F-Secure Anti-Virus Internet Shield daemon

Chippy_Minton

Try the Uninstallation Tool at http://support.f-secure.com/enu/corporate/downloads/removeav.shtml

For the delete error, are you using an account with administrator permissions? Are you deleting it in safe mode? Right-click the file - properties and make sure read-only is not ticked.

After running the tool, post another hijackthis log.

spinks

The uninstallation tool to remove client products didnt work. It wouldnt even let me download the file. Dont know if I did right but I did follow on to do the removal of server products.

I also tried again to delete the C:\Program Files\TalkTalk Online Security. I managed to delete most of the folder apart from the common folder which contains
fpshx.dll
FSMA32.DLL
FSPMAPI.DLL

On restart I no longer have the internet shield daemon error message, I am yet to find any other problems arisen.

Do you think I still need to go any further with this or just leave it for now & see how it goes?

Would it still be worth getting another hijackthis scan or can I just go ahead and install AVG and comodo?

Chippy_Minton

It sounds like you've cleared most of it.

Reboot and check in event log (Start - Run - type eventvwr.msc - Ok) for any errors or warnings related to F-Secure/TalkTalk timed after the reboot.

Also, check in Control Panel - Security Centre and see what Windows says for the anti-virus and firewall.

Next download CCleaner by clicking the big green arrow, install it (untick Yahoo toolbar when installing), Run Cleaner to delete temporary files, then click Registry and scan and fix several times until no issues exist.

I would then go ahead and install AVG and Comodo and then post another HijackThis scan.

spinks

I have checked the event log although I have no idea how to interpret the data, I cant see anything relating specifically to f-secure or talktalk.

Windows says at least one the firewalls instaled on this computer is currently ON and TalkTalk Online Security - Premium Edition 6.02 reports that it is up to date and virus scanning is on.

Deleted temporary files and scanned and fixed until no issues.

Just wondering whether I should still install AVG and Comodo while it still says I have anti-virus and firewall in place.

spakkker

You should really know which a/v and firewall you are using-I guess you have windows firewall on, maybe the online scanner is referring to itself being up to date? I would install the avg and comodo and turn off windows firewall-in control panel.You could still do a search for talk/talk and delete anything you think is connected with it.

Chippy_Minton

spinks wrote: »

Windows says at least one the firewalls instaled on this computer is currently ON and TalkTalk Online Security - Premium Edition 6.02 reports that it is up to date and virus scanning is on.

Just wondering whether I should still install AVG and Comodo while it still says I have anti-virus and firewall in place.

Windows Security Centre can be wrong in reporting that if you've removed TalkTalk/F-secure, unless the last remnants of the software are still in place. Post another HjT log and let's see what's there.

When you install AVG and Comodo, it should show them in Security Centre, providing Windows detects them properly.

spinks

Have installed AVG and Comodo. Windows security centre now says TalkTalk Online Security Premium Edition 6.02 is currently on and reports that it is up to date and virus scanning is on, so still not detecting AVG or Comodo.

Also I am getting an error message with AVG. The logo by the clock is grey and black and a message comes up saying
The red highlighted components are in an error state! Please pay urgent attention to their configuration!
Anti-Virus: Internal Virus Database is out-of-date.
Resident Shield: Resident Shield is not loaded.

HijackThis log file as requested

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:24, on 07/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Packard Bell EverSafe\TrayControl.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Property Intellect 2.1\PINotify.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneybackmadness.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\apps\Adobe\Acrobat 5.1\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - !!42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [PINotify] C:\Program Files\Property Intellect 2.1\\PINotify.exe
O4 - HKLM\..\Run: [PI Notify] C:\Program Files\Property Intellect 2.1\PINotify.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158596988499
O23 - Service: TalkTalk Online Security (BackWeb Plug-in - 81720) - Unknown owner - C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXE (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure HTTP Server (fshttps) - Unknown owner - C:\Program Files\TalkTalk Online Security\FSPC\fshttps\fshttps.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7491 bytes

BTW You may have to explain to me how to use this Comodo thing because I have never had so many messages keep popping up before and its driving me beserk as I dont even undertsnad what they mean, let alone whether to allow or deny.

Chippy_Minton

spinks wrote: »

Have installed AVG and Comodo. Windows security centre now says TalkTalk Online Security Premium Edition 6.02 is currently on and reports that it is up to date and virus scanning is on, so still not detecting AVG or Comodo.

See http://support.microsoft.com/kb/883792/en-us "Q: How does Windows Security Center detect third-party products and their status?" for why this happens. There are probably some registry keys for TalkTalk still lying around. You can try searching the registry yourself and delete these keys, but you need to be very careful if you do this and backup the registry just in case it goes wrong.

Also I am getting an error message with AVG. The logo by the clock is grey and black and a message comes up saying
The red highlighted components are in an error state! Please pay urgent attention to their configuration!
Anti-Virus: Internal Virus Database is out-of-date.
Resident Shield: Resident Shield is not loaded.

There should be an option to update the virus definitions

From your latest HijackThis log, fix these:

O23 - Service: TalkTalk Online Security (BackWeb Plug-in - 81720) - Unknown owner - C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~ 1.EXE (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe (file missing)
O23 - Service: F-Secure HTTP Server (fshttps) - Unknown owner - C:\Program Files\TalkTalk Online Security\FSPC\fshttps\fshttps.exe (file missing)
O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE (file missing)

BTW You may have to explain to me how to use this Comodo thing because I have never had so many messages keep popping up before and its driving me beserk as I dont even undertsnad what they mean, let alone whether to allow or deny.

They are programs attempting to access the internet. The first time you run the firewall you will get lots of these messages and, assuming the computer is free of viruses etc., it's safe to allow these access and it remembers your answer so you won't get them again unless the program changes. Thereafter, if you see a message for something you don't recognise, click deny or block. There should be a screen in Comodo where you can change the allow/block settings for each program that has attempted to access the internet. There's more help at https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=187&nav=0,2,13

spakkker

I use regseeker to clean the registry after changing programs -never had a problem. Avg is usually in need of updating after d/loading.

spinks

Had a look in the registry but find nothing relating to TalkTalk or F-Secure?!

I have been trying to update AVG but keep getting an error message
Error trying to connect to server.
Server name cannot be converted to the IP address.

I am hopeless, tried following AVG help but don't understand it all.

School boy advice needed here.