Test version of AV+IS

Closed
golden-graham Posts 20 Registration date Monday April 19, 2010 Status Member Last seen April 21, 2010 - Apr 19, 2010 at 05:33 AM
Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Apr 21, 2010 at 06:15 AM
Hi all
Is anybody else having problems with a new f-secure av? i downloaded from the standard f-secure av (upside down blue triangle icon) as asked and ended up with : test version of AV+IS (BLACK icon with picture of a lock)

Related:

4 responses

Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,176
Apr 19, 2010 at 06:38 AM
Hello,

I also use F-Secure which I find a good software along with Kaspersky.

You may eventually need to uninstall and reinstall F-Secure, but in the meantime, to help resolve the problem I would need to examine a system log.

Please download and install Hyjackthis. (version 2.0.3 beta)

http://free.antivirus.com/hijackthis/

Request a scan and save a log. Copy the log and post it here.

Au revoir
1
golden-graham Posts 20 Registration date Monday April 19, 2010 Status Member Last seen April 21, 2010
Apr 19, 2010 at 08:02 AM
thanks,will do,be a couple of hours as i have to download everything on a laptop to disc then to pc,unless there is another way of doing this?

Cheers
0
you should able put it on a cd and hit shift 5 time to get this icon up and run it from there Ambucias should be able to tell you how to do it proberly
0
golden-graham Posts 20 Registration date Monday April 19, 2010 Status Member Last seen April 21, 2010
Apr 19, 2010 at 10:10 AM
thanks for the info, hopefully this is the hijack list below..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:23, on 19/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\FSGK32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\TalkTalk Online Security\Anti-Virus\fssm32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = https://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hackerwatch.org/library/app/description/en/0/724.htm?md5=0F77429E2717DC1374E7B26E2D935F85
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\TalkTalk Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\TalkTalk Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S122.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2431152904-4040453114-299044055-1006\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S122.tmp" /EF "HKCU" (User '?')
O4 - HKUS\S-1-5-21-2431152904-4040453114-299044055-1006\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2431152904-4040453114-299044055-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: TalkTalk SNU5630NS 05 Wireless USB Adapter.lnk = C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\TalkTalk Online Security\ORSP Client\fsorsp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
golden-graham Posts 20 Registration date Monday April 19, 2010 Status Member Last seen April 21, 2010
Apr 19, 2010 at 10:19 AM
i did run it through an analyser thing and it came up with 24 unknown ? no exact entries found?

mummy :( i haven't got a clue what any of this means,i hope you good peeps on here can shed some light on it for me
0
Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,176
Apr 19, 2010 at 05:32 PM
Hello Golden

1. Please run a Hyjackthis scan, no log and check the following items:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll


2. Click fix checked

3. If Hyjackthis tells you it can't delete :

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

Go to : c:\windows\system32\nwprovau.dll and delete it.

4. Download, install and update Malwarebyte and run, I insist on FULL system scan. Do not interfere with the scan no matter how long it takes. If Malwarebyte reboot your system, relaunch MBAM and continue the scan

Good luck
1
golden-graham Posts 20 Registration date Monday April 19, 2010 Status Member Last seen April 21, 2010
Apr 20, 2010 at 03:28 AM
Hi Ambucias

I have run the scan with no log and checked the above and fixed,as you said i had to delete the 010\nwprovau.dll manually.

I have downloaded Malwarebyte from the downloads/security list on this site and i am about to run it now so i ill let you know how i get on ,many thanks for the reply.
0
golden-graham Posts 20 Registration date Monday April 19, 2010 Status Member Last seen April 21, 2010
Apr 20, 2010 at 03:33 AM
oh, not sure if it matters or not but its reason for not being able to delete the 010 was:
i should use LSPFix downloadable from http://www.cexx.org/lspfix.htm

if the item belongs to web enhancer,NewNet or CommonName,Spyot S+D can remove it automatically Spybot is available from https://www.safer-networking.org/
0
golden-graham Posts 20 Registration date Monday April 19, 2010 Status Member Last seen April 21, 2010
Apr 20, 2010 at 03:47 AM
hi Ambucias

i downloaded the malwarebytes on to the desktop of this laptop,transfered it with removable storage,my pc wouldn't let me move or copy malwarebytes to my pc so i opened it and installed it directly from the removable storage and all seemed well.

it has the shortcut on the desktop

there was a problem when i tried to open/run Malwarebytes?

run time error 372

failed to load control 'vbalgrid' from vbalgrid6.ocx your ersion of vbalgrid6.ocx may be outdated,make sure you are using the version of the control that was provided with your application.

thanks A
0
Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,176
Apr 20, 2010 at 04:55 AM
Hello Golden

vbalgrid6.ocx error is not indigenous to MBMA so we will attempt to apply a very potent remedy.

To keep your system safe, you must follow the instructions hereunder to the letter:

1. Download Combofix to your desktop.

http://www.combofix.org/download.php

2.Close all open Windows including this one.

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

3. Double click on the ComboFix icon.

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.

4. Accept the disclaimer and the recovery

5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.

ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.

If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

Once you are done, paste the log here and report to me on how your system is behaving.

Good luck

P.S. Important, while Combo is running, do not mouse click or keyboard tap.
0
golden-graham Posts 20 Registration date Monday April 19, 2010 Status Member Last seen April 21, 2010
Apr 20, 2010 at 09:23 AM
hi A

as before i used a laptop to transfer combofix to removable storage and the same as the malwarbytes it would not let me move or copy to pc desktop,

i ran the combofix from the removable storage and the, i accepted the disclaimer.

it opened a prompt screen

ran combo fix

attempted to create a new restore point and then : a message info box popped up reading:

this machine does not have the 'microsoft windows recovery console installed, without it ,combofix shall not attempt the fixing of some serious infections.

click yes to have combofix download/install it.
NOTE this requires an active internet connection



Ambucias, i do not have working internet on the pc(it should have) ,it displays a connection and speed but nothing is accesible internet wise.(according to me anyway)

i have left the pc with the combofix prompt screen and the message you see above,awaiting instructions.

Cheers
0
closeup22 Posts 8923 Registration date Friday May 15, 2009 Status Member Last seen October 7, 2010 2,099
Apr 19, 2010 at 05:37 AM
HI there,

Please provide more information associated with this issue.

Thanks
0
golden-graham Posts 20 Registration date Monday April 19, 2010 Status Member Last seen April 21, 2010
Apr 19, 2010 at 05:49 AM
i currently use talk talk as my internet provider,and f-secure went hand in hand with their package at the time.
recently it prompted me to download an update from the f-secure av that when finished completely changed the look of the menu and f-secure scanning settings and so on,the icon changed to a black back ground with a lock emblem.

i havn't thought anything of it but it did pick up one virus on a scan (generic trojan?) it never seemed to clean it properly and since the new download my computer has been slow and unresponsive including internet,even though the icon on the bottom right displayed full signal for the internet and full speed .. i noticed it at first when i tried to watch something on iplayer,it displayed the message about my bandwidth not being enough and then slowly everything else seemed to get slower...i borrowed a friends laptop and connected to the wireless router and that too slowed down to a snails pace,but when returned to his bt homehub returned to normal?

and then that led me to do silly things ref: my post in windows forum

before altering my computer for the worse i scanned several times for any viruses or spyware,and nothing came up.
0
Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,176
Apr 20, 2010 at 05:24 PM
Okay I got the thread back.

What you reported is a problem with F-Secure.

You may try rebooting or restarting your computer later to see if the error messages comes back. If it does you must contact F-Secure who will tell you to uninstall and reinstall. I know, I have F-Secure.

I just what to know how the rest of your system is behaving.
0
golden-graham Posts 20 Registration date Monday April 19, 2010 Status Member Last seen April 21, 2010
Apr 21, 2010 at 03:23 AM
thanks for your patience Ambucias,did you see all the comments i left yesterday? about rebooting ? the f-secure or test version of av-is as it is known know will not open and does not show in the lower right of the task bar.

G
0
Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,176
Apr 21, 2010 at 04:20 AM
Yes I did read your comments.
Did you uninstall and reinstalled F-Secure?
0
golden-graham Posts 20 Registration date Monday April 19, 2010 Status Member Last seen April 21, 2010
Apr 21, 2010 at 05:59 AM
Hi A

i uninstalled but i can reinstall it.

cheers
0
Ambucias Posts 47357 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,176
Apr 21, 2010 at 06:15 AM
Sure you can...

It is because it is not completely uninstalled.

1. Open Explorer and look in c:\documents and settings\all users\application data and see if you have any files pertaining to F-Secure.

2. Delete them

3. Scroll down to Programme files and do the same as in 1.

4. Dowload and install CCleaner.

https://ccm.net/downloads/security-and-maintenance/4555-ccleaner/

5. Run the file cleaner (the brush icon) and delete those files.

6. With CCleaner run a registry scan (blue blocks)

7. Delete those entries and you may make a save when asked.

8. Try reinstalling F-Secure. If you get an error message I would like to know exactly what it says.
0