Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus Compromised During Hack Attempt

Avast Lockup slow startup Abrupt stops

  • Please log in to reply

#61
JimBow

JimBow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Attached File  log.txt   2.88KB   396 downloadsI posted the entire content that copied from log.txt in Notepad. I did select all, copy, and paste to transfer the data into my message to you. After receiving your message that it was not complete, I rechecked and there is no additional information in the file. I also renamed log.txt and reran the script, but the new log.txt was exactly the same. Additionally, I tried opening log.txt with Wordpad, but that did not change it either.

 

I agree that the log looks incomplete, and is not very much information for a 2.88KB file.  I have attached the log.txt file from the last time I ran script. ps1.


  • 0

Advertisements


#62
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

I did not want to appear paranoid, but many of the signs of tampering with my computer were already there; especially registry entries that I could not erase.

You can not erase registry entries where permissions are set on. That has nothing to with any malicious activity - especially when the affected entries are related to AVAST and McAfee. Being completely honest with you, the input I do to erase legitimate registry entries is not worth the output. It makes no difference. Every program you uninstall leaves some remnants in the registry.

 

Please try this script: https://drive.google...iew?usp=sharing(same procedure as before)

 

 


  • 0

#63
JimBow

JimBow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Now that I see the log that the new script generated, I am sure it is more like what you expected. Here it is. Thank you.

Jim

 

 

 
Path   : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Stat
         eRepository\Cache\Application\Index\PackageAndPackageRelativeApplicationId\8c8^McAfeeCentral
Owner  : NT AUTHORITY\SYSTEM
Group  : NT AUTHORITY\SYSTEM
Access : NT AUTHORITY\SYSTEM Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  268435456
         NT SERVICE\TrustedInstaller Allow  FullControl
         NT SERVICE\TrustedInstaller Allow  268435456
         NT AUTHORITY\SYSTEM Allow  -2147483648
         BUILTIN\Administrators Allow  ReadKey
         BUILTIN\Administrators Allow  -2147483648
         BUILTIN\Users Allow  ReadKey
         BUILTIN\Users Allow  -2147483648
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  ReadKey
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  -2147483648
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         ReadKey
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         -2147483648
Audit  :
Sddl   : O:SYG:SYD:AI(A;ID;KA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2
         271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIOID;GR;;;SY)(A;I
         D;KR;;;BA)(A;CIIOID;GR;;;BA)(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-
         3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S
         -1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)
 
 
Path   : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Stat
         eRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\1^McAfeeInc.06.McAfeeSecurityAdvisorforL
         enovo_bq6yxensn79aw!McAfeeCentral
Owner  : NT AUTHORITY\SYSTEM
Group  : NT AUTHORITY\SYSTEM
Access : NT AUTHORITY\SYSTEM Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  268435456
         NT SERVICE\TrustedInstaller Allow  FullControl
         NT SERVICE\TrustedInstaller Allow  268435456
         NT AUTHORITY\SYSTEM Allow  -2147483648
         BUILTIN\Administrators Allow  ReadKey
         BUILTIN\Administrators Allow  -2147483648
         BUILTIN\Users Allow  ReadKey
         BUILTIN\Users Allow  -2147483648
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  ReadKey
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  -2147483648
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         ReadKey
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         -2147483648
Audit  :
Sddl   : O:SYG:SYD:AI(A;ID;KA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2
         271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIOID;GR;;;SY)(A;I
         D;KR;;;BA)(A;CIIOID;GR;;;BA)(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-
         3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S
         -1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)
 
 
Path   : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Stat
         eRepository\Cache\Package\Index\PackageFullName\McAfeeInc.06.McAfeeSecurityAdvisorforLenovo_5.0.173.1_x64__bq6
         yxensn79aw
Owner  : NT AUTHORITY\SYSTEM
Group  : NT AUTHORITY\SYSTEM
Access : NT AUTHORITY\SYSTEM Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  268435456
         NT SERVICE\TrustedInstaller Allow  FullControl
         NT SERVICE\TrustedInstaller Allow  268435456
         NT AUTHORITY\SYSTEM Allow  -2147483648
         BUILTIN\Administrators Allow  ReadKey
         BUILTIN\Administrators Allow  -2147483648
         BUILTIN\Users Allow  ReadKey
         BUILTIN\Users Allow  -2147483648
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  ReadKey
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  -2147483648
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         ReadKey
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         -2147483648
Audit  :
Sddl   : O:SYG:SYD:AI(A;ID;KA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2
         271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIOID;GR;;;SY)(A;I
         D;KR;;;BA)(A;CIIOID;GR;;;BA)(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-
         3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S
         -1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)
 
 
Path   : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Stat
         eRepository\Cache\PackageFamily\Index\PackageFamilyName\McAfeeInc.06.McAfeeSecurityAdvisorforLenovo_bq6yxensn7
         9aw
Owner  : NT AUTHORITY\SYSTEM
Group  : NT AUTHORITY\SYSTEM
Access : NT AUTHORITY\SYSTEM Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  268435456
         NT SERVICE\TrustedInstaller Allow  FullControl
         NT SERVICE\TrustedInstaller Allow  268435456
         NT AUTHORITY\SYSTEM Allow  -2147483648
         BUILTIN\Administrators Allow  ReadKey
         BUILTIN\Administrators Allow  -2147483648
         BUILTIN\Users Allow  ReadKey
         BUILTIN\Users Allow  -2147483648
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  ReadKey
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  -2147483648
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         ReadKey
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         -2147483648
Audit  :
Sddl   : O:SYG:SYD:AI(A;ID;KA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2
         271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIOID;GR;;;SY)(A;I
         D;KR;;;BA)(A;CIIOID;GR;;;BA)(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-
         3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S
         -1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)

  • 0

#64
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

Jim,

 

Please follow the instructions here (start with step 2). Make sure to save the tool to the following location: C:\Program Files (x86)\Windows Resource Kits\Tools

 

Instead of the script on the website, please use my script:  https://drive.google...iew?usp=sharing

 

After you have installed SubInAcl to the specific location and my script is located on the Desktop, please do a right click on the script and select Run as Administrator.

 

After the tool is finished a log file named subinacl.txt has been generated on your Desktop, please post the content of that log file into your next response.

 

 

 

Again ...

 

(1) Export registry permissions with a PowerShell Script

  • Please download the script.ps1 from here. Make sure you save it to the Desktop.
  • Make a Right Click onto the file and select Run with Powershell (at least something like that, I have a non-english system where I tried these instructions)
  • A file named log.txt will be saved at the same place the script file is located (it should be on your Desktop)
  • Please post the content of that file into your next response.

 

 


  • 0

#65
JimBow

JimBow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

I am not sure how to proceed with the last set of instructions. I do not currently have the path C:\Program Files (x86)\Windows Resource Kits\Tools on my computer. I do not have a folder titled Windows Resource Kits anywhere on the computer, and there are numerous instances of C:\Program Files (x86)\...\Tools on other paths. I am unsure what will happen if I create the path, C:\Program Files (x86)\Windows Resource Kits\Tools, or what might need to change in either of the scripts if I do not.

Jim


  • 0

#66
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

JimBow,

 

you need to install the tool provided in the tutorial here. After you have installed this, you should have that folder when you followed the instructions correctly. You should not create any folder or anything else, the installer will do that for you.


  • 0

#67
JimBow

JimBow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

I'm sorry. I have been doing Save As when downloading files recently, so I only tried that and could not find the target folder. I did not think to try just executing the download the normal way. I am sorry to be thinking slowly. It downloaded easily and correctly.

 

It looks like the subinacl.txt log did not capture a complete log. There were many more lines on the execution screen but only one was captured in the log. On the execution screen, each command line was followed by the statement, 

SeSecurityPrivilege : Access is denied.

WARNING : Unable to set SeSecurityPrivilege privilege. This privilege may be required.

Each KEY was followed by the statement, 

: 2 the system cannot find the file specified.

 

Here is the subinacl.txt log captured after executing the script. 

 

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepository\Cache\PackageFamily\Index\PackageFamilyName\McAfeeInc.06.McAfeeSecurityAdvisorforLenovo_bq6yxensn79aw : 2 The system cannot find the file specified.
 

Here is the current log.txt

 

 

 
Path   : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Stat
         eRepository\Cache\Application\Index\PackageAndPackageRelativeApplicationId\8c8^McAfeeCentral
Owner  : NT AUTHORITY\SYSTEM
Group  : NT AUTHORITY\SYSTEM
Access : NT AUTHORITY\SYSTEM Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  268435456
         NT SERVICE\TrustedInstaller Allow  FullControl
         NT SERVICE\TrustedInstaller Allow  268435456
         NT AUTHORITY\SYSTEM Allow  -2147483648
         BUILTIN\Administrators Allow  ReadKey
         BUILTIN\Administrators Allow  -2147483648
         BUILTIN\Users Allow  ReadKey
         BUILTIN\Users Allow  -2147483648
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  ReadKey
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  -2147483648
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         ReadKey
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         -2147483648
Audit  :
Sddl   : O:SYG:SYD:AI(A;ID;KA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2
         271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIOID;GR;;;SY)(A;I
         D;KR;;;BA)(A;CIIOID;GR;;;BA)(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-
         3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S
         -1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)
 
 
Path   : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Stat
         eRepository\Cache\ApplicationUser\Index\UserAndApplicationUserModelId\1^McAfeeInc.06.McAfeeSecurityAdvisorforL
         enovo_bq6yxensn79aw!McAfeeCentral
Owner  : NT AUTHORITY\SYSTEM
Group  : NT AUTHORITY\SYSTEM
Access : NT AUTHORITY\SYSTEM Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  268435456
         NT SERVICE\TrustedInstaller Allow  FullControl
         NT SERVICE\TrustedInstaller Allow  268435456
         NT AUTHORITY\SYSTEM Allow  -2147483648
         BUILTIN\Administrators Allow  ReadKey
         BUILTIN\Administrators Allow  -2147483648
         BUILTIN\Users Allow  ReadKey
         BUILTIN\Users Allow  -2147483648
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  ReadKey
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  -2147483648
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         ReadKey
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         -2147483648
Audit  :
Sddl   : O:SYG:SYD:AI(A;ID;KA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2
         271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIOID;GR;;;SY)(A;I
         D;KR;;;BA)(A;CIIOID;GR;;;BA)(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-
         3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S
         -1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)
 
 
Path   : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Stat
         eRepository\Cache\Package\Index\PackageFullName\McAfeeInc.06.McAfeeSecurityAdvisorforLenovo_5.0.173.1_x64__bq6
         yxensn79aw
Owner  : NT AUTHORITY\SYSTEM
Group  : NT AUTHORITY\SYSTEM
Access : NT AUTHORITY\SYSTEM Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  268435456
         NT SERVICE\TrustedInstaller Allow  FullControl
         NT SERVICE\TrustedInstaller Allow  268435456
         NT AUTHORITY\SYSTEM Allow  -2147483648
         BUILTIN\Administrators Allow  ReadKey
         BUILTIN\Administrators Allow  -2147483648
         BUILTIN\Users Allow  ReadKey
         BUILTIN\Users Allow  -2147483648
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  ReadKey
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  -2147483648
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         ReadKey
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         -2147483648
Audit  :
Sddl   : O:SYG:SYD:AI(A;ID;KA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2
         271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIOID;GR;;;SY)(A;I
         D;KR;;;BA)(A;CIIOID;GR;;;BA)(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-
         3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S
         -1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)
 
 
Path   : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Stat
         eRepository\Cache\PackageFamily\Index\PackageFamilyName\McAfeeInc.06.McAfeeSecurityAdvisorforLenovo_bq6yxensn7
         9aw
Owner  : NT AUTHORITY\SYSTEM
Group  : NT AUTHORITY\SYSTEM
Access : NT AUTHORITY\SYSTEM Allow  FullControl
         NT AUTHORITY\SYSTEM Allow  268435456
         NT SERVICE\TrustedInstaller Allow  FullControl
         NT SERVICE\TrustedInstaller Allow  268435456
         NT AUTHORITY\SYSTEM Allow  -2147483648
         BUILTIN\Administrators Allow  ReadKey
         BUILTIN\Administrators Allow  -2147483648
         BUILTIN\Users Allow  ReadKey
         BUILTIN\Users Allow  -2147483648
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  ReadKey
         APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow  -2147483648
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         ReadKey
         S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681 Allow 
         -2147483648
Audit  :
Sddl   : O:SYG:SYD:AI(A;ID;KA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2
         271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIOID;GR;;;SY)(A;I
         D;KR;;;BA)(A;CIIOID;GR;;;BA)(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-
         3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S
         -1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)

  • 0

#68
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

Nothing changed with my script, if these entries are really important for you to delete, then please contact customer support of McAfee and AVAST. Based on all logs I have your system appears to be clean. These registry keys, like mentioned before many times, are just leftovers from our manual removal of these tools. As McAfee and AVAST are obviously security products, the related registry keys only have read-only access for Administrators to prevent third-party modification. I have tried a way to reset the permissions without success. I told you earlier that the input I did to remove only leftovers does not justify the output in any way. That's the reason why I do a cut here. I tried my best but modifying permission is actually quite a complex process.

 

JimBow, do you have any further questions?


  • 0

#69
JimBow

JimBow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

Thank you for all of your help, both recently and with DR M. I do not understand registry keys and cannot tell what is normal with them. I tried to say earlier that I trusted your judgment on what needed to be done with the leftover Avast and McAfee registry entries. They are only a problem for me if they provide a hacker the means to re-enter my computer via a permission or back door that I would not know about. I am sorry that my lack of knowledge created extra effort for you. 

 

My computer appears to be running well again. I appreciate your help very much.

Jim


  • 0

#70
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,267 posts

Hi, Jim.

 

Although I returned a week ago (some unexpected health issues occurred but now everything is fine), I didn't want to jump into the thread again before it was finished. Besides, from a point and after, it was obvious that it wasn't a malware removal issue, so I knew that you were at "the Master's hands", meaning that Machiavelli was the appropriate guy to guide you. For sure, you aren't the only one you learned a lot in this topic. :)

 

I'm glad your computer is running well now.

 

Take care!


  • 0

Advertisements


#71
JimBow

JimBow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts

DR M, thank you for your excellent assistance with my computer. I am glad you are back and healthy. I am also pleased that this was a good experience for you under Machiavelli's tutelage. I not only learned a lot but got my computer back into operation, My thanks and best wishes to you both.

Jim


  • 0

#72
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,267 posts
You are very welcome.
  • 0






Similar Topics


Also tagged with one or more of these keywords: Avast, Lockup, slow startup, Abrupt stops

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP