📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

F-Secure Anti-Virus Internet Shield daemon

Options
2

Comments

  • Try the Uninstallation Tool at http://support.f-secure.com/enu/corporate/downloads/removeav.shtml

    For the delete error, are you using an account with administrator permissions? Are you deleting it in safe mode? Right-click the file - properties and make sure read-only is not ticked.

    After running the tool, post another hijackthis log.
  • spinks
    spinks Posts: 295 Forumite
    The uninstallation tool to remove client products didnt work. It wouldnt even let me download the file. Dont know if I did right but I did follow on to do the removal of server products.

    I also tried again to delete the C:\Program Files\TalkTalk Online Security. I managed to delete most of the folder apart from the common folder which contains
    fpshx.dll
    FSMA32.DLL
    FSPMAPI.DLL

    On restart I no longer have the internet shield daemon error message, I am yet to find any other problems arisen.

    Do you think I still need to go any further with this or just leave it for now & see how it goes?

    Would it still be worth getting another hijackthis scan or can I just go ahead and install AVG and comodo?
  • It sounds like you've cleared most of it.

    Reboot and check in event log (Start - Run - type eventvwr.msc - Ok) for any errors or warnings related to F-Secure/TalkTalk timed after the reboot.

    Also, check in Control Panel - Security Centre and see what Windows says for the anti-virus and firewall.

    Next download CCleaner by clicking the big green arrow, install it (untick Yahoo toolbar when installing), Run Cleaner to delete temporary files, then click Registry and scan and fix several times until no issues exist.

    I would then go ahead and install AVG and Comodo and then post another HijackThis scan.
  • spinks
    spinks Posts: 295 Forumite
    I have checked the event log although I have no idea how to interpret the data, I cant see anything relating specifically to f-secure or talktalk.

    Windows says at least one the firewalls instaled on this computer is currently ON and TalkTalk Online Security - Premium Edition 6.02 reports that it is up to date and virus scanning is on.

    Deleted temporary files and scanned and fixed until no issues.

    Just wondering whether I should still install AVG and Comodo while it still says I have anti-virus and firewall in place.
  • spakkker
    spakkker Posts: 1,322 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    You should really know which a/v and firewall you are using-I guess you have windows firewall on, maybe the online scanner is referring to itself being up to date? I would install the avg and comodo and turn off windows firewall-in control panel.You could still do a search for talk/talk and delete anything you think is connected with it.
  • spinks wrote: »
    Windows says at least one the firewalls instaled on this computer is currently ON and TalkTalk Online Security - Premium Edition 6.02 reports that it is up to date and virus scanning is on.

    Just wondering whether I should still install AVG and Comodo while it still says I have anti-virus and firewall in place.
    Windows Security Centre can be wrong in reporting that if you've removed TalkTalk/F-secure, unless the last remnants of the software are still in place. Post another HjT log and let's see what's there.

    When you install AVG and Comodo, it should show them in Security Centre, providing Windows detects them properly.
  • spinks
    spinks Posts: 295 Forumite
    Have installed AVG and Comodo. Windows security centre now says TalkTalk Online Security Premium Edition 6.02 is currently on and reports that it is up to date and virus scanning is on, so still not detecting AVG or Comodo.

    Also I am getting an error message with AVG. The logo by the clock is grey and black and a message comes up saying
    The red highlighted components are in an error state! Please pay urgent attention to their configuration!
    Anti-Virus: Internal Virus Database is out-of-date.
    Resident Shield: Resident Shield is not loaded.

    HijackThis log file as requested

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:09:24, on 07/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\System32\sistray.EXE
    C:\WINDOWS\System32\khooker.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Packard Bell EverSafe\TrayControl.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
    C:\Program Files\TalkTalk\bin\sprtcmd.exe
    C:\Program Files\Property Intellect 2.1\PINotify.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\Program Files\Microsoft Money\System\Money Express.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneybackmadness.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\apps\Adobe\Acrobat 5.1\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Norton AntiVirus - !!42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240"
    O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
    O4 - HKLM\..\Run: [PINotify] C:\Program Files\Property Intellect 2.1\\PINotify.exe
    O4 - HKLM\..\Run: [PI Notify] C:\Program Files\Property Intellect 2.1\PINotify.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
    O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158596988499
    O23 - Service: TalkTalk Online Security (BackWeb Plug-in - 81720) - Unknown owner - C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXE (file missing)
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe (file missing)
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe (file missing)
    O23 - Service: F-Secure HTTP Server (fshttps) - Unknown owner - C:\Program Files\TalkTalk Online Security\FSPC\fshttps\fshttps.exe (file missing)
    O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    --
    End of file - 7491 bytes

    BTW You may have to explain to me how to use this Comodo thing because I have never had so many messages keep popping up before and its driving me beserk as I dont even undertsnad what they mean, let alone whether to allow or deny.
  • spinks wrote: »
    Have installed AVG and Comodo. Windows security centre now says TalkTalk Online Security Premium Edition 6.02 is currently on and reports that it is up to date and virus scanning is on, so still not detecting AVG or Comodo.
    See http://support.microsoft.com/kb/883792/en-us "Q: How does Windows Security Center detect third-party products and their status?" for why this happens. There are probably some registry keys for TalkTalk still lying around. You can try searching the registry yourself and delete these keys, but you need to be very careful if you do this and backup the registry just in case it goes wrong.
    Also I am getting an error message with AVG. The logo by the clock is grey and black and a message comes up saying
    The red highlighted components are in an error state! Please pay urgent attention to their configuration!
    Anti-Virus: Internal Virus Database is out-of-date.
    Resident Shield: Resident Shield is not loaded.
    There should be an option to update the virus definitions

    From your latest HijackThis log, fix these:

    O23 - Service: TalkTalk Online Security (BackWeb Plug-in - 81720) - Unknown owner - C:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~ 1.EXE (file missing)
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe (file missing)
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - Unknown owner - C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe (file missing)
    O23 - Service: F-Secure HTTP Server (fshttps) - Unknown owner - C:\Program Files\TalkTalk Online Security\FSPC\fshttps\fshttps.exe (file missing)
    O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE (file missing)
    BTW You may have to explain to me how to use this Comodo thing because I have never had so many messages keep popping up before and its driving me beserk as I dont even undertsnad what they mean, let alone whether to allow or deny.
    They are programs attempting to access the internet. The first time you run the firewall you will get lots of these messages and, assuming the computer is free of viruses etc., it's safe to allow these access and it remembers your answer so you won't get them again unless the program changes. Thereafter, if you see a message for something you don't recognise, click deny or block. There should be a screen in Comodo where you can change the allow/block settings for each program that has attempted to access the internet. There's more help at https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=187&nav=0,2,13
  • spakkker
    spakkker Posts: 1,322 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    I use regseeker to clean the registry after changing programs -never had a problem. Avg is usually in need of updating after d/loading.
  • spinks
    spinks Posts: 295 Forumite
    Had a look in the registry but find nothing relating to TalkTalk or F-Secure?!

    I have been trying to update AVG but keep getting an error message
    Error trying to connect to server.
    Server name cannot be converted to the IP address.

    I am hopeless, tried following AVG help but don't understand it all.

    School boy advice needed here.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244K Work, Benefits & Business
  • 599K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.