[SOLVED] back already, it seems as though i've been hijacked...again

Status
Not open for further replies.
From the logs:

Drive c: (Windows) (Fixed) (Total:114.26 GB) (Free:10.28 GB) (Model: SanDisk DA4128) NTFS

Much better now, but again, it's not enough. You must be careful to check from time to time and empty space, either by removing files or using the cleanmgr utility (step 2).

Something that I think you misunderstood: when I said that "you must move files from C except the operating system", I actually meant that you must move files like documents, videos, music, pictures, downloads from your User profile. If you want to move programs from C to D, you must uninstall them from C and install them on D (not just move folders related to them). So, just copying files from the C directory and pasting them to D, is not a good idea, since you may make a program unusable. Plus, there are folders in C related to the operating system and you don't need them on D.

Anyway, in case you notice that something stopped working, we are here. :-)

A couple of things, to make some tidiness:


1. Uninstall apps/programs

If you don't use them, you can uninstall them (go to Settings > Apps > Apps & features > select an app/program and choose Uninstall). You can also uninstall whatever you don't use/need:

Lenovo Companion
Lenovo Hotkeys
Lenovo Now
Lenovo Vantage Service


2. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
HKU\S-1-5-18\...\Run: [Paltalk] => "C:\Program Files (x86)\Paltalk\Paltalk.exe" minimized (No File)
Task: {095B292E-1FFD-47D1-87EB-9415212241BC} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ronny\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {F8378F44-E924-44D1-A741-C66B701234DC} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ronny\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
Task: {E4E9FEF9-DE5A-448B-A2E0-A6EAFF3CB452} - System32\Tasks\GoogleUpdateTaskMachineCore{9126FFFB-21E4-40D8-A2F0-434BC2CF7C29} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c (No File)
Task: {9AD0AA72-7CC0-4790-BA6A-B7D1F8222155} - System32\Tasks\GoogleUpdateTaskMachineUA{296B7739-373F-4E79-940C-6DDC0909ECF2} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (No File)
Task: {84A29AC9-EB7F-4C28-934D-4EB13C5EBA03} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe BatteryGaugeAddinDailyScheduleTask (No File)
Task: {E856AD4B-FB9E-41D3-92B5-78B5A30A08AC} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe DailyTelemetryTransmission (No File)
Task: {35877514-ADC0-4E9E-BE21-CCAB84F93032} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe GenericMessagingAddin (No File)
Task: {59E77B03-FE27-432B-B3A7-2292B1D06503} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe HeartbeatAddinDailyScheduleTask (No File)
Task: {22278E05-5A2F-4C8F-B900-8F6A83A7557F} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe IdeaNotebookAddinDailyEvent (No File)
Task: {90573BDF-9B27-408C-83F0-73FF2073C773} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.MonthlyReport (No File)
Task: {1DC02616-FB4E-4EA5-8E06-5E85529F82E6} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.SScan (No File)
Task: {3F158CA8-4CBC-42B1-B81B-C1D39B18125C} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoBoostAddin.Prompt (No File)
Task: {12726F46-58A1-4E5A-B4DD-2C502EDB4E40} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoCompanionAppAddinDailyScheduleTask (No File)
Task: {CE117F0F-8948-4D1A-A842-535F4BCD68B6} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoSystemUpdateAddin_WeeklyTask (No File)
Task: {3A019985-964D-4E80-9633-BF127FBBF263} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SettingsWidgetAddinDailyScheduleTask (No File)
Task: {8F779427-C0B3-4C6E-9536-A80347F2139D} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SmartPerformance.ExpireReminder (No File)
Task: {932E342A-DFDE-48B7-8D55-CFAEA0684563} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe VantageCoreAddinWeekScheduleTask (No File)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 VRSService; "C:\Program Files (x86)\NCH Software\VRS\vrs.exe" -service [X]
CustomCLSID: HKU\S-1-5-21-808004889-1866680771-1985815163-1001_Classes\CLSID\{92e05f37-158b-585f-c21d-a4a1f0bb32cb}\localserver32 -> "C:\Users\ronny\AppData\Local\OneLaunch\5.17.4\onelaunch.exe" -ToastActivated => No File
FirewallRules: [TCP Query User{1B4C2AB4-259B-4108-9C58-38937B064BFD}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe => No File
FirewallRules: [UDP Query User{F06C2850-FCA3-4B1B-ACDE-25494217C6D5}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe => No File
FirewallRules: [{AE7CBB9B-CC7D-44FE-8C4B-8C35717408C5}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{DC7848E6-605A-4E4B-AC77-8D18C598F4CC}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{D783EC16-E9F5-461D-A38D-40AF0068853B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{43B5EADB-8C62-4673-8684-DC1B027E63F4}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{3287DA1C-9BA0-4422-8E2A-7EA266A249B2}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{416B1589-CF28-4433-8572-66C38CC8442A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{B78A241F-4BE7-4532-8AE2-A7F472C5567F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{89AD5F3C-2F75-4FE8-A619-2D8591B08308}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{C0CAA61D-DE29-402A-81E5-3CE4737BB06C}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
FirewallRules: [{2D868E08-A32B-435D-B9F3-443C04EC44EB}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
EmptyTemp:
End::
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.
 
sorry dr. i've been down with a kidney infection now tomorrow i'm going to visit family and gone til monday. just letting you know.
 
Thanks for letting me know, rb56.

Get well soon!

I'll be here when you return, to help you finish this.
 
ok back home and better so...
Fix result of Farbar Recovery Scan Tool (x64) Version: 06-10-2023
Ran by ronny (09-10-2023 23:07:55) Run:1
Running from C:\Users\ronny\OneDrive\Desktop
Loaded Profiles: ronny
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start::
HKU\S-1-5-18\...\Run: [Paltalk] => "C:\Program Files (x86)\Paltalk\Paltalk.exe" minimized (No File)
Task: {095B292E-1FFD-47D1-87EB-9415212241BC} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\ronny\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (No File)
Task: {F8378F44-E924-44D1-A741-C66B701234DC} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\ronny\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (No File)
Task: {E4E9FEF9-DE5A-448B-A2E0-A6EAFF3CB452} - System32\Tasks\GoogleUpdateTaskMachineCore{9126FFFB-21E4-40D8-A2F0-434BC2CF7C29} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c (No File)
Task: {9AD0AA72-7CC0-4790-BA6A-B7D1F8222155} - System32\Tasks\GoogleUpdateTaskMachineUA{296B7739-373F-4E79-940C-6DDC0909ECF2} => "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (No File)
Task: {84A29AC9-EB7F-4C28-934D-4EB13C5EBA03} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe BatteryGaugeAddinDailyScheduleTask (No File)
Task: {E856AD4B-FB9E-41D3-92B5-78B5A30A08AC} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe DailyTelemetryTransmission (No File)
Task: {35877514-ADC0-4E9E-BE21-CCAB84F93032} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe GenericMessagingAddin (No File)
Task: {59E77B03-FE27-432B-B3A7-2292B1D06503} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe HeartbeatAddinDailyScheduleTask (No File)
Task: {22278E05-5A2F-4C8F-B900-8F6A83A7557F} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe IdeaNotebookAddinDailyEvent (No File)
Task: {90573BDF-9B27-408C-83F0-73FF2073C773} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.MonthlyReport (No File)
Task: {1DC02616-FB4E-4EA5-8E06-5E85529F82E6} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.SScan (No File)
Task: {3F158CA8-4CBC-42B1-B81B-C1D39B18125C} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoBoostAddin.Prompt (No File)
Task: {12726F46-58A1-4E5A-B4DD-2C502EDB4E40} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoCompanionAppAddinDailyScheduleTask (No File)
Task: {CE117F0F-8948-4D1A-A842-535F4BCD68B6} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoSystemUpdateAddin_WeeklyTask (No File)
Task: {3A019985-964D-4E80-9633-BF127FBBF263} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SettingsWidgetAddinDailyScheduleTask (No File)
Task: {8F779427-C0B3-4C6E-9536-A80347F2139D} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SmartPerformance.ExpireReminder (No File)
Task: {932E342A-DFDE-48B7-8D55-CFAEA0684563} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe VantageCoreAddinWeekScheduleTask (No File)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [No File]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 VRSService; "C:\Program Files (x86)\NCH Software\VRS\vrs.exe" -service [X]
CustomCLSID: HKU\S-1-5-21-808004889-1866680771-1985815163-1001_Classes\CLSID\{92e05f37-158b-585f-c21d-a4a1f0bb32cb}\localserver32 -> "C:\Users\ronny\AppData\Local\OneLaunch\5.17.4\onelaunch.exe" -ToastActivated => No File
FirewallRules: [TCP Query User{1B4C2AB4-259B-4108-9C58-38937B064BFD}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe => No File
FirewallRules: [UDP Query User{F06C2850-FCA3-4B1B-ACDE-25494217C6D5}C:\program files (x86)\paltalk\qtwebengineprocess.exe] => (Block) C:\program files (x86)\paltalk\qtwebengineprocess.exe => No File
FirewallRules: [{AE7CBB9B-CC7D-44FE-8C4B-8C35717408C5}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{DC7848E6-605A-4E4B-AC77-8D18C598F4CC}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{D783EC16-E9F5-461D-A38D-40AF0068853B}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{43B5EADB-8C62-4673-8684-DC1B027E63F4}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{3287DA1C-9BA0-4422-8E2A-7EA266A249B2}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{416B1589-CF28-4433-8572-66C38CC8442A}] => (Allow) C:\Program Files (x86)\NCH Software\VRS\vrs.exe => No File
FirewallRules: [{B78A241F-4BE7-4532-8AE2-A7F472C5567F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{89AD5F3C-2F75-4FE8-A619-2D8591B08308}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => No File
FirewallRules: [{C0CAA61D-DE29-402A-81E5-3CE4737BB06C}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
FirewallRules: [{2D868E08-A32B-435D-B9F3-443C04EC44EB}] => (Allow) D:\FunPlus\StormShot\nGame\2.1.100\Stormshot.exe => No File
EmptyTemp:
End::
*****************

"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Paltalk" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{095B292E-1FFD-47D1-87EB-9415212241BC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{095B292E-1FFD-47D1-87EB-9415212241BC}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8378F44-E924-44D1-A741-C66B701234DC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8378F44-E924-44D1-A741-C66B701234DC}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4E9FEF9-DE5A-448B-A2E0-A6EAFF3CB452}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4E9FEF9-DE5A-448B-A2E0-A6EAFF3CB452}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore{9126FFFB-21E4-40D8-A2F0-434BC2CF7C29} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{9126FFFB-21E4-40D8-A2F0-434BC2CF7C29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AD0AA72-7CC0-4790-BA6A-B7D1F8222155}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AD0AA72-7CC0-4790-BA6A-B7D1F8222155}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA{296B7739-373F-4E79-940C-6DDC0909ECF2} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{296B7739-373F-4E79-940C-6DDC0909ECF2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84A29AC9-EB7F-4C28-934D-4EB13C5EBA03}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84A29AC9-EB7F-4C28-934D-4EB13C5EBA03}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E856AD4B-FB9E-41D3-92B5-78B5A30A08AC}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E856AD4B-FB9E-41D3-92B5-78B5A30A08AC}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\DailyTelemetryTransmission" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35877514-ADC0-4E9E-BE21-CCAB84F93032}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35877514-ADC0-4E9E-BE21-CCAB84F93032}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\GenericMessagingAddin" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59E77B03-FE27-432B-B3A7-2292B1D06503}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59E77B03-FE27-432B-B3A7-2292B1D06503}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22278E05-5A2F-4C8F-B900-8F6A83A7557F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22278E05-5A2F-4C8F-B900-8F6A83A7557F}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90573BDF-9B27-408C-83F0-73FF2073C773}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90573BDF-9B27-408C-83F0-73FF2073C773}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DC02616-FB4E-4EA5-8E06-5E85529F82E6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DC02616-FB4E-4EA5-8E06-5E85529F82E6}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F158CA8-4CBC-42B1-B81B-C1D39B18125C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F158CA8-4CBC-42B1-B81B-C1D39B18125C}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\LenovoBoostAddin.Prompt" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12726F46-58A1-4E5A-B4DD-2C502EDB4E40}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12726F46-58A1-4E5A-B4DD-2C502EDB4E40}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE117F0F-8948-4D1A-A842-535F4BCD68B6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE117F0F-8948-4D1A-A842-535F4BCD68B6}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A019985-964D-4E80-9633-BF127FBBF263}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A019985-964D-4E80-9633-BF127FBBF263}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F779427-C0B3-4C6E-9536-A80347F2139D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F779427-C0B3-4C6E-9536-A80347F2139D}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{932E342A-DFDE-48B7-8D55-CFAEA0684563}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{932E342A-DFDE-48B7-8D55-CFAEA0684563}" => removed successfully
C:\Windows\System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask" => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@flyordie.com/GamesPlugin => removed successfully
HKLM\System\CurrentControlSet\Services\gupdate => removed successfully
gupdate => service removed successfully
HKLM\System\CurrentControlSet\Services\gupdatem => removed successfully
gupdatem => service removed successfully
HKLM\System\CurrentControlSet\Services\MozillaMaintenance => removed successfully
MozillaMaintenance => service removed successfully
HKLM\System\CurrentControlSet\Services\VRSService => removed successfully
VRSService => service removed successfully
HKU\S-1-5-21-808004889-1866680771-1985815163-1001_Classes\CLSID\{92e05f37-158b-585f-c21d-a4a1f0bb32cb} => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1B4C2AB4-259B-4108-9C58-38937B064BFD}C:\program files (x86)\paltalk\qtwebengineprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F06C2850-FCA3-4B1B-ACDE-25494217C6D5}C:\program files (x86)\paltalk\qtwebengineprocess.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE7CBB9B-CC7D-44FE-8C4B-8C35717408C5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC7848E6-605A-4E4B-AC77-8D18C598F4CC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D783EC16-E9F5-461D-A38D-40AF0068853B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43B5EADB-8C62-4673-8684-DC1B027E63F4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3287DA1C-9BA0-4422-8E2A-7EA266A249B2}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{416B1589-CF28-4433-8572-66C38CC8442A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B78A241F-4BE7-4532-8AE2-A7F472C5567F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{89AD5F3C-2F75-4FE8-A619-2D8591B08308}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0CAA61D-DE29-402A-81E5-3CE4737BB06C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D868E08-A32B-435D-B9F3-443C04EC44EB}" => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34932892 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 25828 B
Windows/system/drivers => 13175329 B
Edge => 0 B
Chrome => 113746698 B
Firefox => 98356 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 15272 B
NetworkService => 43520 B
ronny => 12948651 B

RecycleBin => 140846929 B
EmptyTemp: => 301.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:08:22 ====
 
Hello.

Glad to hear you are feeling better.

Another check of the system before we finish:

Run Deployment Image Servicing and Management (DISM)
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter;
Code: 
DISM /Online /Cleanup-Image /RestoreHealth
  • Let the scan run until the end (100%). Depending on your system, it can take some time.
  • Please post here the result you got (a screenshot).

When DISM finishes, you can then run SFC from the same command prompt window, but full instructions as if starting fresh:
  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • Enter the command below and press on Enter
Code: 
sfc /scannow
  • Let the scan finish.
  • You will normally get one of the following results:
    Code: 
    Windows Resource Protection did not find any integrity violations
Windows Resource Protection found corrupt files and successfully repaired them
Windows Resource Protection found corrupt files but was unable to fix some of them
Windows Resource Protection could not perform the requested operation
    Please post the result you got (a screenshot).


In your next reply please post:
  1. The 2 screenshots
  2. Feedback: How is the computer running? Any remaining issue/question/concern?
 
ok dr. sorry so long but here's those two. sorry the sfc was trimmed a bit on the left but i think it shows enough you'll understand it. i really see nothing in it's operations that are abnormal now. i'll just keep an eye on it hoping it does as it should.
 

Attachments

  • dism.jpg
    dism.jpg
    61.3 KB · Views: 3
  • sfc.jpg
    sfc.jpg
    53.3 KB · Views: 3
Hello.

Yes, everything looks fine now. Keep an eye on the C free space and act before it becomes less than 6 GB. As to the initial problem (corrupted profile account), let me know if it happens again.

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
 
Did you use the KpRm as instructed above?
 
Since the computer is clean now, the topic has been marked as Solved.

Glad we could help. :-)
 
Status
Not open for further replies.
Back
Top