Jump to content

bryan267

Members
  • Content Count

    18
  • Joined

  • Last visited

About bryan267

  • Rank
    Candidate

Recent Profile Visitors

761 profile views
  • Rog

  1. I have just upgraded to Internet security 18, and now two components are blocking the use of a digital certificate published by Origo under the trading name Unipass, used for secure access to financial websites in the UK, such as Standard Life in internet explorer 11 under windows 10. In the past I have simply disabled antibanner. However this time Web Antivirus also blocks the pop up of the digital certificate authority acceptance window, which I need to click. If I add unipass web address to manage exclusions, which might only allow unipass website to test the certificate works, rather than the financial websites themselves, it still blocks the pop up, and adding to trusted URL's also fails to allow the pop up. If I uncheck all other additional security features on Kaspersky advanced settings it still blocks it. The only way to allow it is to disable web antivirus, which leaves me wondering what I just paid for. I have added the digital certificate to trusted root authorities, trusted publishers. I have also added unipass web address from the top of the pop up window to allowed banners and websites with allowed banners, still blocks it. Any advice please?
  2. So I finally got KIS 2015 to perform scheduled scans. But I have been having some problems with a software update on my NAS. fixed some connection issues and reactivated SSL port 22 on the NAS. So I cant access the nas and KIS is reporting issues with something trying to connect using an unsafe protocol on SSL. If I click the details link on the task bar notification it takes me to a list of notifications. While I might see 5 or more of these attempt to use an unsafe SSL protocol, none are displayed in the notification list with display all as the filter setting. So I launch KIS GUI, and find settings for notifications there are some hidden notifications, I click to unhide them. And from there I cannot find any point in the GUI where I can link back to the notifications. I have to wait for the task bar notification to pop back up, click the link and there is still no notification with any reference to SSL. So I have turned off protection, still get the notifications, gone to firewall, turned it off. I still get the same blocks. I turned off network attack and web anti virus, still no change. And I see no where on the settings to set up a rule to allow me to talk to the Nas on ssl, using any port. where are the hidden notifications? How do I find them from the GUI? How do I set a rule for SSL protocol? How do I disable Kaspersky to enable these protocols when its blocking everything when its all supposed to be turned off already? Thanks
  3. That's how to set the Kaspersky to run a full scan on the software schedule. My first post says that is what I have done. It does not trigger. The time passes when the full scan should occur, and it doesn't happen. Had the same problem with 2014 too, though it was fixed, after a lot of support help. Upon checking it before upgrading to 2015 I found it said it also had never run. Perhaps there was an update that stopped what ever remedial action was previously taken from working. But to be confirm, Kaspersky schedule does not launch full scan.
  4. Is there not a way I can access the full scan program and set up the scan from task scheduler?
  5. No its a desktop PC and there is no mention of any alternative settings on battery power.
  6. So I just renewed my license and the same problem I had with KIS 2014 is back. Last time it took 3 days to fix over a 3 week period. I cant afford for that to happen again. So I did just upgrade and it appeared to work, and the new activation code was listed as starting at the end of my current license. Checked settings and set a scan. Unfortunately it didn't happen, so I looked in support. I have now used the removal tool, and reinstalled it. I put my activation codes in the wrong way round and now my new activation code expires 15 days early and it wont accept the old code because it finishes earlier. I set a scan schedule again, nothing, tried twice and nothing. http://www.getsysteminfo.com/read.php?file...8f0fce287f4d29b
  7. ok, so no problem there. Does this mean anything to you: Category[:]0 CategoryString[:] EventCode[:]1530 EventIdentifier[:]1530 EventType[:]2 Logfile[:]Application Message[:]Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 8 user registry handles leaked from \Registry\User\S-1-5-21-1958142912-3161024770-2470448719-1000: Process 1708 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958142912-3161024770-2470448719-1000 Process 1708 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958142912-3161024770-2470448719-1000 Process 1708 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958142912-3161024770-2470448719-1000\Software\Policies\Microsoft\SystemCertificates Process 1708 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958142912-3161024770-2470448719-1000\Software\Policies\Microsoft\SystemCertificates Process 1708 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958142912-3161024770-2470448719-1000\Software\Microsoft\SystemCertificates\SmartCardRoot Process 1708 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958142912-3161024770-2470448719-1000\Software\Microsoft\SystemCertificates\CA Process 1708 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958142912-3161024770-2470448719-1000\Software\Microsoft\SystemCertificates\Root Process 1708 (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-1958142912-3161024770-2470448719-1000\Software\Microsoft\SystemCertificates\trust RecordNumber[:]66408 SourceName[:]Microsoft-Windows-User Profiles Service TimeGenerated[:]20140212165522.431163-000 TimeWritten[:]20140212165522.431163-000 Type[:]Warning User[:]NT AUTHORITY\SYSTEM New get system report: http://www.getsysteminfo.com/read.php?file...e927c52243c6bda Still a load of entries in the services log.
  8. I hacked loads of LogMeIn LMI guardian and associated files from the registry. I did back it up first, going to try a reboot and hope I haven't done any harm, or I will be learning how to restore the registry next.
  9. Reboot run, temp deleted again. Sorry still no scan on schedule. Get System Report link is: http://www.getsysteminfo.com/read.php?file...2ba891caa7667f7 I noticed that apparently my video controller is also got LogMeIn under adapter compatability. Also under the event Log of the above I see LogMeIn Kernal and LMIGuardian Svc failed to load as could not find the specified file. I noticed these two entries where repeated 7x. Also I noticed Kaspersky in the log entries: Message[:]Name resolution for the name dnl-01.geo.kaspersky.com timed out after none of the configured DNS servers responded. RecordNumber[:]299511 SourceName[:]Microsoft-Windows-DNS-Client I noticed that having deleted Bonjour on earlier advice that "C:\Program Files\Bonjour\mDNSResponder.exe" is in the installed product processes log. Oh I found this Pathname[:]"C:\Users\Bryan McAuliffe\Documents\NAS & Computer files\Logmein\x64\LMIGuardianSvc.exe" but I cant see it and have hidden files viewable in folder options. I tried typing the address in explorer but it reverted back to the holding folder. Next I found this in the system Drivers: AcceptPause[:]False AcceptStop[:]True Caption[:]LogMeIn Remote File System Driver Description[:]LogMeIn Remote File System Driver Name[:]LMIRfsDriver PathName[:]\??\C:\Windows\system32\drivers\LMIRfsDriver.sys ServiceType[:]File System Driver Started[:]True StartMode[:]Auto State[:]Running Status[:]OK In the PNP Signed Driver I found this: DeviceClass[:]DISPLAY DeviceName[:]LogMeIn Mirror Driver DriverDate[:]20060522000000.******+*** DriverProviderName[:]LogMeIn, Inc. DriverVersion[:]7.1.542.0 FriendlyName[:] IsSigned[:]False Location[:] Manufacturer[:]LogMeIn, Inc. Status[:] Going back to Bonjour I found three open ports: TCP<||||>mDNSResponder.exe||3,0,0,10||3,0,0,10||Application||C:\Program Files\Bonjour\||451KB (462 184 bytes)||||2011.08.30 23:05:32||2011.08.30 23:05:32||2012.12.03 13:07:17||0||1||0||0||0||0||Bonjour||Bonjour Service||Copyright © 2003-2011 Apple Inc.||ebbcd5dfbb1de70e8f4af8fa59e401fd||<||||>127.0.0.1<||||>5354<||||>0.0.0.0<||||>0<||||>LISTEN TCP<||||>mDNSResponder.exe||3,0,0,10||3,0,0,10||Application||C:\Program Files\Bonjour\||451KB (462 184 bytes)||||2011.08.30 23:05:32||2011.08.30 23:05:32||2012.12.03 13:07:17||0||1||0||0||0||0||Bonjour||Bonjour Service||Copyright © 2003-2011 Apple Inc.||ebbcd5dfbb1de70e8f4af8fa59e401fd||<||||>127.0.0.1<||||>5354<||||>127.0.0.1<||||>49156<||||>ESTAB TCP<||||>mDNSResponder.exe||3,0,0,10||3,0,0,10||Application||C:\Program Files\Bonjour\||451KB (462 184 bytes)||||2011.08.30 23:05:32||2011.08.30 23:05:32||2012.12.03 13:07:17||0||1||0||0||0||0||Bonjour||Bonjour Service||Copyright © 2003-2011 Apple Inc.||ebbcd5dfbb1de70e8f4af8fa59e401fd||<||||>127.0.0.1<||||>5354<||||>127.0.0.1<||||>49157<||||>ESTAB Make that 5: UDP<||||>mDNSResponder.exe||3,0,0,10||3,0,0,10||Application||C:\Program Files\Bonjour\||451KB (462 184 bytes)||||2011.08.30 23:05:32||2011.08.30 23:05:32||2012.12.03 13:07:17||0||1||0||0||0||0||Bonjour||Bonjour Service||Copyright © 2003-2011 Apple Inc.||ebbcd5dfbb1de70e8f4af8fa59e401fd||<||||>0.0.0.0<||||>49341 UDP<||||>mDNSResponder.exe||3,0,0,10||3,0,0,10||Application||C:\Program Files\Bonjour\||451KB (462 184 bytes)||||2011.08.30 23:05:32||2011.08.30 23:05:32||2012.12.03 13:07:17||0||1||0||0||0||0||Bonjour||Bonjour Service||Copyright © 2003-2011 Apple Inc.||ebbcd5dfbb1de70e8f4af8fa59e401fd||<||||>192.168.1.70<||||>5353 make that 7: UDP<||||>mDNSResponder.exe||3,0,0,10||3,0,0,10||Application||C:\Program Files\Bonjour\||451KB (462 184 bytes)||||2011.08.30 23:05:32||2011.08.30 23:05:32||2012.12.03 13:07:17||0||1||0||0||0||0||Bonjour||Bonjour Service||Copyright © 2003-2011 Apple Inc.||ebbcd5dfbb1de70e8f4af8fa59e401fd||<||||>::<||||>49342 UDP<||||>mDNSResponder.exe||3,0,0,10||3,0,0,10||Application||C:\Program Files\Bonjour\||451KB (462 184 bytes)||||2011.08.30 23:05:32||2011.08.30 23:05:32||2012.12.03 13:07:17||0||1||0||0||0||0||Bonjour||Bonjour Service||Copyright © 2003-2011 Apple Inc.||ebbcd5dfbb1de70e8f4af8fa59e401fd||<||||>::1<||||>5353 Now in the excecutableINFolder I found this containing points to Logmein again: Path[:]C:\Windows\downloaded program files Files[:]FP_AX_CAB_INSTALLER.exe||10,3,181,34||10,3,181,34||Application||C:\Windows\Downloaded Program Files\||2.98MB (3 123 872 bytes)||||2011.06.21 14:25:20||2011.06.21 14:25:20||2011.06.21 14:25:20||0||1||0||0||0||0||Flash® Player Installer/Uninstaller||Adobe® Flash® Player Installer/Uninstaller 10.3 r181||Copyright © 1996-2011 Adobe, Inc.||f1cd64dd3702bdcdfb0531bb21c6befc||<||||>HPISDataManager.dll||1, 0, 0, 25||1, 0, 0, 25||Application extension||C:\Windows\Downloaded Program Files\||194KB (198 280 bytes)||||2009.04.20 16:23:22||2009.04.20 16:23:22||2009.04.20 16:23:22||0||1||0||0||0||0||Hewlett-Packard Online Support Services||Hewlett-Packard Online Support Services||Hewlett-Packard Copyright 2005||50c0949e6219214df11d7519e5052c3b||<||||>ieatgpc.dll||2, 1, 0, 2||27, 32, 2012, 709||Application extension||C:\Windows\Downloaded Program Files\||300KB (306 704 bytes)||||2013.06.26 06:26:44||2013.06.26 06:26:44||2013.06.26 06:26:44||0||1||0||0||0||0||WebEx Download Module||Download Manager||© 1997-2010 Cisco and/or its affiliates. All rights reserved.||52f92d15f434645be948ed51b052fe2d||<||||>LMIBroker.exe||1.0.23||8.0.759||Application||C:\Windows\Downloaded Program Files\||117KB (120 208 bytes)||||2010.10.06 13:24:19||2010.10.06 13:24:19||2010.10.06 13:24:19||0||1||0||0||0||0||LogMeIn, Inc. Remote Access Components 1.0.0.23||LogMeIn, Inc. Remote Access Components||Copyright © 1998-2010 LogMeIn, Inc. All rights reserved.||913e98555e61b3f903bd5d7d2391deae||<||||>LMIGuardian.exe||9.0.983||9.0.983||Application||C:\Windows\Downloaded Program Files\||364KB (372 736 bytes)||||2010.01.15 14:25:06||2010.01.15 14:25:06||2010.01.15 14:25:06||0||1||0||0||0||0||LMIGuardian||LMIGuardian||Copyright © 1998-2009 LogMeIn, Inc. All rights reserved.||a2d7de5d57bb3bbbe9af175caaac5c32||<||||>LMIGuardianDll.dll||9.0.983||9.0.983||Application extension||C:\Windows\Downloaded Program Files\||844KB (864 256 bytes)||||2010.01.15 14:25:06||2010.01.15 14:25:06||2010.01.15 14:25:06||0||1||0||0||0||0||LMIGuardianDll||LMIGuardianDll||Copyright © 1998-2009 LogMeIn, Inc. All rights reserved.||467047b30d07ae3c6cb7dba0615f17f0||<||||>LMIGuardianEvt.dll||9.0.983||9.0.983||Application extension||C:\Windows\Downloaded Program Files\||308KB (315 392 bytes)||||2010.01.15 14:25:06||2010.01.15 14:25:06||2010.01.15 14:25:06||0||1||0||0||0||0||LMIGuardianEvt||LMIGuardianEvt||Copyright © 1998-2009 LogMeIn, Inc. All rights reserved.||7663dfe012280cc7b31aeb3e4608bd08||<||||>LMIProxyHelper.exe||||||Application||C:\Windows\Downloaded Program Files\||69.3KB (70 984 bytes)||||2010.01.15 14:26:54||2010.01.15 14:26:54||2010.01.15 14:26:54||0||1||0||0||0||0||||||||8f700da1a1a75501d6eef76bc866eb29||<||||>ppZDHelper.dll||4.9.0.0||4.9.0.0||Application extension||C:\Windows\Downloaded Program Files\||181KB (185 664 bytes)||||2008.06.13 13:07:30||2008.06.13 13:07:30||2008.06.13 13:07:30||0||1||0||0||0||0||Trend Micro Email Encryption Client||ZD Helper||Copyright © 2003-2008 Trend Micro Incorporated. All rights reserved.||4f8d0af21feb0e5d88ce1dbdfb4c084f||<||||>RACtrl.dll||||||Application extension||C:\Windows\Downloaded Program Files\||3.88MB (4 064 656 bytes)||||2010.06.01 10:46:58||2010.06.01 10:46:58||2010.06.01 10:46:58||0||1||0||0||0||0||||||||1c635861e857359f1fcf692c9076f61f||<||||>ReflexiveWebGameLoader.dll||1, 0, 0, 15||1, 0, 0, 15||Application extension||C:\Windows\Downloaded Program Files\||136KB (139 264 bytes)||||2004.09.10 13:52:42||2004.09.10 13:52:42||2004.09.10 13:52:42||0||1||0||0||0||0||ReflexiveWebGameLoader Module||ReflexiveWebGameLoader Module||Copyright 2004||8ffb6e04ef5d6ca711d073c2fdfa79f5||<||||> I know there are calls to Logmein in the registry, I deleted some in folders called logmein but there are some hidden references. And I notice looking at the recorded TEMP folder contents, oh I see I have been deleting the Appdate local Temp folder when typing %TEMP% Got a lot in this message but I tried to extract from the report hoping to make your life easier. Don't know if I have done that, but I at least have some comprehension about what your looking through now.
  10. Hi Adam OK I looked in the services and could not find LMI Guardian. However it was previously in C:\Windows\Downloaded Program files as an application with associated files which I manually deleted. I did notice on the web that some instructions on how to delete the file had stated that some virus use the name?? I deleted easybits as instructed, and while Trend mail encryption is used on receipt, I am sure it will add the files again when I next use it and so have deleted those as instructed also. Windows firewall stated it was being controlled by Kaspersky and initially would not give up control to me. I had to disable Kaspersky protection, switch it off and then enable again. In case this is of any interest to you, the manualy launched full scan I did yesterday with one not processed, though the report does not show which file was not processed. I have rebooted and found again it hasn't launched at the prescribed time. I will change the time again, delete the temp again, reboot and if noting happens I will run another getsystem information and repost.
  11. OK apparently issues with IE11 are cured so I changed up again. My problems with IE seem to be solved. I manually removed the remanents of LogmeIn. I tried running scheduled virus as administrator. Still cant get it to launch in schedule. I ran it manually and after asking it not to check network drives and email, it completed the task finding nothing and skipping one file. Another getsystem report here, may find LMI guardian again in the report, though I found it in the C:|windows\downloaded program files and manually deleted it.
  12. Hi I uninstalled Bonjour. I reinstalled Logmein, then uninstalled it hoping to catch guardian LMI. I didn't retry at that stage, I followed your entire advice and used the removal tool to uninstall Kaspersky internet security. I did it from safe mode, upon re-entry to safe mode it found no other software to uninstall. I used your link and reinstalled Kaspersky. I found it runs to root scan, no change there, but it did say that a full scan had been stopped. This may be due to restarts following the update, but it managed to scan no files. I cleared the task manager and reset the schedule, nothing. In case it had registered its daily scan already I waited until yesterday, no schedule scan, and again today. Suspicious that there may indeed be a virus in there, I have asked for a manual full scan, but it wont be the first time. This was not my first reinstall of Kaspersky. I have also run Microsoft malicious software removal tool, found nothing. Whereas Kaspersky has found virus in attachments in my deleted items of outlook. I have never opened any of those and many don't get through as I set outlook to automatically delete any zip file email attachments. The only other problem the computer is having, after installing IE11, I had to roll back as a digital certificate was not working properly, unfortunately essential for my work. Since roll back, many web sites have informed me that I am using an unsupported browser, that they only support from ie8. Which is also strange because ie8 was what this machine was delivered with and is currently ie10. I tried deleting Microsoft internet explorer updates and got back to ie8 then reinstalled ie10. I still get the same screen warnings. I also get warnings about being in compatibility view when I am not, warnings that a chrome addon is no longer supported. And a persistent email that attempts to be downloaded from a work server, that never gets here though it is only 26Kb and requires me to stop send and receive and start again to get new email. I just found a load more logmein stuff, and it appears many people are unable to remove it completely, however there are some instructions that I will try. OK Done, will reboot, try once more and if no success I will repost a new get system information.
  13. Hi you guys already helped me and it managed just one scan on the day of install. You will still be able to see the logs under this user name. There is another problem which could be linked. I upgraded to Internet Explorer 11, but found that the security certificate I was using to access certain company websites could not be found, so I rolled back to IE 10. Since then I have found websites telling me they do not support versions of internet explorer before version 8 and that my version is unsupported. 10 is higher then 8. I uninstalled the IE updates and reinstalled IE 10, I still have the same issue. Mostly around google sites, google drive etc drop box too. Kaspersky will run the scan but only on manual start. Got your get system information link here http://www.getsysteminfo.com/read.php?file...96a119e452e5258 I only ever found virus in unopened emails, and ran Microsoft malicious software removal tool. Previously we cleared bits of old anti virus, AVG etc. I tried to use Microsoft help to fix the IE problem, they claim that I must have a virus that neither your software nor their own malicious software removal tool can detect, but of course they want me to agree to pay a fee and it sounds like a disturbance tact to me. Any further advice you have will be greatly appreciated. I'd be happy to reinstall the OS if I had the disks for all the Microsoft office software, I don't trust the ability to keep the product ID and reinstall. Bryan
  14. Adam, I managed to repair the HP tool and removed the problem Skype program. I also removed a load of windows live programs. However in the Temp folder I found around 12 AVG folders, and around 30 files which I deleted, along with some Avast files too as a tried a few antivirus before settling on this one. I uninstalled and reinstalled as per your instructions, for a while I thought it had failed to solve the problem until I realised I had set the new schedule for am and not pm. The Full scan has now started according to schedule and should now run every day. I would like to thank you, and Richbuff for your help and for solving this issue for me. I did have a two year licence for avast but they decided to upgrade the software from antivirus to internet security without my consent and I found the whole online services had become cloud based, very secure, but had caused a minimum reduction in speed of anything in internet explorer of 1/100th of what it had been. Typing three letters in to google took almost as many minutes to appear. Funny cause AVG was removed more than a year ago and that was the one causing the problems this time. Thanks again, please consider this item finished and a satisfied customer. Bryan
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.