A corruption was found in a file system index structure. The file reference number is 0x30000000212ea.

**Marco_Oliveras** · 02-03-2023, 12:13 AM

Here are the contents

**Malnutrition** · 02-03-2023, 12:16 AM

Give me about ten minutes to go over this.

**Marco_Oliveras** · 02-03-2023, 12:21 AM

Alright will do

**Malnutrition** · 02-03-2023, 12:27 AM

Copy the content of the code box below.
[COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

Code:

Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
C:\Users\Owner\AppData\Local\2476191251
C:\Users\Owner\AppData\Local\3663574423
C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.45.5.0_x64__6rarf9sa4v8jt
ShortcutWithArgument: C:\Users\Owner\Desktop\Build It.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=jleoijhialapfdgmkbjiphndkhnhhpaf
ShortcutWithArgument: C:\Users\Owner\Desktop\Tracker Network.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ifcifgfhefiglkpogbbibhepmfjkmejl
ShortcutWithArgument: C:\Users\Owner\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__eikjhbkpemdappjfcmdeeeamdpkgabmk\SoundCloud.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=eikjhbkpemdappjfcmdeeeamdpkgabmk --app-url=hxxps://soundcloud.com/discover --app-launch-source=4
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Build It.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=jleoijhialapfdgmkbjiphndkhnhhpaf
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Tracker Network.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=ifcifgfhefiglkpogbbibhepmfjkmejl
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SoundCloud.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=eikjhbkpemdappjfcmdeeeamdpkgabmk --app-url=hxxps://soundcloud.com/discover --app-launch-source=4
AlternateDataStreams: C:\ProgramData:err [1484]
AlternateDataStreams: C:\Windows\system32\9EarsSurroundSound.dll:72B1DE377E [3442]
AlternateDataStreams: C:\Users\All Users:err [1484]
AlternateDataStreams: C:\ProgramData\Application Data:err [1484]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BakkesMod.lnk:14E057C8D9 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Workspace.lnk:7464C599B4 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk:E77773B271 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442]
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temp:$DATA [16]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7434]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk
C:\Windows\system32\drivers\etc\hosts
Hosts:
FirewallRules: [{82915ED8-2C08-4BEE-B103-ED6A811F7710}] => (Allow) C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe => No File
FirewallRules: [TCP Query User{93B10DEF-9549-405A-A5A5-F08A5927CE83}C:\users\owner\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\owner\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [UDP Query User{28AFE870-96AC-426E-9703-7F69D24BBAF9}C:\users\owner\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\owner\appdata\local\discord\app-1.0.9004\discord.exe => No File
FirewallRules: [{6FDE2969-7453-484C-ADFC-0F1EFDB0727A}] => (Allow) C:\Program Files (x86)\iMobie\PhoneRescue\xldownload\download\MiniThunderPlatform.exe => No File
FirewallRules: [{063A4512-C3A7-41F2-A88A-68D3ED76FDE8}] => (Allow) C:\Program Files (x86)\iMobie\PhoneRescue\xldownload\download\MiniThunderPlatform.exe => No File
FirewallRules: [{FA3EBEA6-F655-406C-B469-2CA345051171}] => (Allow) C:\Program Files (x86)\Overwolf\0.216.0.26\OverwolfBrowser.exe => No File
FirewallRules: [{1ED7F6F7-701F-4748-BB15-C5C3B28B4DE8}] => (Allow) C:\Program Files (x86)\Overwolf\0.216.0.26\OverwolfBrowser.exe => No File
FirewallRules: [{247D9A58-005A-484F-A869-1D4937EBF9D3}] => (Block) C:\Program Files (x86)\Overwolf\0.216.0.26\OverwolfBrowser.exe => No File
FirewallRules: [{89BBD2F7-9EE0-4DCD-8207-547AF3D29230}] => (Block) C:\Program Files (x86)\Overwolf\0.216.0.26\OverwolfBrowser.exe => No File
CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
CMD: "C:\Windows\SysWOW64\lodctr.exe /R"
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\User Data\Default\Cache\*.*"
cmd: del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
CMD: ipconfig /flushdns
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::

[/COLOR]

**Marco_Oliveras** · 02-03-2023, 12:38 AM

Heres the fix log

**Malnutrition** · 02-03-2023, 12:39 AM

Ok, now the winrar files are gone.

**Marco_Oliveras** · 02-03-2023, 12:42 AM

C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows \Start Menu\Programs\WinRAR
C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows \Start Menu\Programs\WinRAR\WinRAR help.lnk
C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows \Start Menu\Programs\WinRAR\WinRAR.lnk
i still get these on void tools is this okay?

**Malnutrition** · 02-03-2023, 12:43 AM

They are in quarantine. So not active on your system. Is there anything else you need help with?

**Marco_Oliveras** · 02-03-2023, 12:45 AM

I also get a scanning and repairing drivers boot screen and don’t know how to fix it either

**Malnutrition** · 02-03-2023, 12:47 AM

Ok, let’s check a little deeper since you are here.

Adware Cleaner
[ul]
[li]Download AdwCleaner and save it to your Desktop[/li][li]Right-click on AdwCleaner.exeand select, Run as Administrator[/li][li]Accept the EULA (I accept), then click on Scan Now[/li][li]Let the scan complete[/li][li]Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.[/li][li]Once the cleaning process is complete, AdwCleaner will ask you to restart your computer[/li][li]Close all other open windows and allow it to restart[/li][li]After the restart, Notepad will open with the AdwCleaner cleaning log[/li][li]Please Attach the contents of that log into your next reply to me[/li][/ul]

Download Malwarebytes v.4 . Install and run.
[ul]
[li]Once the MBAM dashboard opens, click on Settings (gear icon).[/li][li]Click on Security tab and make sure that all four Scan options are enabled.[/li][li]Close Settings and click on the Scan button on the dashboard.[/li][li]Once the scan is completed make sure you have it quarantine any detections it finds.[/li][li]If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.[/li][li]If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.[/li][li]If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and include that log on your next reply.[/li][/ul]

**Marco_Oliveras** · 02-03-2023, 12:59 AM

I get an error code for asus_framework.exe can’t open AsIO3.sys Failed with error code 5: Access denied
when doing the adwcleaner

**Malnutrition** · 02-03-2023, 01:04 AM

Ok. Let’s do this.

This fix will take some time, do not stop it when it starts. Just allow completion!!

Copy the content of the code box below.
Do not copy the word code!!!
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

[ICODE] Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: StartBatch: ECHO Y|CHKDSK C: /F /R pushd c:\windows\system32 bcdedit.exe /set {default} recoveryenabled yes net stop bits net stop cryptSvc net stop wuauserv net stop msiserver del /s /q C:\Windows\SoftwareDistribution\download\*.* del /s /q "%userprofile%\AppData\Local\Google\Chrome\Use r Data\Default\Cache\*.*" del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\Us er Data\Default\Cache\*.*" del /s /q "%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data\*.*" netsh winsock reset catalog netsh int ipv4 reset reset.log netsh int ipv6 reset reset.log ipconfig /release ipconfig /renew ipconfig /flushdns ipconfig /registerdns net start bfe net start bits net start cryptSvc net start eventsystem net start msiserver net start rpcss net start sdrsvc net start trustedinstaller net start vss net start winmgmt net start wuauserv bitsadmin /list /allusers bitsadmin /reset /allusers EndBatch: cmd: fsutil resource setautoreset true c:\&fsutil usn deletejournal /d /n c: cmd: DISM.exe /Online /Cleanup-image /Restorehealth cmd: sfc /scannow cmd: winmgmt /salvagerepository cmd: winmgmt /verifyrepository cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R EmptyTemp: Reboot: End::[/ICODE]

**Marco_Oliveras** · 02-03-2023, 01:17 AM

here’s the log i had to troubleshoot my ethernet connection to get back online

**Malnutrition** · 02-03-2023, 01:25 AM

Reboot the machine again and see if the scanning drive error is still there.

**Marco_Oliveras** · 02-03-2023, 01:27 AM

is still scanning driver error but i can also skip it if I press any key but I didn’t

A corruption was found in a file system index structure. The file reference number is 0x30000000212ea.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment