I found all of these entries for left over Kaspersky service called KAVSVC, but I read that it could also be some kind of spyware\adware entry, so don't know if I should manually remove

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Security\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Security\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\Security\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\Security\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Security\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Security\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kavsvc\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kavsvc\Enum\

I uninstalled KAV 5 and the beta of ver 2006 when used respectively and now I see some entries stayed behind even though I used the KAV remove utility for ver 2006, but still find traces of both versions , but one step at a time. This is kavsvc , which i have also found traces of kav, avp, kaspersky, klif.sys and kl1.sys. Don't know what others too look for though.

dja2k

-{ Quote: "I uninstalled KAV 5 and the beta of ver 2006 when used respectively and now I see some entries stayed behind even though I used the KAV remove utility for ver 2006, but still find traces of both versions , but one step at a time. " }-djs2k,

These entries really aren't supposed to be dealt with. The ControlSet001 is what your system has booted from and it is mapped to the CurrentControlSet at boot time. ControlSet00n (n => 2) are backups used to control boots from Last Known Good states. They shouldn't be edited since that, if done unsuccessfully, would eliminate valid ControlSets from possibly rescuing you.

What precisely are you trying to accomplish?

Blue

Don't want to reformat my system, but after having KAV 5, then going to the beta KIS\KAV 2006 , then back to KAV 5 so many times, I can't use them anymore without getting blue screens after installations. Someone said there might be entries that stayed in my registry and\or system folders that don't get replaced by new installations or conflict. Just trying to find the problem before I give up and reformat, which is my last resort for now.

dja2k

-{ Quote: "Don't want to reformat my system, but after having KAV 5, then going to the beta KIS\KAV 2006 , then back to KAV 5 so many times, I can't use them anymore without getting blue screens after installations. Someone said there might be entries that stayed in my registry and\or system folders that don't get replaced by new installations or conflict. Just trying to find the problem before I give up and reformat, which is my last resort for now.

dja2k" }-dja2k,

Try to describe the problem in more depth: Does the BSOD occur only if KAV/KIS is installed?
Do the KAV/KIS installs and uninstalls proceed without obvious incident
Does anything show up in the event viewer? Either current or when the problem started?
Have you checked your system files? (Start>Run>sfc /scannow)?
What other applications that work at low levels within the OS are running?
Is the problem that same one you noted here (http://forum.kaspersky.com/index.php?showtopic=6284&hl=)?
Do you notice any other system issues?
Those are items that come immeidately to mind. There are likely many others. Obviously a quick reinstall of the OS isn't terribly long (2-4 hours total including all updates), as long as all neeeded media and key codes are readily available.

Blue

dja2k, did you run the kav removal scripts in safe mode? And did you use the new version for KAV/KIS 6? It's available on the beta ftp server :)

Thanks, and yeah a system reformat is due. Yes the problem only happened when kav was installed. The problem was too much install and uninstall. Yes I used the new removal tool and in safe mode. The problem that i think happened is that kavsvc, kl1.sys, and klif.sys are and were in my system still. I noticed in the even viewer that windows still wanted to run kavsvc service even though it is not intalled anymore. But yeah you are right, why bother finding the problem now, when a simple reformat is due and I was just really avoiding that.

dja2k

-{ Quote: "Thanks, and yeah a system reformat is due. Yes the problem only happened when kav was installed. The problem was too much install and uninstall." }-It's not really that. On my alternate partition, I have installed basically every beta build of KAV or KIS (KIS mainly) since build 202. That's a lot of installs/uninstalls. Actually, it's too many to my taste for a beta test session since no given build is on my machine long enough for any serious stress testing, so I've just focussed on confirming gross compatibility as the builds have appeared.
-{ Quote: "Yes I used the new removal tool and in safe mode. The problem that i think happened is that kavsvc, kl1.sys, and klif.sys are and were in my system still. I noticed in the even viewer that windows still wanted to run kavsvc service even though it is not intalled anymore. But yeah you are right, why bother finding the problem now, when a simple reformat is due and I was just really avoiding that." }-Actually, if they were still running the installer should have noticed and prevented an installation, but I don't know what happens if a partial uninstall happens. If this is happening, a simply removal and/or registry clean should put things right and be preferred over an OS reinstall.

Blue

I was in my event viewer and yet again I saw something that had to do with Kaspersky I think. My system in my view is Kaspersky free, but yet here in the attachment, you can see that it is trying to start a service that is not suppose to be there anymore. I ran a search on what KLMC is and it is associated with Kaspersky Anti-Hack. Is there a way to remove that from happening, cause the .sys file is no where to be found in the windows system32 drivers folder.

dja2k

Anyone.....

dja2k

Anything left under "Non-Plug and Play drivers" in the device manager?
(Please make sure "View - Show hidden devices" is ticked in the Devide manager tab) :)

Actually all three entries from KAV are there:

KL1
KLIF
KLMC (This device is not present)

Can I uninstall those not needed anymore or with that cause problems?

dja2k

If there's no Kaspersky software on your machine, you should be safe to remove them (always make a backup / image, OK? :) )

Done, all okay!

dja2k

Nice! :)