $I30 in file 0x41c4 points to unused file 0x4430.
Deleting index entry 25_Polish.srt in index $I30 of file 41C4.
Index entry 25_POL~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4430.
Deleting index entry 25_POL~1.SRT in index $I30 of file 41C4.
Index entry 26_Portuguese.srt of index $I30 in file 0x41c4 points to unused file 0x4431.
Deleting index entry 26_Portuguese.srt in index $I30 of file 41C4.
Index entry 26_POR~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4431.
Deleting index entry 26_POR~1.SRT in index $I30 of file 41C4.
Index entry 27_Portuguese.srt of index $I30 in file 0x41c4 points to unused file 0x4432.
Deleting index entry 27_Portuguese.srt in index $I30 of file 41C4.
Index entry 27_POR~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4432.
Deleting index entry 27_POR~1.SRT in index $I30 of file 41C4.
Index entry 28_Romanian.srt of index $I30 in file 0x41c4 points to unused file 0x4433.
Deleting index entry 28_Romanian.srt in index $I30 of file 41C4.
Index entry 28_ROM~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4433.
Deleting index entry 28_ROM~1.SRT in index $I30 of file 41C4.
Index entry 29_Russian.srt of index $I30 in file 0x41c4 points to unused file 0x4434.
Deleting index entry 29_Russian.srt in index $I30 of file 41C4.
Index entry 29_RUS~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4434.
Deleting index entry 29_RUS~1.SRT in index $I30 of file 41C4.
Index entry 2_English.srt of index $I30 in file 0x41c4 points to unused file 0x4435.
Deleting index entry 2_English.srt in index $I30 of file 41C4.
Index entry 2_ENGL~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4435.
Deleting index entry 2_ENGL~1.SRT in index $I30 of file 41C4.
Index entry 30_Swedish.srt of index $I30 in file 0x41c4 points to unused file 0x4436.
Deleting index entry 30_Swedish.srt in index $I30 of file 41C4.
Index entry 30_SWE~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4436.
Deleting index entry 30_SWE~1.SRT in index $I30 of file 41C4.
Index entry 31_Thai.srt of index $I30 in file 0x41c4 points to unused file 0x4437.
Deleting index entry 31_Thai.srt in index $I30 of file 41C4.
Index entry 32_Turkish.srt of index $I30 in file 0x41c4 points to unused file 0x4463.
Deleting index entry 32_Turkish.srt in index $I30 of file 41C4.
Index entry 32_TUR~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4463.
Deleting index entry 32_TUR~1.SRT in index $I30 of file 41C4.
Index entry 33_ukr.srt of index $I30 in file 0x41c4 points to unused file 0x4464.
Deleting index entry 33_ukr.srt in index $I30 of file 41C4.
Index entry 34_Vietnamese.srt of index $I30 in file 0x41c4 points to unused file 0x4465.
Deleting index entry 34_Vietnamese.srt in index $I30 of file 41C4.
Index entry 34_VIE~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4465.
Deleting index entry 34_VIE~1.SRT in index $I30 of file 41C4.
Index entry 35_Chinese.srt of index $I30 in file 0x41c4 points to unused file 0x4466.
Deleting index entry 35_Chinese.srt in index $I30 of file 41C4.
Index entry 35_CHI~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4466.
Deleting index entry 35_CHI~1.SRT in index $I30 of file 41C4.
Index entry 36_Chinese.srt of index $I30 in file 0x41c4 points to unused file 0x4467.
Deleting index entry 36_Chinese.srt in index $I30 of file 41C4.
Index entry 36_CHI~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4467.
Deleting index entry 36_CHI~1.SRT in index $I30 of file 41C4.
Index entry 3_English.srt of index $I30 in file 0x41c4 points to unused file 0x4468.
Deleting index entry 3_English.srt in index $I30 of file 41C4.
Index entry 3_ENGL~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4468.
Deleting index entry 3_ENGL~1.SRT in index $I30 of file 41C4.
Index entry 4_English.srt of index $I30 in file 0x41c4 points to unused file 0x4469.
Deleting index entry 4_English.srt in index $I30 of file 41C4.
Index entry 4_ENGL~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4469.
Deleting index entry 4_ENGL~1.SRT in index $I30 of file 41C4.
Index entry 5_Arabic.srt of index $I30 in file 0x41c4 points to unused file 0x446a.
Deleting index entry 5_Arabic.srt in index $I30 of file 41C4.
Index entry 6_Czech.srt of index $I30 in file 0x41c4 points to unused file 0x4576.
Deleting index entry 6_Czech.srt in index $I30 of file 41C4.
Index entry 7_Danish.srt of index $I30 in file 0x41c4 points to unused file 0x457a.
Deleting index entry 7_Danish.srt in index $I30 of file 41C4.
Index entry 8_German.srt of index $I30 in file 0x41c4 points to unused file 0x457b.
Deleting index entry 8_German.srt in index $I30 of file 41C4.
Index entry 9_Greek.srt of index $I30 in file 0x41c4 points to unused file 0x457c.
Deleting index entry 9_Greek.srt in index $I30 of file 41C4.
Index entry CRANK2~1.SRT of index $I30 in file 0xb477 points to unused file 0xb479.
Deleting index entry CRANK2~1.SRT in index $I30 of file B477.
Index entry WWWYIF~1.JPG of index $I30 in file 0xb477 points to unused file 0xb47a.
Deleting index entry WWWYIF~1.JPG in index $I30 of file B477.
Unable to locate the file name attribute of index entry The Americans (2013) - S06E05 - The Great Patriotic War (1080p AMZN WEB-DL x265 Silence).mkv
of index $I30 with parent 0xb49f in file 0xb4de.
Deleting index entry The Americans (2013) - S06E05 - The Great Patriotic War (1080p AMZN WEB-DL x265 Silence).mkv in index $I30 of file B49F.
Unable to locate the file name attribute of index entry THEAME~4.MKV
of index $I30 with parent 0xb49f in file 0xb4de.
Deleting index entry THEAME~4.MKV in index $I30 of file B49F.
  219478 index entries processed.                                                      


Index verification completed.
Phase duration (Index verification): 6.20 seconds.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file $RNSM1TS.mp4 (B391) into directory file 6D8B.
Recovering orphaned file $R81WEKP.mp4 (B392) into directory file 6D8B.
  9 unindexed files scanned.                                       

  2 unindexed files recovered to original directory.
Phase duration (Orphan reconnection): 0.00 milliseconds.
CHKDSK is recovering remaining unindexed files.
  7 unindexed files recovered to lost and found.                   


    Lost and found is located at \found.002

Phase duration (Orphan recovery to lost and found): 0.00 milliseconds.
  6443 reparse records processed.                                     


Phase duration (Reparse point and Object ID verification): 42.00 milliseconds.

Stage 3: Examining security descriptors ...
Cleaning up 17 unused index entries from index $SII of file 0x9.
Cleaning up 17 unused index entries from index $SDH of file 0x9.
Cleaning up 17 unused security descriptors.
Security descriptor verification completed.
Phase duration (Security descriptor verification): 32.30 milliseconds.
  6444 data files processed.                                          


Phase duration (Data attribute verification): 1.47 milliseconds.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.
No further action is required.

976760000 KB total disk space.
737354796 KB in 38327 files.
     17064 KB in 6448 indexes.
         0 KB in bad sectors.
    302464 KB in use by the system.
     65536 KB occupied by the log file.
239085676 KB available on disk.

      4096 bytes in each allocation unit.
244190000 total allocation units on disk.
  59771419 allocation units available on disk.
Total duration: 13.51 seconds (13512 ms).

Internal Info:
00 27 03 00 f0 ae 00 00 d8 27 01 00 00 00 00 00  .'.......'......
2b 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00  +...............

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 26226
Record Number: 113496
Source Name: Chkdsk
Time Written: 12-11-2023 @ 14:27:35
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume6
Volume label is SAMSUNG.

Stage 1: Examining basic file system structure ...
    Found 0x3 clusters allocated to file "...\Full.Swing.S01E02.1080p.WEBRip.x265-RARBG[eztv.re] <0x8,0x41c4>" at offset "0" marked as free
was not able to send command for self-healing due to lack of memory.
"Chkdsk /scan" has found volume bitmap corruption which can only be repaired by "chkdsk /f".  Aborting.

----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...
"chkdsk /scan" is aborting due to self-healing command failure: 0xc0000102
"chkdsk /f" will be required to repair the volume.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 26228
Record Number: 113371
Source Name: Chkdsk
Time Written: 12-10-2023 @ 17:08:59
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume8
Volume label is SAMSUNG.

Examining 1 corruption record ...

Record 1 of 1: Index entry for file "\TV Series\The Americans\The Americans S06\The Americans (2013) - S06E05 - The Great Patriotic War (1080p AMZN WEB-DL x265 Silence).mkv <0x2,0xb4de>" is missing from index "$I30" of directory "\TV Series\The Americans\The Americans S05 <0x2,0xb49f>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 26228
Record Number: 113369
Source Name: Chkdsk
Time Written: 12-10-2023 @ 17:01:35
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume8
Volume label is SAMSUNG.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x2,0xb46e>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 26228
Record Number: 101847
Source Name: Chkdsk
Time Written: 10-05-2023 @ 12:53:28
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume6
Volume label is SAMSUNG.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x2,0xb47a>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------


  • 0

#7
DR M
Posted 10 February 2024 - 10:52 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,122 posts

I'm not sure it ran for C either. The last date in the log is 12-22-2023.

 

Can you repeat please?

 

In any case, in December there were a lot of errors on the disk. Repaired, but I'm afraid that when the disk issues start, you will need a replacement, soon or later. 


  • 0

#8
peter plus
Posted 10 February 2024 - 11:21 AM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

OK I think it ran this time

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 10/02/2024 17:19:09 >------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 1001
Record Number: 126363
Source Name: Microsoft-Windows-Wininit
Time Written: 02-10-2024 @ 17:18:57
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                        

Stage 1: Examining basic file system structure ...
  903168 file records processed.                                                       

File verification completed.
Phase duration (File record verification): 8.93 seconds.
  25298 large file records processed.                                  

Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                    

Phase duration (Bad file record checking): 1.41 milliseconds.

Stage 2: Examining file name linkage ...
  3779 reparse records processed.                                     

  1444302 index entries processed.                                                      

Index verification completed.
Phase duration (Index verification): 21.04 seconds.
  0 unindexed files scanned.                                       

Phase duration (Orphan reconnection): 5.57 seconds.
  0 unindexed files recovered to lost and found.                   

Phase duration (Orphan recovery to lost and found): 51.28 milliseconds.
  3779 reparse records processed.                                     

Phase duration (Reparse point and Object ID verification): 21.68 milliseconds.

Stage 3: Examining security descriptors ...
Cleaning up 7 unused index entries from index $SII of file 0x9.
Cleaning up 7 unused index entries from index $SDH of file 0x9.
Cleaning up 7 unused security descriptors.
Security descriptor verification completed.
Phase duration (Security descriptor verification): 29.38 milliseconds.
  270568 data files processed.                                          

Phase duration (Data attribute verification): 1.55 milliseconds.
CHKDSK is verifying Usn Journal...
  36072648 USN bytes processed.                                                          

Usn Journal verification completed.
Phase duration (USN journal verification): 129.10 milliseconds.

Stage 4: Looking for bad clusters in user file data ...
  903152 files processed.                                                              

File data verification completed.
Phase duration (User file recovery): 7.55 minutes.

Stage 5: Looking for bad, free clusters ...
  5636964 free clusters processed.                                                      

Free space verification is complete.
Phase duration (Free space recovery): 0.00 milliseconds.

Windows has scanned the file system and found no problems.
No further action is required.

248494407 KB total disk space.
224461872 KB in 571833 files.
    465624 KB in 270569 indexes.
         0 KB in bad sectors.
   1019055 KB in use by the system.
     65536 KB occupied by the log file.
  22547856 KB available on disk.

      4096 bytes in each allocation unit.
  62123601 total allocation units on disk.
   5636964 allocation units available on disk.
Total duration: 8.14 minutes (488964 ms).

Internal Info:
00 c8 0d 00 ae da 0c 00 f7 0b 16 00 00 00 00 00  ................
6e 0e 00 00 55 00 00 00 00 00 00 00 00 00 00 00  n...U...........

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 1001
Record Number: 126189
Source Name: Microsoft-Windows-Wininit
Time Written: 02-10-2024 @ 15:49:09
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.
Volume label is OS.

A disk check has been scheduled.
Windows will now check the disk.                        

Stage 1: Examining basic file system structure ...
  903168 file records processed.                                                       

File verification completed.
Phase duration (File record verification): 8.85 seconds.
  25307 large file records processed.                                  

Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                    

Phase duration (Bad file record checking): 1.42 milliseconds.

Stage 2: Examining file name linkage ...
  3777 reparse records processed.                                     

  1444256 index entries processed.                                                      

Index verification completed.
Phase duration (Index verification): 24.86 seconds.
  0 unindexed files scanned.                                       

Phase duration (Orphan reconnection): 5.54 seconds.
  0 unindexed files recovered to lost and found.                   

Phase duration (Orphan recovery to lost and found): 7.65 seconds.
  3777 reparse records processed.                                     

Phase duration (Reparse point and Object ID verification): 11.62 milliseconds.

Stage 3: Examining security descriptors ...
Cleaning up 2271 unused index entries from index $SII of file 0x9.
Cleaning up 2271 unused index entries from index $SDH of file 0x9.
Cleaning up 2271 unused security descriptors.
Security descriptor verification completed.
Phase duration (Security descriptor verification): 36.00 milliseconds.
  270545 data files processed.                                          

Phase duration (Data attribute verification): 1.70 milliseconds.
CHKDSK is verifying Usn Journal...
  41133552 USN bytes processed.                                                          

Usn Journal verification completed.
Phase duration (USN journal verification): 153.50 milliseconds.

Stage 4: Looking for bad clusters in user file data ...
  903152 files processed.                                                              

File data verification completed.
Phase duration (User file recovery): 7.32 minutes.

Stage 5: Looking for bad, free clusters ...
  5691219 free clusters processed.                                                      

Free space verification is complete.
Phase duration (Free space recovery): 0.00 milliseconds.

Windows has scanned the file system and found no problems.
No further action is required.

248494407 KB total disk space.
224239896 KB in 571644 files.
    465588 KB in 270546 indexes.
         0 KB in bad sectors.
   1024043 KB in use by the system.
     65536 KB occupied by the log file.
  22764880 KB available on disk.

      4096 bytes in each allocation unit.
  62123601 total allocation units on disk.
   5691220 allocation units available on disk.
Total duration: 8.11 minutes (486842 ms).

Internal Info:
00 c8 0d 00 da d9 0c 00 80 0a 16 00 00 00 00 00  ................
6c 0e 00 00 55 00 00 00 00 00 00 00 00 00 00 00  l...U...........

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 26226
Record Number: 115657
Source Name: Chkdsk
Time Written: 12-22-2023 @ 14:17:08
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume9
Volume label is NIGEL 500Gb.

Stage 1: Examining basic file system structure ...
  1024 file records processed.                                                       

File verification completed.
Phase duration (File record verification): 499.28 milliseconds.
  1 large file records processed.                                  

Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                    

Phase duration (Bad file record checking): 0.01 milliseconds.

Stage 2: Examining file name linkage ...
  33 reparse records processed.                                     

  1110 index entries processed.                                                      

Index verification completed.
Phase duration (Index verification): 454.94 milliseconds.

Phase duration (Orphan reconnection): 0.24 milliseconds.

Phase duration (Orphan recovery to lost and found): 0.07 milliseconds.
  33 reparse records processed.                                     

Phase duration (Reparse point and Object ID verification): 0.22 milliseconds.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Phase duration (Security descriptor verification): 30.69 milliseconds.
  43 data files processed.                                          

Phase duration (Data attribute verification): 0.02 milliseconds.
Windows has found problems that must be fixed offline.
Please run "chkdsk /f" to fix the issues.

488385526 KB total disk space.
396186132 KB in 732 files.
       464 KB in 45 indexes.
     81902 KB in use by the system.
     65536 KB occupied by the log file.
  92117028 KB available on disk.

      4096 bytes in each allocation unit.
122096381 total allocation units on disk.
  23029257 allocation units available on disk.
Total duration: 985.74 milliseconds (985 ms).

----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...

Stage 2: Examining file name linkage ...

Stage 3: Examining security descriptors ...

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 1001
Record Number: 113565
Source Name: Microsoft-Windows-Wininit
Time Written: 12-12-2023 @ 09:17:15
Event Type: Information
User:
Message:

Checking file system on D:
The type of the file system is NTFS.
Volume label is SAMSUNG.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                        

Stage 1: Examining basic file system structure ...
  206592 file records processed.                                                       

File verification completed.
Phase duration (File record verification): 6.77 seconds.
  491 large file records processed.                                  

Phase duration (Orphan file record recovery): 0.00 milliseconds.
  0 bad file records processed.                                    

Phase duration (Bad file record checking): 1.44 milliseconds.

Stage 2: Examining file name linkage ...
The object id in file 0xb391 does not appear in the object
id index in file 0x19.
Inserting an index entry into index $O of file 19.
  6443 reparse records processed.                                     

The object id in file 0xb392 does not appear in the object
id index in file 0x19.
Inserting an index entry into index $O of file 19.
Index entry 11_Spanish.srt of index $I30 in file 0x41c4 points to unused file 0x43f0.
Deleting index entry 11_Spanish.srt in index $I30 of file 41C4.
Index entry 11_SPA~1.SRT of index $I30 in file 0x41c4 points to unused file 0x43f0.
Deleting index entry 11_SPA~1.SRT in index $I30 of file 41C4.
Index entry 12_Finnish.srt of index $I30 in file 0x41c4 points to unused file 0x43f1.
Deleting index entry 12_Finnish.srt in index $I30 of file 41C4.
Index entry 12_FIN~1.SRT of index $I30 in file 0x41c4 points to unused file 0x43f1.
Deleting index entry 12_FIN~1.SRT in index $I30 of file 41C4.
Index entry 13_fil.srt of index $I30 in file 0x41c4 points to unused file 0x43f2.
Deleting index entry 13_fil.srt in index $I30 of file 41C4.
Index entry 14_French.srt of index $I30 in file 0x41c4 points to unused file 0x43f3.
Deleting index entry 14_French.srt in index $I30 of file 41C4.
Index entry 14_FRE~1.SRT of index $I30 in file 0x41c4 points to unused file 0x43f3.
Deleting index entry 14_FRE~1.SRT in index $I30 of file 41C4.
Index entry 15_Hebrew.srt of index $I30 in file 0x41c4 points to unused file 0x4406.
Deleting index entry 15_Hebrew.srt in index $I30 of file 41C4.
Index entry 15_HEB~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4406.
Deleting index entry 15_HEB~1.SRT in index $I30 of file 41C4.
Index entry 16_hrv.srt of index $I30 in file 0x41c4 points to unused file 0x4407.
Deleting index entry 16_hrv.srt in index $I30 of file 41C4.
Index entry 17_Hungarian.srt of index $I30 in file 0x41c4 points to unused file 0x4408.
Deleting index entry 17_Hungarian.srt in index $I30 of file 41C4.
Index entry 17_HUN~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4408.
Deleting index entry 17_HUN~1.SRT in index $I30 of file 41C4.
Index entry 18_Indonesian.srt of index $I30 in file 0x41c4 points to unused file 0x4409.
Deleting index entry 18_Indonesian.srt in index $I30 of file 41C4.
Index entry 18_IND~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4409.
Deleting index entry 18_IND~1.SRT in index $I30 of file 41C4.
Index entry 19_Italian.srt of index $I30 in file 0x41c4 points to unused file 0x440a.
Deleting index entry 19_Italian.srt in index $I30 of file 41C4.
Index entry 19_ITA~1.SRT of index $I30 in file 0x41c4 points to unused file 0x440a.
Deleting index entry 19_ITA~1.SRT in index $I30 of file 41C4.
Index entry 20_Japanese.srt of index $I30 in file 0x41c4 points to unused file 0x440b.
Deleting index entry 20_Japanese.srt in index $I30 of file 41C4.
Index entry 20_JAP~1.SRT of index $I30 in file 0x41c4 points to unused file 0x440b.
Deleting index entry 20_JAP~1.SRT in index $I30 of file 41C4.
Index entry 21_Korean.srt of index $I30 in file 0x41c4 points to unused file 0x440c.
Deleting index entry 21_Korean.srt in index $I30 of file 41C4.
Index entry 21_KOR~1.SRT of index $I30 in file 0x41c4 points to unused file 0x440c.
Deleting index entry 21_KOR~1.SRT in index $I30 of file 41C4.
Index entry 22_may.srt of index $I30 in file 0x41c4 points to unused file 0x440d.
Deleting index entry 22_may.srt in index $I30 of file 41C4.
Index entry 23_Bokmal.srt of index $I30 in file 0x41c4 points to unused file 0x440e.
Deleting index entry 23_Bokmal.srt in index $I30 of file 41C4.
Index entry 23_BOK~1.SRT of index $I30 in file 0x41c4 points to unused file 0x440e.
Deleting index entry 23_BOK~1.SRT in index $I30 of file 41C4.
Index entry 24_Dutch.srt of index $I30 in file 0x41c4 points to unused file 0x442f.
Deleting index entry 24_Dutch.srt in index $I30 of file 41C4.
Index entry 25_Polish.srt of index $I30 in file 0x41c4 points to unused file 0x4430.
Deleting index entry 25_Polish.srt in index $I30 of file 41C4.
Index entry 25_POL~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4430.
Deleting index entry 25_POL~1.SRT in index $I30 of file 41C4.
Index entry 26_Portuguese.srt of index $I30 in file 0x41c4 points to unused file 0x4431.
Deleting index entry 26_Portuguese.srt in index $I30 of file 41C4.
Index entry 26_POR~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4431.
Deleting index entry 26_POR~1.SRT in index $I30 of file 41C4.
Index entry 27_Portuguese.srt of index $I30 in file 0x41c4 points to unused file 0x4432.
Deleting index entry 27_Portuguese.srt in index $I30 of file 41C4.
Index entry 27_POR~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4432.
Deleting index entry 27_POR~1.SRT in index $I30 of file 41C4.
Index entry 28_Romanian.srt of index $I30 in file 0x41c4 points to unused file 0x4433.
Deleting index entry 28_Romanian.srt in index $I30 of file 41C4.
Index entry 28_ROM~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4433.
Deleting index entry 28_ROM~1.SRT in index $I30 of file 41C4.
Index entry 29_Russian.srt of index $I30 in file 0x41c4 points to unused file 0x4434.
Deleting index entry 29_Russian.srt in index $I30 of file 41C4.
Index entry 29_RUS~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4434.
Deleting index entry 29_RUS~1.SRT in index $I30 of file 41C4.
Index entry 2_English.srt of index $I30 in file 0x41c4 points to unused file 0x4435.
Deleting index entry 2_English.srt in index $I30 of file 41C4.
Index entry 2_ENGL~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4435.
Deleting index entry 2_ENGL~1.SRT in index $I30 of file 41C4.
Index entry 30_Swedish.srt of index $I30 in file 0x41c4 points to unused file 0x4436.
Deleting index entry 30_Swedish.srt in index $I30 of file 41C4.
Index entry 30_SWE~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4436.
Deleting index entry 30_SWE~1.SRT in index $I30 of file 41C4.
Index entry 31_Thai.srt of index $I30 in file 0x41c4 points to unused file 0x4437.
Deleting index entry 31_Thai.srt in index $I30 of file 41C4.
Index entry 32_Turkish.srt of index $I30 in file 0x41c4 points to unused file 0x4463.
Deleting index entry 32_Turkish.srt in index $I30 of file 41C4.
Index entry 32_TUR~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4463.
Deleting index entry 32_TUR~1.SRT in index $I30 of file 41C4.
Index entry 33_ukr.srt of index $I30 in file 0x41c4 points to unused file 0x4464.
Deleting index entry 33_ukr.srt in index $I30 of file 41C4.
Index entry 34_Vietnamese.srt of index $I30 in file 0x41c4 points to unused file 0x4465.
Deleting index entry 34_Vietnamese.srt in index $I30 of file 41C4.
Index entry 34_VIE~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4465.
Deleting index entry 34_VIE~1.SRT in index $I30 of file 41C4.
Index entry 35_Chinese.srt of index $I30 in file 0x41c4 points to unused file 0x4466.
Deleting index entry 35_Chinese.srt in index $I30 of file 41C4.
Index entry 35_CHI~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4466.
Deleting index entry 35_CHI~1.SRT in index $I30 of file 41C4.
Index entry 36_Chinese.srt of index $I30 in file 0x41c4 points to unused file 0x4467.
Deleting index entry 36_Chinese.srt in index $I30 of file 41C4.
Index entry 36_CHI~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4467.
Deleting index entry 36_CHI~1.SRT in index $I30 of file 41C4.
Index entry 3_English.srt of index $I30 in file 0x41c4 points to unused file 0x4468.
Deleting index entry 3_English.srt in index $I30 of file 41C4.
Index entry 3_ENGL~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4468.
Deleting index entry 3_ENGL~1.SRT in index $I30 of file 41C4.
Index entry 4_English.srt of index $I30 in file 0x41c4 points to unused file 0x4469.
Deleting index entry 4_English.srt in index $I30 of file 41C4.
Index entry 4_ENGL~1.SRT of index $I30 in file 0x41c4 points to unused file 0x4469.
Deleting index entry 4_ENGL~1.SRT in index $I30 of file 41C4.
Index entry 5_Arabic.srt of index $I30 in file 0x41c4 points to unused file 0x446a.
Deleting index entry 5_Arabic.srt in index $I30 of file 41C4.
Index entry 6_Czech.srt of index $I30 in file 0x41c4 points to unused file 0x4576.
Deleting index entry 6_Czech.srt in index $I30 of file 41C4.
Index entry 7_Danish.srt of index $I30 in file 0x41c4 points to unused file 0x457a.
Deleting index entry 7_Danish.srt in index $I30 of file 41C4.
Index entry 8_German.srt of index $I30 in file 0x41c4 points to unused file 0x457b.
Deleting index entry 8_German.srt in index $I30 of file 41C4.
Index entry 9_Greek.srt of index $I30 in file 0x41c4 points to unused file 0x457c.
Deleting index entry 9_Greek.srt in index $I30 of file 41C4.
Index entry CRANK2~1.SRT of index $I30 in file 0xb477 points to unused file 0xb479.
Deleting index entry CRANK2~1.SRT in index $I30 of file B477.
Index entry WWWYIF~1.JPG of index $I30 in file 0xb477 points to unused file 0xb47a.
Deleting index entry WWWYIF~1.JPG in index $I30 of file B477.
Unable to locate the file name attribute of index entry The Americans (2013) - S06E05 - The Great Patriotic War (1080p AMZN WEB-DL x265 Silence).mkv
of index $I30 with parent 0xb49f in file 0xb4de.
Deleting index entry The Americans (2013) - S06E05 - The Great Patriotic War (1080p AMZN WEB-DL x265 Silence).mkv in index $I30 of file B49F.
Unable to locate the file name attribute of index entry THEAME~4.MKV
of index $I30 with parent 0xb49f in file 0xb4de.
Deleting index entry THEAME~4.MKV in index $I30 of file B49F.
  219478 index entries processed.                                                      

Index verification completed.
Phase duration (Index verification): 6.20 seconds.
CHKDSK is scanning unindexed files for reconnect to their original directory.
Recovering orphaned file $RNSM1TS.mp4 (B391) into directory file 6D8B.
Recovering orphaned file $R81WEKP.mp4 (B392) into directory file 6D8B.
  9 unindexed files scanned.                                       

  2 unindexed files recovered to original directory.
Phase duration (Orphan reconnection): 0.00 milliseconds.
CHKDSK is recovering remaining unindexed files.
  7 unindexed files recovered to lost and found.                   

    Lost and found is located at \found.002

Phase duration (Orphan recovery to lost and found): 0.00 milliseconds.
  6443 reparse records processed.                                     

Phase duration (Reparse point and Object ID verification): 42.00 milliseconds.

Stage 3: Examining security descriptors ...
Cleaning up 17 unused index entries from index $SII of file 0x9.
Cleaning up 17 unused index entries from index $SDH of file 0x9.
Cleaning up 17 unused security descriptors.
Security descriptor verification completed.
Phase duration (Security descriptor verification): 32.30 milliseconds.
  6444 data files processed.                                          

Phase duration (Data attribute verification): 1.47 milliseconds.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.
No further action is required.

976760000 KB total disk space.
737354796 KB in 38327 files.
     17064 KB in 6448 indexes.
         0 KB in bad sectors.
    302464 KB in use by the system.
     65536 KB occupied by the log file.
239085676 KB available on disk.

      4096 bytes in each allocation unit.
244190000 total allocation units on disk.
  59771419 allocation units available on disk.
Total duration: 13.51 seconds (13512 ms).

Internal Info:
00 27 03 00 f0 ae 00 00 d8 27 01 00 00 00 00 00  .'.......'......
2b 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00  +...............

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 26226
Record Number: 113496
Source Name: Chkdsk
Time Written: 12-11-2023 @ 14:27:35
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume6
Volume label is SAMSUNG.

Stage 1: Examining basic file system structure ...
    Found 0x3 clusters allocated to file "...\Full.Swing.S01E02.1080p.WEBRip.x265-RARBG[eztv.re] <0x8,0x41c4>" at offset "0" marked as free
was not able to send command for self-healing due to lack of memory.
"Chkdsk /scan" has found volume bitmap corruption which can only be repaired by "chkdsk /f".  Aborting.

----------------------------------------------------------------------

Stage 1: Examining basic file system structure ...
"chkdsk /scan" is aborting due to self-healing command failure: 0xc0000102
"chkdsk /f" will be required to repair the volume.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 26228
Record Number: 113371
Source Name: Chkdsk
Time Written: 12-10-2023 @ 17:08:59
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume8
Volume label is SAMSUNG.

Examining 1 corruption record ...

Record 1 of 1: Index entry for file "\TV Series\The Americans\The Americans S06\The Americans (2013) - S06E05 - The Great Patriotic War (1080p AMZN WEB-DL x265 Silence).mkv <0x2,0xb4de>" is missing from index "$I30" of directory "\TV Series\The Americans\The Americans S05 <0x2,0xb49f>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 26228
Record Number: 113369
Source Name: Chkdsk
Time Written: 12-10-2023 @ 17:01:35
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume8
Volume label is SAMSUNG.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x2,0xb46e>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------
Category: 0
Computer Name: LAPTOP-GN573EL9
Event Code: 26228
Record Number: 101847
Source Name: Chkdsk
Time Written: 10-05-2023 @ 12:53:28
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot. 

Checking file system on \Device\HarddiskVolume6
Volume label is SAMSUNG.

Examining 1 corruption record ...

Record 1 of 1: Corrupt File "<0x2,0xb47a>" ... no corruption found.

1 corruption record processed in 0.1 seconds.

Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.

-----------------------------------------------------------------------


  • 0

#9
DR M
Posted 10 February 2024 - 11:51 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,122 posts

Yes, it ran and it shows no problems now.

 

Is the D disk an external disk? This is from your logs: Samsung M3 Portable USB Device


  • 0

#10
peter plus
Posted 10 February 2024 - 12:21 PM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

Yes it is


  • 0

Advertisements

#11
DR M
Posted 10 February 2024 - 12:30 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,122 posts

ΟΚ. Unplug D, for now, and let me see fresh FRST logs. It would be easier for me if you attached them instead of copied/pasted them here.

 

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

  • 0

#12
peter plus
Posted 10 February 2024 - 12:44 PM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

No problem. Logs attached

Attached Files


  • 0

#13
DR M
Posted 10 February 2024 - 01:53 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,122 posts

Thanks. 
 
Since it's late for me now (10 p.m.), I'll review your logs tomorrow.
 
In the meantime, and since we are starting the cleaning procedure, please have in mind the following basic rules:


1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.

4. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

6. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


  • 0

#14
peter plus
Posted 10 February 2024 - 02:36 PM

peter plus

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 278 posts

Thanks for your help. As it happens it has frozen twice again this evening since running chkdsk

 

Catch up tomorrow


  • 0

#15
DR M
Posted 11 February 2024 - 06:34 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,122 posts

Hi.
 
It seems that there are some strange entries, possibly bad entries, related to your Chrome browser.
 
I would like you to uninstall Chrome (we will re-install it later, when I tell you). 
 
 
1. Uninstall Chrome

Backup your Bookmarks (if you have any)

If your Chrome Bookmarks are important do this first:
Go to this link: http://www.wikihow.c...rks-from-Chrome follow the instructions and Export your Bookmarks from Chrome and save them to your Desktop. Note the instructions can also be used to Import the bookmarks.

Get ready - Download Chrome installer

Download Chrome installer and save to install later: https://www.google.c...ktop/index.html https://www.google.c...ktop/index.html
 
 
Completely uninstall Chrome

 

 

2. FRST fix
 
Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Start::
CreateRestorePoint:
CloseProcesses:
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
CustomCLSID: HKU\S-1-5-21-1660784041-1680324514-1991157008-1001_Classes\CLSID\{D332E8D3-59B3-4013-9D01-33AEBFF55FF5}\localserver32 -> "C:\Users\nwort\AppData\Local\Vivaldi\Application\6.4.3160.42\notification_helper.exe" => No File
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
FirewallRules: [{7F3859C8-09F8-4E52-95D6-3BC75F6EDCAC}] => (Allow) C:\Program Files (x86)\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{BAC53C81-13DE-4E0D-807F-303D7909CCE0}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => No File
FirewallRules: [{74A08DF7-03CD-4F99-B359-C3233C22FAA7}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{F1796E76-7F83-4C6D-B99C-A78BB6B8CCB1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe => No File
FirewallRules: [{81E2B12F-DBB7-4F4A-B513-A4E45B467C26}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe => No File
FirewallRules: [{2B6BBC0C-0A64-44A4-9715-26F2D599CA96}] => (Allow) C:\Program Files (x86)\Iriun Webcam\IriunWebcam.exe => No File
FirewallRules: [{D541B66D-65EC-4955-AEDC-9F606760EEA5}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_4fc38a913e0f2ea5\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No File
FirewallRules: [{02636A4F-DD99-40E1-895D-36E983C7797A}] => (Allow) C:\Windows\System32\DriverStore\FileRepository\asussci2.inf_amd64_4fc38a913e0f2ea5\ASUSLinkRemote\AsusLinkRemoteAgent.exe => No File
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKLM\...\Run: [UniConverterUpdateHelper] => C:\Program Files\Wondershare\UniConverter 14\WSVCUUpdateHelper.exe (No File)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKU\S-1-5-21-1660784041-1680324514-1991157008-1001\...\MountPoints2: {79e156ac-470a-11ee-b47a-646ee0fd5a56} - "D:\Startme.exe" 
Task: {F532662A-77D7-4623-8387-317A537EAB5F} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem123.0.6288.0{F118E8AF-D2BD-45F4-A88F-2E6C6944BBB0} => C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
Task: {24AB160E-3481-4B0D-9C44-25021656BCCB} - System32\Tasks\McAfee Subscription job => \\?\C:\Program Files\McAfee\NexsJobs\McSubscriptionJob.exe  (No File)
Task: {226FAEDF-F0E2-4D8A-AD25-8E2E29DC39FB} - System32\Tasks\McAfee\DAD.Execute.Updates => "C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe"  (No File)
Task: {122F2739-1FF4-42DE-9EB3-1DB4E415032A} - System32\Tasks\McAfee\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe  /hcmode=periodic /periodicruncount=5 (No File)
S2 GoogleUpdaterInternalService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
S2 GoogleUpdaterService123.0.6288.0; C:\Program Files (x86)\Google\GoogleUpdater\123.0.6288.0\updater.exe [4682528 2024-02-08] (Google LLC -> Google LLC) <==== ATTENTION
Tcpip\..\Interfaces\{776cdf07-e39e-4dd4-8790-e0e3e0027fb5}: [DhcpDomain] BN29DL2.com
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EDB7AEE7-E932-4836-AE50-D3B0B7766CB5}
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

 

In your next reply please post:

  1. If you successfully uninstalled Chrome
  2. The fix.log.txt

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP