Author Topic: Why avast is not closing some of the user profile handles at normal shutdown,?  (Read 13958 times)

0 Members and 1 Guest are viewing this topic.

Offline jraju

  • Poster
  • *
  • Posts: 417
Hi, Bob
I am newjust clicked kwig and then found option of send pm.
I just enclosed google drive folder link to him thro that.
Where i could find the sent letter
Where i will ge to PM.
anyhow, i t the reply , in the forum or in my personal mail box. if the replies are given in forum, it will be useful to every user.
i have just sent the link with a subject.
i have not given the topic of this forum.
please give your valuable suggestion as always

Offline jraju

  • Poster
  • *
  • Posts: 417
HI, Kwig,
Kindly see the PM and the enclosures therein.
Please give me further instructions here itself , so that every user would be knowing.
Please avoid personal information if any in the said logs while quoting.
Expecting your reply

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
This should answer your question about accessing your PM's
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline jraju

  • Poster
  • *
  • Posts: 417
Hi, Bob, i checked that menu. It was not found. Some previous messages only available.
How to know that kwig has that link.
There was an option, to preserve the message in outbox, i clicked yes for that, but could not find anything.
Hi, kwing, Would you kindly say whether it reached your box.

Offline jraju

  • Poster
  • *
  • Posts: 417
Hi,Kwiq
Did you receive my PM enclosing the procmon logs zip files

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Hi,Kwiq
Did you receive my PM enclosing the procmon logs zip files
Be patient, today's a holiday in most European countries. ;)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline jraju

  • Poster
  • *
  • Posts: 417
Hi, Thanks, After so much tries, i could see the message sent to kwiq. thanks asyn

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
You're welcome.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline kwiq

  • Avast team
  • Sr. Member
  • *
  • Posts: 254
Hi jraju,
can you  confirm that there is a leak on HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2510130899-2858772224-4042820923-1000 registry key and the process is AvastSvc.exe 
I tried to find it in image you have provided but im not sure !
Thank you

Offline jraju

  • Poster
  • *
  • Posts: 417
Hi, Kwiq,
Do you want me to check in my registry,after booting or at any time during the windows running.
So, you mean that only i am receiving this leaks?
Probably most do not see the event viewer for warnings.
Anyhow, i will try to check that.
What window alert is it will be made not to work, when it shuts up, but gave the warning in the next boot.
My query is , do you mean to say that avast does not leak any registry keys while the computer shuts down?
What 600 mb of logs tell you , please

Offline kwiq

  • Avast team
  • Sr. Member
  • *
  • Posts: 254
Hi jraju,
can you open event viewer and tell me which registry key was held by avast process like AvastSvc.exe ?
You have past image of event view with registry keys but I m not able to read registry key name which we held.
Thank you

Offline jraju

  • Poster
  • *
  • Posts: 417
Hi, When i browsed the registry now, i did not find any avastsvc .exe, but i post the registry for reference. There is no entry for this profile list. What that s-....denotes. Is that a user account profile? or program profile please give me details
« Last Edit: May 09, 2018, 03:19:14 PM by jraju »

Offline jraju

  • Poster
  • *
  • Posts: 417
Here is the eventview at present, in which it shows the log

Offline kwiq

  • Avast team
  • Sr. Member
  • *
  • Posts: 254
Hi jraju
yes this is what i meant can you please past the text bellow DETAIL - as plain text into forum_
 I see registry paths and processes cutted in the picture :-(
Thank you.

Offline jraju

  • Poster
  • *
  • Posts: 417
Hi, Kwiq,
              Before seeing your post, i thought of knowing about those s-1-5 profile.When i browsed users name that shown as s-1-5long handle with number, i found so many entries of nt.dot.log files . I thought, that usually only one entry is in the user profile if you create a new account user. I thought, to fix this by creating a new user account and then tried to copy those entries minus nt...files as per the microsoft instructions. The resultant user profile was also created with the same logs of nt.
Then i thought of creating a new user and then copy from the old profile user list. But there also i could not find nt.dat.log, instead, nt.dat.log1 and log2. files. So, in the melee i created, i have lost some files of the previous user intel, which i sent to you.
I could not see the registry leaks logs as it was not there in the old profile restored or in the newly created profile.
I thought, this leak could have been the result of corrupted user account, which i tried to fix.
If i could find the same log , i will try to post.
I am still having error 1014 dns client error and leak errors. I will post the log details if i get.
Since i tried so much users , without knowing the intricacies of those profiles, i have opted SR system restore. The system restored to my previous profile, but some files are still having log 1 and log 2 instead of log , ntuser.dat.log as default.