[SOLVED] Need some help here.

Yes, that is what I meant above by this:

However, it can be deleted in the Recovery Environment. As soon as you do this, the detections/warnings in the Protection History will disappear, until next time you run a new "untrusted" app.
Click to expand...

The thing is that you can't do this in a regular basis and every time you have a warning from the Controlled Access Folder. There are also 3rd party programs to make Defender's service stop, so you can delete the db file, but again, it's not something I would recommend.

Again,
The point is: does the result make the effort worthwhile? I would say no.
Click to expand...
 
Hi, jccruz.

A question: Can you restart the computer and sign in with jcruz account?
 
Hi DR M, thanks for your support I can log in either in admin” and “jcruz” accounts.
 
Can you sign in with jcruz account and then provide FRST logs once more, please?
 
Something else:

Go to Settings (Windows logo key + letter i) > Accounts

With the Your Info tab selected (left menu), give me a screenshot of what you see.
 
Hi DR M, thanks for your support, there goes the screenshot i think this is it,
 
Last edited by a moderator:
Things are getting clearer now. :)

Something else:

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
ExportKey: HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities 
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
 
Thanks DR M, here is the Fixlog.txt

Edit note by Corrine: Log deleted because it contains personally identifiable information.
 
Last edited by a moderator:
Hi.

It seems a profile in the registry pointing to C:\Users\jcruz, is not active anymore.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3653589094-3565606866-458211961-1002

Please check here: C:\Users\jcruz

Let me know if there are/aren't any important data in there. Letting you know that the active profile account you are using, with all your data, is the Utilizador account, with a display name João Cruz.
 
Hi DR M, thanks for your support, didn't know if i quite undestood your question, here is a screenshot from C:\Users|jcruz...

In C:\Utilizadores\Utilizador (Users\User) i have "all data" (???)

Captura de ecrã 2022-06-24 145418.png
Captura de ecrã 2022-06-24 150310.png
 
Last edited:
As you see, the last modification date for all the folders inside jcruz folder is April 28th 2021. You can search inside those folders and check if their data is present in the Utilizador folder too. Or if there is data which you would like to save in the Utilizador account which is the active one. Leaving a "dead" account there or not is not so important, but since we are here, we can do this tidiness, if you like.
 
Thanks DR M, in fact only in C:\Utilizadores\Utilizador (Users\User) i have recent data as i post a screenshot in my previous answer...
 
Thanks for the confirmation, jccruz.

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code: 
Start::
CreateRestorePoint:
deletekey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3653589094-3565606866-458211961-1002
C:\Users\jcruz
CMD: net user administrador /active:no
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
 
Great!

Is there any remaining issue/question/concern, regarding this computer?
 
DR M said:
Great!

Is there any remaining issue/question/concern, regarding this computer?
Click to expand...

No thanks DR M, i appreciated your efforts and full explanation regarding this issue, i like to thank also publicly to axe0, so if it´s all done, you can close this thread.

Kind regards

JCruz
 
Since you have experienced the temporary profile accounts issue, I recommend you to make a backup of your important files. This time, it was something that it got fixed. We don't know the next time.

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.
  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.
 
Excellent! :-)

We are done now. Glad we could help.

Take care!

EDIT: I will ask an administrator to remove your email info in two posts above, since these are personal data.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top