Constant Secutiry Alerts

Hi I am using windows 10 and every few minutes I am getting a security alert about an expired certificate for flogs.com. I may at some point have used their calendar extension but I am sure I deleted the program as now all I can find is a registry key that relates to flogs.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=flogs&form=WNSGPH&qs=AS&cvid=e76c4dec24f643328f2ed7ec58970633&pq=flogs&nclid=F3E1DD3AB0CB06AF70697C998E6BE17C&ts=1453832049341&nclidts=1453832049&tsms=341

I see the open with for this key is set for chrome.exe.

I am assuming (ass-uming I think)  this is what is causing the problem since it is the only thing on my system that is associated with flogs at all. If I remove this it will create even more complications? This alert is making me crazy.

I have deleted chrome.exe from the OpenWith a registry item but I am still seeing this message constantly.
I am not even sure what software is initiating this error at this point.

I have attached captures of the warning and the certification path from the  properties panel.

RL
security-alert-error.jpg
security-alert-properties.jpg
emailmavenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

☠ MASQ ☠Commented:
Delete away - that should fix it after a restart.
emailmavenAuthor Commented:
Hi,

Nope, not the trick, still an issue, I see something for flog in registry, is this related? I am clueless about the registry. I am just grasping at straws here. The error popped up as soon as I restarted this time.

HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-c..plus-runtime-txflog_31bf3856ad364e35_10.0.10586.0_none_0f7d4585f56d40f0

RL
☠ MASQ ☠Commented:
You still have something running that wants to connect to flogs.com on launch
Your browser is correctly identifying that flogs.com' web security certificate has expired

MSConfig or Autoruns will list what's set to run at startup have a look through and see if something rings a bell

in the meantime you can put that entry back into the registry by renaming the attached file restore.txt to restore.reg and running it to merge into the system registry

(txflog is a transaction log and nothing to do with flogs)
restore.txt
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

emailmavenAuthor Commented:
Hi I restarted several times and see that it pops up shortly after outlook starts most of the time.
emailmavenAuthor Commented:
Hi not seeing anything anywhere. Looking in msconfig and startup items, nothing comes up in a regular search. Is there anything I can enter in the cmd prompt to find what is trying to connect to flogs.com?

There is something in startup that is named Program with no publisher, it is enabled and not measured. I have no idea what that is for.

RL
☠ MASQ ☠Commented:
Have a look in Outlook Options Add-ins - see if your Flogs Calendar is still active there.

You can always untick an item in MSConfig Startup and see what happens on restart - it's simple enough to check the box again
emailmavenAuthor Commented:
Hi That's the thing there is no flogs anywhere it is not in Outlook add-ins or com ad-ins, not in startup items I am so dumbfounded by this.

RL
☠ MASQ ☠Commented:
OK then let's have a closer look
Can you download and run HijackThis?

Right-click on the icon and choose run as administrator
Accept the licence
Choose "Do a system scan and save a log file"
Have a look through the textfile that's generated - if your OK publishing the contents online post it here as an attachment.
Only make changes if you know what you are doing.
emailmavenAuthor Commented:
Hi

Thanks for reviewing this.
hijackthis.log
☠ MASQ ☠Commented:
It looks pretty clean, I might be a while with it.

You're using Dashlane as a PW manager - might you still have a reference to a flogs.com account in there?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BillDLCommented:
If flogs.com does appear in your registry, perhaps it uses the IP Address rather than the domain name.  flogs.com seems to be in Dublin, Eire (Ireland), and has the IP Address 54.246.197.117.  This might be useful when searching Regedit, HiJack This logs, or when running commands like TASKLIST.
emailmavenAuthor Commented:
MASQ there was an entry in dashlane. I never would have thought of that one. Thanks so much for that insight. It did pop up once but haven't seen it again in a while. Hopefully that was the issue.

Thanks again
Rose
emailmavenAuthor Commented:
Hi Sorry to say that error is back. Any other logs that will help figure this out?

RL
☠ MASQ ☠Commented:
How much of a pain would it be to uninstall Dashlane completely - including removing the browser plug-ins and KWIEBar toolbar add-in?
emailmavenAuthor Commented:
Hi

I removed it removed the ie add-ins and reinstalled dashlane but this is still happening, do I need to remove the registry entries before reinstalling it? After removing the application and files the registry still had dashlane entries listed after I deleted the program via the control panel and restarted the system.
☠ MASQ ☠Commented:
Yes, looks like dashlane retains your account details in case you want to reinstall.  Helpful for most users but not in this situation.

If you are using a premium account then dashlane will resynchronize with their servers on reinstall and if the rogue entry is there it will be reloaded onto your PC.

I guess the best indicator is to run the PC for long enough to know flogs isn't being accessed before reinstalling.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.