Pop Up Ads And Scan On Reboot

I keep getting pop up ads when I am using google chrome, I also don't know if any of this is related, but my discord won't load anymore, my computer recently did a "scan" to fix the c drive at reboot, and when I am using google messages for web I no longer have correct spell check. Also when I am downloading files from my gmail they are all screwed up, like really long file names, not the file names they are supposed to be. My logs are attached. Also I have Windows 11, I did the scans for windows 10

 

I tried to paste the requested(they were going to be in serarate posts) and I was given an error message that they about the post being too many characters. The files are attached

 

1-I recognize the takout.zip file, it is a backup from my google drive.
2-The unconfirmed download is probably just some download i started that never finished for some reason, or something like that. The long file names were a series of like 30 or 50 random characters, I would click on a file or an email attachment and I would get a bunch of junk like the file with the 50 random characters, not the correct file. Then I would click on it again and get the correct file.
3-I think the computer came with an AV, possibly Norton but I don't remember, but I uninstalled it(or thought I did) after the trial, and just used windows security.

4-The ListChkdskResult is as follows:

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
------< Log generate on 12/26/2023 2:56:44 PM >------
Category: 0
Computer Name: shart
Event Code: 1001
Record Number: 33885
Source Name: Microsoft-Windows-Wininit
Time Written: 12-22-2023 @ 20:16:01
Event Type: Information
User:
Message:
Checking file system on C:
The type of the file system is NTFS.
Volume label is Acer.
The volume is dirty.
Stage 1: Examining basic file system structure ...
Cleaning up instance tags for file 0x201ca.
Cleaning up instance tags for file 0x476cc.
Attribute record of type 0x80 and instance tag 0x3 is cross linked
starting at 0xc60807 for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x3
in file 0x1f2d3b is already in use.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x1F2D3B.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0xedc5a7 for possibly 0xd clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1f30fb is already in use.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x1F30FB.
Attribute record of type 0x80 and instance tag 0x4 is cross linked
starting at 0x1f1338f for possibly 0x1 clusters.
Some clusters occupied by attribute of type 0x80 and instance tag 0x4
in file 0x1f3120 is already in use.
Deleting corrupt attribute record (0x80, "")
from file record segment 0x1F3120.
2465024 file records processed.
File verification completed.
Phase duration (File record verification): 22.58 seconds.
63131 large file records processed.
Phase duration (Orphan file record recovery): 23.65 milliseconds.
0 bad file records processed.
Phase duration (Bad file record checking): 1.21 milliseconds.
Stage 2: Examining file name linkage ...
992115 reparse records processed.
Unable to locate the file name attribute of index entry FOUNDA~1.DLL
of index $I30 with parent 0xd5eb8 in file 0x1f16d8.
Deleting index entry FOUNDA~1.DLL in index $I30 of file D5EB8.
The file reference 0xc0000001f16d9 of index entry FOUNDA~1.RES of index $I30
with parent 0xd5eb8 is not the same as 0xd0000001f16d9.
Deleting index entry FOUNDA~1.RES in index $I30 of file D5EB8.
Unable to locate the file name attribute of index entry GNSDK_~1.DLL
of index $I30 with parent 0xd5eb8 in file 0x1f16fa.
Deleting index entry GNSDK_~1.DLL in index $I30 of file D5EB8.
Unable to locate the file name attribute of index entry GNSDK_~2.DLL
of index $I30 with parent 0xd5eb8 in file 0x1f16fc.
Deleting index entry GNSDK_~2.DLL in index $I30 of file D5EB8.
Unable to locate the file name attribute of index entry GNSDK_~3.DLL
of index $I30 with parent 0xd5eb8 in file 0x1f1703.
Deleting index entry GNSDK_~3.DLL in index $I30 of file D5EB8.
Unable to locate the file name attribute of index entry GNSDK_~4.DLL
of index $I30 with parent 0xd5eb8 in file 0x1f1705.
Deleting index entry GNSDK_~4.DLL in index $I30 of file D5EB8.
Correcting error in index $I30 for file 1F1710.
Correcting error in index $I30 for file 1F1710.
The down pointer of current index entry with length 0x70 is invalid.
7a 9f 21 00 00 00 21 00 70 00 58 00 01 00 00 00 z.!...!.p.X.....
10 17 1f 00 00 00 09 00 33 c6 76 2c 58 14 da 01 ........3.v,X...
f7 d4 79 2c 58 14 da 01 f7 d4 79 2c 58 14 da 01 ..y,X.....y,X...
a1 7a 35 12 2c 30 da 01 00 00 00 00 00 00 00 00 .z5.,0..........
00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 ................
0b 02 45 00 4e 00 5f 00 41 00 55 00 7e 00 31 00 ..E.N._.A.U.~.1.
2e 00 4c 00 50 00 52 00 ff ff ff ff ff ff ff ff ..L.P.R.........
Sorting index $I30 in file 1F1710.
Index entry EN_AU~1.LPR of index $I30 in file 0x1f1710 points to unused file 0x219f7a.
Deleting index entry EN_AU~1.LPR in index $I30 of file 1F1710.
Index entry EN_GB~1.LPR of index $I30 in file 0x1f1710 points to unused file 0x21c372.
Deleting index entry EN_GB~1.LPR in index $I30 of file 1F1710.
Index entry ES0277~1.LPR of index $I30 in file 0x1f1710 points to unused file 0x21d401.
Deleting index entry ES0277~1.LPR in index $I30 of file 1F1710.
Index entry ES_419~1.LPR of index $I30 in file 0x1f1710 points to unused file 0x2238fc.
Deleting index entry ES_419~1.LPR in index $I30 of file 1F1710.
Index entry FI8B89~1.LPR of index $I30 in file 0x1f1710 points to unused file 0x227538.
Deleting index entry FI8B89~1.LPR in index $I30 of file 1F1710.
Index entry FRDA63~1.LPR of index $I30 in file 0x1f1710 points to unused file 0x22800e.
Deleting index entry FRDA63~1.LPR in index $I30 of file 1F1710.
Index entry FR_CA~1.LPR of index $I30 in file 0x1f1710 points to unused file 0x22877d.
Deleting index entry FR_CA~1.LPR in index $I30 of file 1F1710.
3232640 index entries processed.
Index verification completed.
Phase duration (Index verification): 2.27 minutes.
CHKDSK is scanning unindexed files for reconnect to their original directory.
79 unindexed files scanned.
0 unindexed files recovered to original directory.
Phase duration (Orphan reconnection): 38.04 seconds.
CHKDSK is recovering remaining unindexed files.
79 unindexed files recovered to lost and found.
Lost and found is located at \found.000
Phase duration (Orphan recovery to lost and found): 128.55 milliseconds.
992115 reparse records processed.
Phase duration (Reparse point and Object ID verification): 1.46 seconds.
Stage 3: Examining security descriptors ...
Cleaning up 4409 unused index entries from index $SII of file 0x9.
Cleaning up 4409 unused index entries from index $SDH of file 0x9.
Cleaning up 4409 unused security descriptors.
Security descriptor verification completed.
Phase duration (Security descriptor verification): 66.27 milliseconds.
Inserting data attribute into file 1F2D3B.
Inserting data attribute into file 1F30FB.
Inserting data attribute into file 1F3120.
383812 data files processed.
Phase duration (Data attribute verification): 3.66 milliseconds.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
No further action is required.
1952345087 KB total disk space.
581529864 KB in 2110646 files.
1064480 KB in 383821 indexes.
0 KB in bad sectors.
2559307 KB in use by the system.
65536 KB occupied by the log file.
1367191436 KB available on disk.
4096 bytes in each allocation unit.
488086271 total allocation units on disk.
341797859 allocation units available on disk.
Total duration: 3.31 minutes (199022 ms).
Internal Info:
00 9d 25 00 b1 8f 24 00 ad 9d 3c 00 00 00 00 00 ..%...$...<.....
16 09 00 00 5d 1a 0f 00 00 00 00 00 00 00 00 00 ....]...........
-----------------------------------------------------------------------
Category: 0
Computer Name: shart
Event Code: 26228
Record Number: 33844
Source Name: Chkdsk
Time Written: 12-22-2023 @ 20:11:07
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Volume label is Acer.
Examining 1 corruption record ...
Record 1 of 1: Corrupt File "...\genresLoc.plist <0x13,0x1f5b2d>" ... no corruption found.
1 corruption record processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: shart
Event Code: 26228
Record Number: 33842
Source Name: Chkdsk
Time Written: 12-22-2023 @ 20:08:43
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Volume label is Acer.
Examining 3 corruption records ...
Record 1 of 3: Corrupt File "...\iPhone License.rtf <0x15,0x1f3083>" ... no corruption found.
Record 2 of 3: Corrupt File "...\iPod touch License.rtf <0x14,0x1f30fb>" ... no corruption found.
Record 3 of 3: Corrupt File "...\iTunesExtraListView.png <0xd,0x1f3120>" ... no corruption found.
3 corruption records processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: shart
Event Code: 26228
Record Number: 33810
Source Name: Chkdsk
Time Written: 12-22-2023 @ 20:01:50
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Volume label is Acer.
Examining 6 corruption records ...
Record 1 of 6: Corrupt File "...\iPod touch License.rtf <0x9,0x1f173d>" ... no corruption found.
Record 2 of 6: Corrupt File "...\Localizable.strings <0x1a,0x1f183d>" ... no corruption found.
Record 3 of 6: Corrupt File "...\iTunesLocalized.dll <0xc,0x1f182f>" ... no corruption found.
Record 4 of 6: Corrupt File "...\genresLoc.plist <0x34,0x1f2b9e>" ... no corruption found.
Record 5 of 6: Corrupt File "...\genresLoc.plist <0x9,0x1f2d9a>" ... no corruption found.
Record 6 of 6: Corrupt File "...\iPhone License.rtf <0x9,0x1f2d9c>" ... no corruption found.
6 corruption records processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: shart
Event Code: 26228
Record Number: 33809
Source Name: Chkdsk
Time Written: 12-22-2023 @ 20:01:41
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume3
Volume label is Acer.
Examining 25 corruption records ...
Record 1 of 25: Corrupt File "<0xb,0x1f16d6>" ... no corruption found.
Record 2 of 25: Corrupt File "\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\Foundation.dll <0xc,0x1f16d8>" ... no corruption found.
Record 3 of 25: Corrupt File "<0xc,0x1f16d9>" ... no corruption found.
Record 4 of 25: Corrupt File "\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\gnsdk_dsp.dll <0xb,0x1f16fa>" ... no corruption found.
Record 5 of 25: Corrupt File "\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\gnsdk_manager.dll <0xf,0x1f16fc>" ... no corruption found.
Record 6 of 25: Corrupt File "\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\gnsdk_musicid.dll <0xb,0x1f1703>" ... no corruption found.
Record 7 of 25: Corrupt File "\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\gnsdk_submit.dll <0x14,0x1f1705>" ... no corruption found.
Record 8 of 25: Corrupt File "<0xf,0x1f1709>" ... no corruption found.
Record 9 of 25: Corrupt File "<0x1d,0x1f170f>" ... no corruption found.
Record 10 of 25: Corrupt File "<0x1c,0x1f1711>" ... no corruption found.
Record 11 of 25: Corrupt File "\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\iTunes.Resources\axloadcomplete.wav <0x7,0x1f2b40>" ... no corruption found.
Record 12 of 25: Corrupt File "<0x6,0x1f2b48>" ... no corruption found.
Record 13 of 25: Corrupt File "<0x8,0x1f2d87>" ... no corruption found.
Record 14 of 25: Corrupt File "<0x8,0x1f2d89>" ... no corruption found.
Record 15 of 25: Corrupt File "<0x2e,0x1f2ffd>" ... no corruption found.
Record 16 of 25: Corrupt File "<0x17,0x1f5a28>" ... no corruption found.
Record 17 of 25: Corrupt File "<0x2b,0x1f7cce>" ... no corruption found.
Record 18 of 25: Corrupt File "<0x8,0x217f75>" ... no corruption found.
Record 19 of 25: Corrupt File "<0x21,0x219f7a>" ... no corruption found.
Record 20 of 25: Corrupt File "<0xc,0x21c372>" ... no corruption found.
Record 21 of 25: Corrupt File "<0x10,0x21d401>" ... no corruption found.
Record 22 of 25: Corrupt File "<0x9,0x2238fc>" ... no corruption found.
Record 23 of 25: Corrupt File "<0x4,0x227538>" ... no corruption found.
Record 24 of 25: Corrupt File "<0xb,0x22800e>" ... no corruption found.
Record 25 of 25: Corrupt File "<0x7,0x22877d>" ... no corruption found.
25 corruption records processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: shart
Event Code: 26228
Record Number: 5291
Source Name: Chkdsk
Time Written: 05-01-2023 @ 19:34:08
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume9
Volume label is New Volume.
Examining 1 corruption record ...
Record 1 of 1: Adding lost file "<0x1,0x94>" to index "$I30" of directory "\$LogFile <0x2,0x2>" ... no corruption found.
1 corruption record processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found no problems.
No further action is required.
-----------------------------------------------------------------------
Category: 0
Computer Name: shart
Event Code: 26226
Record Number: 5288
Source Name: Chkdsk
Time Written: 05-01-2023 @ 19:34:05
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume9
Volume label is New Volume.
Stage 1: Examining basic file system structure ...
Found corrupt basic file structure for "<0x1,0x94>"
... queued for offline repair.
512 file records processed.
File verification completed.
Phase duration (File record verification): 44.49 milliseconds.
0 large file records processed.
Phase duration (Orphan file record recovery): 0.03 milliseconds.
0 bad file records processed.
Phase duration (Bad file record checking): 0.01 milliseconds.
Stage 2: Examining file name linkage ...
44 reparse records processed.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4bb>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4bc>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4bd>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4be>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4bf>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4c0>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4c1>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4c2>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4c3>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4c4>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4c5>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4c6>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4c7>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4c8>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4c9>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4ca>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4cb>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4cc>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4cd>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4ce>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4cf>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4d0>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4d1>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4d2>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4d3>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4d4>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4d5>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4d6>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4d7>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4d8>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4d9>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4da>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4db>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4dc>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4dd>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4de>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4df>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4e0>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4e1>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4e2>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4e3>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4e4>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4e5>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4e6>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4e7>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4e8>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4e9>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4ea>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4eb>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4ec>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4ed>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4ee>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4ef>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4f0>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4f1>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4f2>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4f3>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4f4>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4f5>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4f6>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4f7>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4f8>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4f9>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4fa>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4fb>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4fc>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4fd>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4fe>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa4ff>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa500>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa501>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xa502>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xacb4>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xacb5>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xacb6>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xacb7>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xacb8>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xacb9>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0xb432>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0x15821>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0x15822>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0x15823>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0x15824>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0x15825>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0x15826>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Found an unneeded link ($REPARSE_POINT: <0x1,0x15827>, ReparseTag: 0xa000000c) in index "$R" of directory "\$Extend\$Reparse <0x1,0x1a>"
... queued for offline repair.
Fo
-----------------------------------------------------------------------
Category: 0
Computer Name: shart
Event Code: 26226
Record Number: 5287
Source Name: Chkdsk
Time Written: 05-01-2023 @ 19:33:56
Event Type: Information
User:
Message: Chkdsk was executed in scan mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume9
Volume label is New Volume.
Stage 1: Examining basic file system structure ...
Found corrupt basic file structure for "<0x1,0x94>"
... queued for offline repair.
Found 0x1 clusters allocated to file "<0x1,0x95>" at offset "0" marked as free
... repaired online.
Found corrupt basic file structure for "<0x1,0x95>"
... repaired online.
Found 0x1 clusters allocated to file "<0x1,0x96>" at offset "0" marked as free
... repaired online.
Found corrupt basic file structure for "<0x1,0x96>"
... repaired online.
Found 0x1 clusters allocated to file "<0x1,0x97>" at offset "0" marked as free
... repaired online.
Found corrupt basic file structure for "<0x1,0x97>"
... repaired online.
Found 0x1 clusters allocated to file "<0x1,0xa5>" at offset "0" marked as free
... repaired online.
Found corrupt basic file structure for "<0x1,0xa5>"
... repaired online.
Found 0x1 clusters allocated to file "<0x1,0xa6>" at offset "0" marked as free
... repaired online.
Found corrupt basic file structure for "<0x1,0xa6>"
... repaired online.
512 file records processed.
File verification completed.
Phase duration (File record verification): 40.25 milliseconds.
"Chkdsk /scan" has found and repaired critical volume bitmap corruption online and must restart the scan.
----------------------------------------------------------------------
Stage 1: Examining basic file system structure ...
-----------------------------------------------------------------------
Category: 0
Computer Name: shart
Event Code: 26228
Record Number: 5171
Source Name: Chkdsk
Time Written: 05-01-2023 @ 19:24:35
Event Type: Information
User:
Message: Chkdsk was executed in verify mode on a volume snapshot.
Checking file system on \Device\HarddiskVolume9
Volume label is New Volume.
Examining 7 corruption records ...
Record 1 of 7: Corrupt File "<0x1,0x94>" ... corruption found.
Record 2 of 7: Adding lost file "<0x1,0x94>" to index "$I30" of directory "\$LogFile <0x2,0x2>" ... no corruption found.
Record 3 of 7: Corrupt File "<0x1,0x95>" ... corruption found.
Record 4 of 7: Corrupt File "<0x1,0x96>" ... corruption found.
Record 5 of 7: Corrupt File "<0x1,0x97>" ... corruption found.
Record 6 of 7: Corrupt File "<0x1,0xa5>" ... corruption found.
Record 7 of 7: Corrupt File "<0x1,0xa6>" ... corruption found.


7 corruption records processed in 0.1 seconds.
Windows has examined the list of previously identified potential issues and found problems.
Please run chkdsk /scan to fully analyze the problems and queue them for repair.
-----------------------------------------------------------------------

 

Sorry, I was building my reply and my computer rebooted so I had to put my fixlog in a second post, not trying to bump

Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-12-2023
Ran by roymu (26-12-2023 15:14:31) Run:1
Running from C:\Users\roymu\OneDrive\Desktop
Loaded Profiles: roymu
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
FirewallRules: [{FC418702-3A04-4166-8D0E-6214408E7F82}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [TCP Query User{78595BE9-EEEA-4286-ABD9-A4436B0D6CA2}C:\users\roymu\appdata\local\discord\app-1.0.9015\discord.exe] => (Allow) C:\users\roymu\appdata\local\discord\app-1.0.9015\discord.exe => No File
FirewallRules: [UDP Query User{FA54D59C-C2CF-40AA-8BC4-70CAC749B107}C:\users\roymu\appdata\local\discord\app-1.0.9015\discord.exe] => (Allow) C:\users\roymu\appdata\local\discord\app-1.0.9015\discord.exe => No File
FirewallRules: [{63282DB4-2950-4482-BC70-3D55BCFBA68E}] => (Allow) C:\Users\roymu\AppData\Local\Temp\7zS7B8F\HP.EasyStart.exe => No File
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
2023-12-09 06:36 - 2023-12-09 06:51 - 003866277 _____ C:\Users\roymu\Downloads\Unconfirmed 402049.crdownload
2023-12-09 05:59 - 2023-12-09 06:06 - 146310119 _____ C:\Users\roymu\Downloads\Unconfirmed 417121.crdownload
2023-12-09 05:50 - 2023-12-09 06:08 - 140089845 _____ C:\Users\roymu\Downloads\Unconfirmed 130931.crdownload
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
*****************
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC418702-3A04-4166-8D0E-6214408E7F82}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{78595BE9-EEEA-4286-ABD9-A4436B0D6CA2}C:\users\roymu\appdata\local\discord\app-1.0.9015\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FA54D59C-C2CF-40AA-8BC4-70CAC749B107}C:\users\roymu\appdata\local\discord\app-1.0.9015\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63282DB4-2950-4482-BC70-3D55BCFBA68E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
C:\Users\roymu\Downloads\Unconfirmed 402049.crdownload => moved successfully
C:\Users\roymu\Downloads\Unconfirmed 417121.crdownload => moved successfully
C:\Users\roymu\Downloads\Unconfirmed 130931.crdownload => moved successfully
========= sfc /scannow =========
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
========= End of CMD: =========
========= DISM /Online /Cleanup-Image /CheckHealth =========
Deployment Image Servicing and Management tool
Version: 10.0.22621.2792
Image Version: 10.0.22621.2861
No component store corruption detected.
The operation completed successfully.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 15:16:18 ====

 

So, I'm not sure exactly what sites has the adds popping up. I exclusively use the google chrome browser so that is the browser. I have ads popping up when I click on links on major geeks site, but I don't know if that is by design or not. I had ads on other sites, I thought it was most sites, but I just started browsing around to see, and couldn't get any to pop up so I'm not sure anymore.
The Fixlog is here:
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-12-2023
Ran by roymu (26-12-2023 15:14:31) Run:1
Running from C:\Users\roymu\OneDrive\Desktop
Loaded Profiles: roymu
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
FirewallRules: [{FC418702-3A04-4166-8D0E-6214408E7F82}] => (Allow) C:\Program Files\LogiOptionsPlus\logivoice\logioptionsplus_logivoice => No File
FirewallRules: [TCP Query User{78595BE9-EEEA-4286-ABD9-A4436B0D6CA2}C:\users\roymu\appdata\local\discord\app-1.0.9015\discord.exe] => (Allow) C:\users\roymu\appdata\local\discord\app-1.0.9015\discord.exe => No File
FirewallRules: [UDP Query User{FA54D59C-C2CF-40AA-8BC4-70CAC749B107}C:\users\roymu\appdata\local\discord\app-1.0.9015\discord.exe] => (Allow) C:\users\roymu\appdata\local\discord\app-1.0.9015\discord.exe => No File
FirewallRules: [{63282DB4-2950-4482-BC70-3D55BCFBA68E}] => (Allow) C:\Users\roymu\AppData\Local\Temp\7zS7B8F\HP.EasyStart.exe => No File
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
2023-12-09 06:36 - 2023-12-09 06:51 - 003866277 _____ C:\Users\roymu\Downloads\Unconfirmed 402049.crdownload
2023-12-09 05:59 - 2023-12-09 06:06 - 146310119 _____ C:\Users\roymu\Downloads\Unconfirmed 417121.crdownload
2023-12-09 05:50 - 2023-12-09 06:08 - 140089845 _____ C:\Users\roymu\Downloads\Unconfirmed 130931.crdownload
cmd: sfc /scannow
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
*****************
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
HKLM\System\CurrentControlSet\Services\WinSetupMon => removed successfully
WinSetupMon => service removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC418702-3A04-4166-8D0E-6214408E7F82}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{78595BE9-EEEA-4286-ABD9-A4436B0D6CA2}C:\users\roymu\appdata\local\discord\app-1.0.9015\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FA54D59C-C2CF-40AA-8BC4-70CAC749B107}C:\users\roymu\appdata\local\discord\app-1.0.9015\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63282DB4-2950-4482-BC70-3D55BCFBA68E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => not found
"C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => not found
C:\Users\roymu\Downloads\Unconfirmed 402049.crdownload => moved successfully
C:\Users\roymu\Downloads\Unconfirmed 417121.crdownload => moved successfully
C:\Users\roymu\Downloads\Unconfirmed 130931.crdownload => moved successfully
========= sfc /scannow =========
Beginning system scan. This process will take some time.
Beginning verification phase of system scan.
Verification 0% complete.
Verification 1% complete.
Verification 1% complete.
Verification 2% complete.
Verification 3% complete.
Verification 3% complete.
Verification 4% complete.
Verification 5% complete.
Verification 5% complete.
Verification 6% complete.
Verification 6% complete.
Verification 7% complete.
Verification 8% complete.
Verification 8% complete.
Verification 9% complete.
Verification 10% complete.
Verification 10% complete.
Verification 11% complete.
Verification 12% complete.
Verification 12% complete.
Verification 13% complete.
Verification 13% complete.
Verification 14% complete.
Verification 15% complete.
Verification 15% complete.
Verification 16% complete.
Verification 17% complete.
Verification 17% complete.
Verification 18% complete.
Verification 19% complete.
Verification 19% complete.
Verification 20% complete.
Verification 20% complete.
Verification 21% complete.
Verification 22% complete.
Verification 22% complete.
Verification 23% complete.
Verification 24% complete.
Verification 24% complete.
Verification 25% complete.
Verification 26% complete.
Verification 26% complete.
Verification 27% complete.
Verification 27% complete.
Verification 28% complete.
Verification 29% complete.
Verification 29% complete.
Verification 30% complete.
Verification 31% complete.
Verification 31% complete.
Verification 32% complete.
Verification 33% complete.
Verification 33% complete.
Verification 34% complete.
Verification 34% complete.
Verification 35% complete.
Verification 36% complete.
Verification 36% complete.
Verification 37% complete.
Verification 38% complete.
Verification 38% complete.
Verification 39% complete.
Verification 40% complete.
Verification 40% complete.
Verification 41% complete.
Verification 41% complete.
Verification 42% complete.
Verification 43% complete.
Verification 43% complete.
Verification 44% complete.
Verification 45% complete.
Verification 45% complete.
Verification 46% complete.
Verification 47% complete.
Verification 47% complete.
Verification 48% complete.
Verification 48% complete.
Verification 49% complete.
Verification 50% complete.
Verification 50% complete.
Verification 51% complete.
Verification 52% complete.
Verification 52% complete.
Verification 53% complete.
Verification 54% complete.
Verification 54% complete.
Verification 55% complete.
Verification 55% complete.
Verification 56% complete.
Verification 57% complete.
Verification 57% complete.
Verification 58% complete.
Verification 59% complete.
Verification 59% complete.
Verification 60% complete.
Verification 61% complete.
Verification 61% complete.
Verification 62% complete.
Verification 62% complete.
Verification 63% complete.
Verification 64% complete.
Verification 64% complete.
Verification 65% complete.
Verification 66% complete.
Verification 66% complete.
Verification 67% complete.
Verification 68% complete.
Verification 68% complete.
Verification 69% complete.
Verification 69% complete.
Verification 70% complete.
Verification 71% complete.
Verification 71% complete.
Verification 72% complete.
Verification 73% complete.
Verification 73% complete.
Verification 74% complete.
Verification 75% complete.
Verification 75% complete.
Verification 76% complete.
Verification 76% complete.
Verification 77% complete.
Verification 78% complete.
Verification 78% complete.
Verification 79% complete.
Verification 80% complete.
Verification 80% complete.
Verification 81% complete.
Verification 82% complete.
Verification 82% complete.
Verification 83% complete.
Verification 83% complete.
Verification 84% complete.
Verification 85% complete.
Verification 85% complete.
Verification 86% complete.
Verification 87% complete.
Verification 87% complete.
Verification 88% complete.
Verification 89% complete.
Verification 89% complete.
Verification 90% complete.
Verification 90% complete.
Verification 91% complete.
Verification 92% complete.
Verification 92% complete.
Verification 93% complete.
Verification 94% complete.
Verification 94% complete.
Verification 95% complete.
Verification 96% complete.
Verification 96% complete.
Verification 97% complete.
Verification 97% complete.
Verification 98% complete.
Verification 99% complete.
Verification 99% complete.
Verification 100% complete.
Windows Resource Protection found corrupt files and successfully repaired them.
For online repairs, details are included in the CBS log file located at
windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline
repairs, details are included in the log file provided by the /OFFLOGFILE flag.
========= End of CMD: =========
========= DISM /Online /Cleanup-Image /CheckHealth =========
Deployment Image Servicing and Management tool
Version: 10.0.22621.2792
Image Version: 10.0.22621.2861
No component store corruption detected.


The operation completed successfully.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 15:16:18 ====


The Search.txt is attached

 

Somehow I ran the right one, but attached the wrong one. Seems like something I would do. Here is the right one.

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-12-2023
Ran by roymu (26-12-2023 16:22:21) Run:2
Running from C:\Users\roymu\OneDrive\Desktop
Loaded Profiles: roymu
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
cmd: fsutil dirty query c:
End::
*****************
========= fsutil dirty query c: =========
Volume - c: is NOT Dirty
========= End of CMD: =========
==== End of Fixlog 16:22:26 ====

 

Fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-12-2023
Ran by roymu (26-12-2023 20:08:12) Run:3
Running from C:\Users\roymu\OneDrive\Desktop
Loaded Profiles: roymu
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
C:\Windows\System32\Tasks_Migrated\Norton WSC Integration
C:\Windows\System32\Tasks_Migrated\NortonLifeLock Trial Agent V2
C:\Windows\System32\Tasks_Migrated\Norton Security Ultra
C:\ProgramData\NortonInstaller
2023-03-25 09:20 - 2023-03-26 07:33 _____ C:\Windows\System32\Tasks_Migrated\Norton Security Ultra
2023-04-02 14:44 - 2023-04-02 14:44 _____ C:\Users\roymu\AppData\LocalLow\Norton
2023-03-23 23:44 - 2023-03-23 23:44 _____ C:\Users\roymu\AppData\Local\Norton
2023-05-14 09:52 - 2023-05-14 09:52 _____ C:\Users\roymu\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_renew.norton.com_0.indexeddb.leveldb
2023-08-07 08:52 - 2023-08-07 11:42 _____ C:\Users\roymu\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_us.norton.com_0.indexeddb.leveldb
2021-09-01 12:01 - 2021-09-01 12:01 _____ C:\Users\Public\NortonLifeLock
2023-03-23 17:23 - 2023-03-23 23:52 _____ C:\Users\Public\Downloads\Norton
2021-09-01 12:00 - 2023-05-25 10:00 _____ C:\ProgramData\Norton
2023-03-23 16:51 - 2023-05-25 10:00 _____ C:\Program Files (x86)\Common Files\Symantec Shared
2023-03-25 15:46 - 2023-05-24 19:07 _____ C:\Program Files\Common Files\AV\Norton Security Ultra
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Norton Security\Engine\22.22.6.10\NortonSecurity.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Norton Security\Engine\22.22.9.11\NortonSecurity.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files\Norton Security\Engine\22.22.11.12\NortonSecurity.exe
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBCE891A-81A2-44BF-9F0A-35464BCD00CE}\1.0\0\win32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBCE891A-81A2-44BF-9F0A-35464BCD00CE}\1.0\HELPDIR|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{774068D8-EEA3-4047-BEDA-BC794C9758FA}|LocalizedString
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{774068D8-EEA3-4047-BEDA-BC794C9758FA}\InprocServer32|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{774068D8-EEA3-4047-BEDA-BC794C9758FA}\ProgID|""
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}|DISPLAYNAME
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}|PRODUCTEXE
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}|REPORTINGEXE
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{A6045214-8EAD-7B9C-2E68-BA2B11C858F1}|DISPLAYNAME
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{A6045214-8EAD-7B9C-2E68-BA2B11C858F1}|PRODUCTEXE
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{A6045214-8EAD-7B9C-2E68-BA2B11C858F1}|REPORTINGEXE
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules|C:\Program Files\Norton Security\NortonData\22.20.5.40\Definitions\IPSDefs\20230323.061\IPSEng64.dll
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules|C:\Program Files\Norton Security\NortonData\22.22.6.10\Definitions\IPSDefs\20230323.061\IPSEng64.dll
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules|C:\Program Files\Norton Security\NortonData\22.20.5.40\Definitions\IPSDefs\20230323.061\IPSEng32.dll
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules|C:\Program Files\Norton Security\NortonData\22.22.6.10\Definitions\IPSDefs\20230323.061\IPSEng32.dll
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\BHDrvx64|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\BHDrvx64|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\BHDrvx64|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\IDSVia64|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\IDSVia64|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\IDSVia64|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NortonSecurity|ServiceName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NortonSecurity|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NortonSecurity|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NortonSecurity|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NortonSecurity|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\nsvst_NGC|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\nsWscSvc|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\nsWscSvc|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\nsWscSvc|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\nsWscSvc|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymEvnt|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymEvnt|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymEvnt|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\wpCtrlDrv_NGC|DisplayName
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Control Panel\NotifyIconSettings\14866435512524891047|ExecutablePath
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Control Panel\NotifyIconSettings\7823983290440543079|ExecutablePath
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Control Panel\NotifyIconSettings\7823983290440543079|Publisher
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\DirectInput\NORTONSECURITY.EXE61F2CD8E00054338|Name
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug|FriendlyName
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug|Description
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\UserData\UninstallTimes|NortonSecurity_cjtsyd8xszapp
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated|NortonLifeLock.Norton Security
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|NortonLifeLock.Norton Security
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched|{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC\A5E82D02\22.23.1.21\InstStub.exe
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView|NortonLifeLock.Norton Security
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData|NortonLifeLock.Norton Security
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store|C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC\A5E82D02\22.23.1.21\InstStub.exe
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC\A5E82D02\22.23.1.21\InstStub.exe.FriendlyAppName
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC\A5E82D02\22.23.1.21\InstStub.exe.ApplicationCompany
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\eeCtrl|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\eeCtrl|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\eeCtrl|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\eeCtrl|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\EraserUtilRebootDrv|Path
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\EraserUtilRebootDrv|Path.Org
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\EraserUtilRebootDrv|Path.Win32
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SRTSP|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SRTSPX|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymEFASI|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymELAM|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymEvnt|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymIRON|DisplayName
DeleteValue: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymNetS|DisplayName
DeleteValue: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Control Panel\NotifyIconSettings\14866435512524891047|Publisher
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NortonSCU.ToolManagerImpl
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4027671259-1547401243-1367816303-1002\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Norton
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Norton
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NortonSecurity
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-4027671259-1547401243-1367816303-1002\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Deleted\EndOfLife\S-1-5-21-4027671259-1547401243-1367816303-1002\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-4027671259-1547401243-1367816303-1002\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp
DeleteKey: HKEY_USERS\.DEFAULT\Software\Norton
DeleteKey: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\appdatalow\software\Norton
DeleteKey: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\DirectInput\NORTONSECURITY.EXE61F2CD8E00054338
DeleteKey: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\NortonSecurity_cjtsyd8xszapp
DeleteKey: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{4c5f9da8-c386-414e-aec4-2e8d322d6a77}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$nortonsecurity_cjtsyd8xszapp
DeleteKey: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{4c5f9da8-c386-414e-aec4-2e8d322d6a77}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$nortonsecurity_cjtsyd8xszapp
DeleteKey: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\NortonLifeLock.Norton Security
DeleteKey: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows NT\CurrentVersion\HostActivityManager\CommitHistory\NortonSecurity_cjtsyd8xszapp!NortonSecurity
DeleteKey: HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Norton
End::
*****************
SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Tasks_Migrated\Norton WSC Integration => moved successfully
C:\Windows\System32\Tasks_Migrated\NortonLifeLock Trial Agent V2 => moved successfully
"C:\Windows\System32\Tasks_Migrated\Norton Security Ultra" folder move:
C:\Windows\System32\Tasks_Migrated\Norton Security Ultra => moved successfully
"C:\ProgramData\NortonInstaller" folder move:
C:\ProgramData\NortonInstaller => moved successfully
"C:\Windows\System32\Tasks_Migrated\Norton Security Ultra" => not found
"C:\Users\roymu\AppData\LocalLow\Norton" folder move:
C:\Users\roymu\AppData\LocalLow\Norton => moved successfully
"C:\Users\roymu\AppData\Local\Norton" folder move:
C:\Users\roymu\AppData\Local\Norton => moved successfully
"C:\Users\roymu\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_renew.norton.com_0.indexeddb.leveldb" folder move:
C:\Users\roymu\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_renew.norton.com_0.indexeddb.leveldb => moved successfully
"C:\Users\roymu\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_us.norton.com_0.indexeddb.leveldb" folder move:
C:\Users\roymu\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_us.norton.com_0.indexeddb.leveldb => moved successfully
"C:\Users\Public\NortonLifeLock" folder move:
C:\Users\Public\NortonLifeLock => moved successfully
"C:\Users\Public\Downloads\Norton" folder move:
C:\Users\Public\Downloads\Norton => moved successfully
"C:\ProgramData\Norton" folder move:
C:\ProgramData\Norton => moved successfully
"C:\Program Files (x86)\Common Files\Symantec Shared" folder move:
C:\Program Files (x86)\Common Files\Symantec Shared => moved successfully
"C:\Program Files\Common Files\AV\Norton Security Ultra" folder move:
C:\Program Files\Common Files\AV\Norton Security Ultra => moved successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Norton Security\Engine\22.22.6.10\NortonSecurity.exe" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Norton Security\Engine\22.22.9.11\NortonSecurity.exe" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\Norton Security\Engine\22.22.11.12\NortonSecurity.exe" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBCE891A-81A2-44BF-9F0A-35464BCD00CE}\1.0\0\win32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBCE891A-81A2-44BF-9F0A-35464BCD00CE}\1.0\HELPDIR\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{774068D8-EEA3-4047-BEDA-BC794C9758FA}\\LocalizedString" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{774068D8-EEA3-4047-BEDA-BC794C9758FA}\InprocServer32\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{774068D8-EEA3-4047-BEDA-BC794C9758FA}\ProgID\\" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}\\DISPLAYNAME" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}\\PRODUCTEXE" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}\\REPORTINGEXE" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{A6045214-8EAD-7B9C-2E68-BA2B11C858F1}\\DISPLAYNAME" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{A6045214-8EAD-7B9C-2E68-BA2B11C858F1}\\PRODUCTEXE" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Fw\{A6045214-8EAD-7B9C-2E68-BA2B11C858F1}\\REPORTINGEXE" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules\\C:\Program Files\Norton Security\NortonData\22.20.5.40\Definitions\IPSDefs\20230323.061\IPSEng64.dll" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules\\C:\Program Files\Norton Security\NortonData\22.22.6.10\Definitions\IPSDefs\20230323.061\IPSEng64.dll" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules\\C:\Program Files\Norton Security\NortonData\22.20.5.40\Definitions\IPSDefs\20230323.061\IPSEng32.dll" => removed successfully
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\RuntimeExceptionHelperModules\\C:\Program Files\Norton Security\NortonData\22.22.6.10\Definitions\IPSDefs\20230323.061\IPSEng32.dll" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\BHDrvx64\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\BHDrvx64\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\BHDrvx64\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\IDSVia64\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\IDSVia64\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\IDSVia64\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NortonSecurity\\ServiceName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NortonSecurity\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NortonSecurity\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NortonSecurity\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NortonSecurity\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\nsvst_NGC\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\nsWscSvc\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\nsWscSvc\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\nsWscSvc\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\nsWscSvc\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymEvnt\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymEvnt\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymEvnt\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\wpCtrlDrv_NGC\\DisplayName" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Control Panel\NotifyIconSettings\14866435512524891047\\ExecutablePath" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Control Panel\NotifyIconSettings\7823983290440543079\\ExecutablePath" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Control Panel\NotifyIconSettings\7823983290440543079\\Publisher" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\DirectInput\NORTONSECURITY.EXE61F2CD8E00054338\\Name" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug\\FriendlyName" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Office\Outlook\Addins\MsouPlug.OutlookPlug\\Description" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\UserData\UninstallTimes\\NortonSecurity_cjtsyd8xszapp" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated\\NortonLifeLock.Norton Security" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\NortonLifeLock.Norton Security" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC\A5E82D02\22.23.1.21\InstStub.exe" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView\\NortonLifeLock.Norton Security" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData\\NortonLifeLock.Norton Security" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\\C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC\A5E82D02\22.23.1.21\InstStub.exe" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC\A5E82D02\22.23.1.21\InstStub.exe.FriendlyAppName" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NGC\A5E82D02\22.23.1.21\InstStub.exe.ApplicationCompany" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\eeCtrl\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\eeCtrl\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\eeCtrl\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\eeCtrl\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\EraserUtilRebootDrv\\Path" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\EraserUtilRebootDrv\\Path.Org" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\EraserUtilRebootDrv\\Path.Win32" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SRTSP\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SRTSPX\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymEFASI\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymELAM\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymEvnt\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymIRON\\DisplayName" => removed successfully
"HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\SymNetS\\DisplayName" => removed successfully
"HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Control Panel\NotifyIconSettings\14866435512524891047\\Publisher" => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NortonSCU.ToolManagerImpl => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4027671259-1547401243-1367816303-1002\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Norton => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\DirectDraw\Compatibility\NortonSystemInfo => removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Norton => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NortonSecurity => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\AppxAllUserStore\S-1-5-21-4027671259-1547401243-1367816303-1002\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\AppxAllUserStore\Deleted\EndOfLife\S-1-5-21-4027671259-1547401243-1367816303-1002\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\InstalledPackages\Main\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\PackageInstallState\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\S-1-5-21-4027671259-1547401243-1367816303-1002\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\Setup\Upgrade\Appx\DownlevelGather\SisDirectory\NortonSecurity_1.0.0.1_neutral__cjtsyd8xszapp => removed successfully
HKEY_USERS\.DEFAULT\Software\Norton => removed successfully
HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\appdatalow\software\Norton => removed successfully
HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\DirectInput\NORTONSECURITY.EXE61F2CD8E00054338 => removed successfully
HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications\NortonSecurity_cjtsyd8xszapp => removed successfully
HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{4c5f9da8-c386-414e-aec4-2e8d322d6a77}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$nortonsecurity_cjtsyd8xszapp => removed successfully
HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{4c5f9da8-c386-414e-aec4-2e8d322d6a77}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$nortonsecurity_cjtsyd8xszapp => removed successfully
HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\NortonLifeLock.Norton Security => removed successfully
HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Microsoft\Windows NT\CurrentVersion\HostActivityManager\CommitHistory\NortonSecurity_cjtsyd8xszapp!NortonSecurity => removed successfully
HKEY_USERS\S-1-5-21-4027671259-1547401243-1367816303-1002\Software\Norton => removed successfully
The system needed a reboot.
==== End of Fixlog 20:08:26 ====

 

yes, maybe i should reinstall it

 

I tried the cmd way and it didn't work. The reinstall worked. Maybe I was just behind on updates, or who knows what, but thankfully it is back up and running again.

 

Ok, I will do and I will report back. Thank you so much with the help so far. I really appreciate it.

 

So, nothing came up. Everything appears clear at this point.

 

No questions, I am ready to proceed.

 

Thank you so much, I feel much more confident now that my machine is clean, and as always, I appreciate the help here at major geeks.