Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: HerdProtect getting stopped by AVG

28 Jun 2014   #11
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Okay, got rid of the adware!


Now, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forum and save it to your desktop.


Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.





Rescan with DDS and post the .txt log.


My System SpecsSystem Spec
.
28 Jun 2014   #12
lpaigeg

CT: CONNECTICUT
 
 

I ran TFC -- it did not request a reboot. Here is the scan report:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: BrowserJavaVersion: 10.55.2
Run by rkl at 21:01:39 on 2014-06-28
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.384 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
TCP: NameServer = 64.72.64.10 8.8.8.8
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C} : DHCPNameServer = 64.72.64.10 8.8.8.8
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\34347457563747 : DHCPNameServer = 136.244.1.1 136.244.1.2 8.8.8.8
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\35D616C6C644565627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\64964646C6568656164637D27457563747 : DHCPNameServer = 192.168.2.253
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\C41607964657D6028496C6C602641627D6 : DHCPNameServer = 10.1.10.1 75.75.76.76
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\D496E6E61672370286964656F65747 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{A81087B2-589B-456F-8D51-F5A5BADAE6F1} : DHCPNameServer = 192.168.0.1 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-5-13 149784]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-5-13 237848]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-5-13 107288]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-5-13 27416]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-5-13 122136]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-5-13 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-5-13 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-5-13 192280]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-5-13 210200]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-5-13 292424]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-11-26 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-12-21 735776]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 104768]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-11-26 260640]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-11-26 243232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-26 68208]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwsn00.sys [2013-7-25 10382576]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-11-26 82768]
S3 MWLService;MyWinLocker Service;c:\program files\egistec mywinlocker\x86\MWLService.exe [2010-5-26 305520]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-11-26 6766080]
.
=============== Created Last 30 ================
.
2014-06-28 21:15:17 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-28 21:12:10 -------- d-----w- C:\AdwCleaner
2014-06-28 00:57:26 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cbe428b8-5687-4a43-b8f8-4521ea8a8015}\mpengine.dll
2014-06-26 15:14:43 -------- d-----w- c:\program files\Reason
2014-06-26 14:49:18 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-06-24 03:16:00 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{96d6491b-f4eb-4643-a1dd-d5de05b86820}\gapaengine.dll
2014-06-19 16:38:49 -------- d-----w- c:\users\rkl\appdata\local\Adobe
2014-06-05 22:48:52 -------- d-----w- c:\program files\CCleaner
2014-06-05 22:40:10 -------- d-----w- c:\users\rkl\appdata\roaming\rightbackup
2014-06-02 12:10:52 -------- d-----w- c:\windows\pss
2014-05-31 15:37:22 -------- d-----w- c:\users\rkl\appdata\roaming\Paltalk
2014-05-31 15:37:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-31 15:37:16 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-31 15:36:31 -------- d-----w- c:\program files\Paltalk Messenger
.
==================== Find3M ====================
.
2014-05-13 18:19:14 192280 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-05-13 18:17:24 237848 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-05-13 18:17:22 210200 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-05-13 18:17:22 122136 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-05-13 18:17:20 149784 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-05-13 18:09:12 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-05-13 18:04:36 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-05-13 18:04:34 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-04-15 00:13:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 21:03:56.64 ===============
My System SpecsSystem Spec
28 Jun 2014   #13
lpaigeg

CT: CONNECTICUT
 
 

Jacee & Andrew:
I did download the portable version. Scan results are below.

HERD PROTECT SCAN RESULTS
Saved date: 6/28/2014 11:14:24 PM
Files detected: 23
Files scanned: 3,219
Processes scanned: 53
Modules scanned: 498
ASEPs scanned: 396
Downloads scanned: 5
Deep analysis: 7/0
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path: c:\program files\acer games\acer game console\gameconsoleservice.exe
Publisher: WildTangent, Inc.
Signer: WildTangent Inc
MD5: ce16683cfd11fe70bde435dda5ea1fca
SHA-1: ff1041c97622b81d6fd03e3a7f17c8884cc2e8c2
Created: 4/3/2010 7:01:24 PM
Detections: 3
Determination: Inconclusive
- Dr.Web as MULDROP.Trojan (Undefined malware)
- Boost by Reason as Optional.Service.WildTangent.S
- Antiy Labs AVL as Trojan/Win32.Mufanom.gen (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\windows\system32\drivers\ipmidrv.sys
Publisher: Microsoft Corporation
MD5: e4454b6c37d7ffd5649611f6496308a7
SHA-1: a917299009753096f1858a97090ef99e84dffe14
Created: 7/13/2009 7:30:59 PM
Detections: 1
Determination: Inconclusive
- Emsisoft Anti-Malware as Gen:Variant.Kazy.250361 (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\paltalk messenger\paltalk.exe
Publisher: AVM Software Inc.
Signer: Paltalk.com
MD5: d2175b19bd5cb416ac69a907814eccd0
SHA-1: 7ca341833f8acabb3c74f74fca335ef4fee8559f
Created: 5/31/2014 11:36:38 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.Stranact (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\users\rkl\desktop\tfc.exe
Publisher: OldTimer Tools
MD5: 788fcddd88240a85039f7f561093b118
SHA-1: 6b5b2ef60b3ec25a4083b1629a4fd51574428ea1
Created: 6/28/2014 8:58:09 PM
Detections: 3
Determination: Inconclusive
- Bkav FE as HW32.CDB (Undefined malware)
- Kingsoft AntiVirus as Win32.HeurC.KVM099.a.(kcloud) (Undefined malware)
- Baidu Antivirus as Trojan.Win32.Undef (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\users\rkl\downloads\herdprotectscan_setup.exe
Publisher: Reason Company Software Inc.
Signer: Reason Software Company Inc.
MD5: 5e6c9fa4bc18a6e529eafdc7f0006162
SHA-1: f53efd19ba93ff8cbed657e13e61ae84da401e4e
Created: 6/26/2014 11:12:36 AM
Detections: 3
Determination: Inconclusive
- Trend Micro House Call as Suspicious_GEN.F47V0611 (Undefined malware)
- Kaspersky as HEUR:Trojan.Win32.Generic (Undefined malware)
- Rising Antivirus as PE:Malware.ArcadeWeb!6.727 (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\users\rkl\downloads\cbsidlm-cbsi183-free_jpg_to_pdf-seo-75732662.exe
Publisher: CNET Download.com
Signer: CBS Interactive
MD5: 609b83259466f78ec2014119b22100f8
SHA-1: 23b050563a81a1c57daba7805b1e3e6b4c874f2b
Created: 4/7/2014 12:05:35 PM
Detections: 7
Determination: Adware
- McAfee as Artemis!609B83259466 (Undefined malware)
- Trend Micro House Call as TROJ_GEN.F47V0220 (Undefined malware)
- VIPRE Antivirus as Opencandy (Adware)
- McAfee Web Gateway as Artemis!609B83259466 (Undefined malware)
- AhnLab V3 Security as PUP/Win32.Downloader (Adware)
- ESET NOD32 as Win32/CNETInstaller (variant) (Undefined malware)
- Reason Heuristics as Bundler.PPI.CBSInteractive.e (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\users\rkl\downloads\rcp_dcomnew_util_300.exe
Publisher: Systweak Inc
Signer: Systweak Software
MD5: 20ccd9717c7bb4183af8b6f2d14c63fa
SHA-1: 2976151506b7afc6c0d7a96e48ebe1a427e6b36d
Created: 6/5/2014 6:30:03 PM
Detections: 5
Determination: Adware
- Reason Heuristics as PUP.Optional.SystweakSoftware.U (Adware)
- ESET NOD32 as Win32/Systweak (Undefined malware)
- Trend Micro House Call as TROJ_GEN.F47V0516 (Undefined malware)
- Dr.Web as riskware program Program.Unwanted.31 (Undefined malware)
- G Data as Win32.Application.RegCleanPro (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\windows\plfseti.exe
Publisher:
Signer: SONIX TECHNOLOGY CO. , LTD
MD5: eadceb89dd46da2a5560ca2af016a6a6
SHA-1: 2cfef42c6e1ad0421e3352f0c1d3002e164a3f65
Created: 12/21/2010 10:26:52 AM
Detections: 1
Determination: Inconclusive
- Boost by Reason as Optional.Startup.SONIXTECHNOLOGYCO.H

---------------------------------------------------------------------------------

File path: c:\windows\system32\mrt.exe
Publisher: Microsoft Corporation
Signer: Microsoft Corporation
MD5: c6c8001c1d99079022d8c8c66bae3bac
SHA-1: 541f60d44fb49dfcbe97eeb9ba0ddb4fb7909f7d
Created: 4/4/2011 9:24:03 PM
Detections: 1
Determination: Inconclusive
- Boost by Reason as PUP.MicrosoftCorporation.D

---------------------------------------------------------------------------------

File path: c:\users\rkl\appdata\local\apps\2.0\4vm7denq.0rl\8pd26c6m.wq8\goog...app_4fe91ede9f9bdca3_0001.0003_ 220683e2e6fc7802\googleupdatesetup.exe
Publisher: Google Inc.
Signer: Google Inc
MD5: a6f8d4fbc12177a75ab4c06d059229b6
SHA-1: 3403381c7fef04c040a96f0d19c6311b4826ad75
Created: 10/22/2013 12:41:17 PM
Detections: 1
Determination: Inconclusive
- Antiy Labs AVL as Trojan/Win32.Generic (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\users\rkl\appdata\local\apps\2.0\4vm7denq.0rl\8pd26c6m.wq8\clic...exe_4fe91ede9f9bdca3_0001.0003_ none_81523f7b64d98436\googleupdatesetup.exe
Publisher: Google Inc.
Signer: Google Inc
MD5: a6f8d4fbc12177a75ab4c06d059229b6
SHA-1: 3403381c7fef04c040a96f0d19c6311b4826ad75
Created: 10/22/2013 12:41:17 PM
Detections: 1
Determination: Inconclusive
- Antiy Labs AVL as Trojan/Win32.Generic (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\quicktime\qtsystem\quicktimeupdatehelper.exe
Publisher: Apple Inc.
MD5: 6ba0a1e9e362d1df46bf747ba0f942fa
SHA-1: e39ffa0bdd613caa6e84df3cb4dd5dae6f2a2b3d
Created: 1/17/2014 3:24:00 PM
Detections: 1
Determination: Inconclusive
- Boost by Reason as Optional.Apple.V

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{738bf5c3-af7b-4bb0-b7ef-e505efc756be}\shredder.exe
Publisher: Egis Technology Inc.
Signer: EGIS TECHNOLOGY INC.
MD5: 7e0e1f2dcfff6aa7bd28633637b441c7
SHA-1: 712b7310db3d0c0e0d012638e1d9552fca0c9967
Created: 11/26/2010 8:28:58 AM
Detections: 1
Determination: Inconclusive
- Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\egistec mywinlocker\shredder.exe
Publisher: Egis Technology Inc.
Signer: EGIS TECHNOLOGY INC.
MD5: f31bfaf4e7f073a32de7f0b7bce194d3
SHA-1: 1f1094b58dbc8c644508d7e5d8334de7b984e0c0
Created: 1/21/2010 12:23:10 AM
Detections: 1
Determination: Inconclusive
- Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\acer games\uninstall.exe
Publisher: WildTangent
MD5: 237044acc92aad07375cad594418966b
SHA-1: e7d29577638c80909291c80048584ef9c6a6568c
Created: 11/26/2010 8:12:27 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.CDB (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\acer games\virtual villagers 4 - the tree of life\virtual villagers - the tree of life-wt.exe
Publisher: WildTangent, Inc.
Signer: WildTangent Inc
MD5: fafd9e01a8f6f7e310fd8e23888b69f0
SHA-1: 47f54a6e8fde8d33ea61efd7572e795745570d3c
Created: 4/16/2010 1:50:38 PM
Detections: 1
Determination: Inconclusive
- Norman as Obfuscated.T (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\acer games\final drive nitro\racing-wt.exe
Publisher: WildTangent, Inc.
Signer: WildTangent Inc
MD5: bfde24d3643b824b61cd6d7c0d68d493
SHA-1: dc1b55bf7cb1854f4e5d6406c889661f8538bc98
Created: 4/16/2010 3:36:20 AM
Detections: 3
Determination: Inconclusive
- Norman as Obfuscated.T (Undefined malware)
- Trend Micro House Call as TROJ_GEN.F47V0917 (Undefined malware)
- AVG as Win32/Heur.dropper (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\paltalk messenger\libx264-129.dll
Publisher: x264 project
MD5: bd73b37b4544aa6223ec2b97932ef5c2
SHA-1: 940629b6d4f479ab836508216d3692e1e2e7db46
Created: 5/31/2014 11:36:38 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.TsCabk (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\paltalk messenger\palsound.dll
Publisher: Paltalk.com
Signer: Paltalk.com
MD5: 1c05bde09cbdcccb3924b11f84c07e93
SHA-1: 6317c52387b438135f180c72aa9e9a50053c732c
Created: 5/31/2014 11:36:43 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.Stranact (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\paltalk messenger\webvideo.dll
Publisher: Paltalk.com
Signer: Paltalk.com
MD5: 684d004ee1b4c7dd3ae17f1abad70670
SHA-1: 2593210fe5e4d06548b3f0df5bd1414d134d8c9c
Created: 5/31/2014 11:36:44 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.Stranact (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{d0ace89d-ec7f-470f-80be-4c98ed366b32}\issetup.dll
Publisher: Acresso Software Inc.
Signer: Chicony Electronics Co., Ltd.
MD5: 73ab880f2c6f00b71ec9f68d9cae4fd1
SHA-1: b06efa2c1d0124681282b8451ca64d9a7c4ff125
Created: 12/21/2010 10:26:52 AM
Detections: 1
Determination: Inconclusive
- eSafe as Suspicious File (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{738bf5c3-af7b-4bb0-b7ef-e505efc756be}\issetup.dll
Publisher: Acresso Software Inc.
MD5: f6605e1289f6109e84ad2df9168630f3
SHA-1: 3f19ca8790d528c103f3ef9b6fc5158d22d3f922
Created: 11/26/2010 8:27:07 AM
Detections: 1
Determination: Inconclusive
- Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{0d7cd0d9-4a88-4a63-8f91-3f4e8f371768}\issetup.dll
Publisher: Acresso Software Inc.
MD5: ae53a8740ea7aabc4c9039195d0b59da
SHA-1: 10d9408e0c01c060d76de1c4440c78462d579a41
Created: 11/26/2010 8:28:12 AM
Detections: 1
Determination: Inconclusive
- Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)
My System SpecsSystem Spec
.

28 Jun 2014   #14
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Take a look at this page about "Acresso Software Inc" (Nuance Software Manager)... What is Acresso software manager agent and how do I get rid of it? - Microsoft Community


It's up to you if you want to uninstall the PDF reader or not.


I've seen many say that Sumatra is a good, free PDF reader. Just make sure you uncheck any pre-checked boxes when downloading and installing! Download Sumatra PDF 2.5.2 - FileHippo.com
My System SpecsSystem Spec
29 Jun 2014   #15
lpaigeg

CT: CONNECTICUT
 
 

Hi Jacee,
I can't find the Acresso File or any PDF reader. I looked in Program files, I did a windows search -- even searching issetup.dll and it doesn't find such a file except for within the scan document.

Questions:
--How do I get rid of Acresso files?
-- what about the other files detected by the scan? What about Systweak? And should I get rid of Googleupdatesetup (why is there such a file anyway?)?
--NOTE: the PalTalk Messenger is a wanted program.

Thanks Again!!
Laurie

PS Since my original question was about how to run HerdProtect should I mark it solved and start a new thread?
My System SpecsSystem Spec
29 Jun 2014   #16
andrew129260

Windows 10 Pro
 
 

Quote   Quote: Originally Posted by lpaigeg View Post
Questions:
And should I get rid of Googleupdatesetup (why is there such a file anyway?)?

PS Since my original question was about how to run HerdProtect should I mark it solved and start a new thread?
I'll let jacee answer the other stuff.

Googleupdatesetup or google services run in the background to automatically update your google software you have installed such as chrome, google toolbar, google earth etc. If you uninstall all google products from your pc the service will delete itself. If you do not want those programs look through your programs and features program list.

no, stay in this thread.

+1 on Sumatra. Great free pdf reader and no junk you have to uncheck on install.
My System SpecsSystem Spec
30 Jun 2014   #17
lpaigeg

CT: CONNECTICUT
 
 

Hi Jacee,
I've read a bunch from the link below but I don't understand a lot of it. I never downloaded this .pdf reader so I'm not sure where it came from. I use Adobe Acrobat.

I've searched for Acresso, Nuance, and did a general search (as per one of the posts found at the link below) for "software" and I come up with zilch. Can't figure out how to find it to remove it other than doing regedit which i've never done before.

Grateful for any advice at this point.

Laurie


Quote   Quote: Originally Posted by Jacee View Post
Take a look at this page about "Acresso Software Inc" (Nuance Software Manager)... What is Acresso software manager agent and how do I get rid of it? - Microsoft Community


It's up to you if you want to uninstall the PDF reader or not.


I've seen many say that Sumatra is a good, free PDF reader. Just make sure you uncheck any pre-checked boxes when downloading and installing! Download Sumatra PDF 2.5.2 - FileHippo.com
My System SpecsSystem Spec
01 Jul 2014   #18
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

The discussion over there eventually gets around to what the Acresso Software manager does. It seems to be used by some reputable companies (Brother, Dragon Speaking...) to provide automatic updates. I don't know if this is true or not, but the following solution is easy and seems reasonable.

I'll take it one step further and tell you that it's fairly common practice to not have anything checked on the Startup Tab in msconfig, except your Anti-Virus program. If you have a Synaptics touchpad and have set any features, then you'll want to leave the Synaptics entry checked too. If you don't have anything special configured for the Synaptics device (scroll rate, click rate, button assignments, that sort of thing) then it should work fine without the extra startup.

So you might end up with two entries checked on the Startup tab
1) your AV, and
2) Synaptics touchpad.

Press Ok and reboot.


Quote   Quote: Originally Posted by LHWood (A) Microsoft Coummunity
LHWood replied on February 14, 2014

Reply In reply to Realtor_Jason's post on January 2, 2014

Easiest way to deactivate this junk is to:

*Click the Start icon...bottom left on your desktop display
*In the Search box type: msconfig
*When it opens click the Startup tab
*Go down the list to Software Manager...it'll show Acresso as the software supplier
*Uncheck the box next to Software Manager
*Click Apply and then OK
*You'll be asked if you want to restart Windows....click Yes

Software Manager will now be dormant when you start your computer. You can always reactivate the program by doing the above and scrolling down and recheck the box next to Software Manager and Apply and OK and then restart .

All done.

Good luck.
My System SpecsSystem Spec
01 Jul 2014   #19
lpaigeg

CT: CONNECTICUT
 
 

Ok, I went to msconfig and deactivated everything. But there was no Software Manager listed.
My System SpecsSystem Spec
01 Jul 2014   #20
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Ok, thanks.

After each change, try the installed version of herdProtect (not the portable version) to see if the change had any affect on the original issue. Go ahead and try it now, after the Startup tab changes.

If herdProtect launches, the issue might be resolved and there's no need to proceed with other troubleshooting.

We could go around for a while, posting images and listings, but it's probably better just to say:
"Look around your computer and if there are any entries with Acresso or Nuance in the name, post that information"

I'm working off of Jacee's information and the MS link she posted, as I'm not familiar with either Acresso or Nuance.
There are a few other names in that link that you might want to investigate (Flex, Brother, and Dragon, are referenced). The difficulty is that there are many ways the software might have arrived on your machine and there are many names it goes by (based on the Vendor).

You've already eliminated the Startup tab in msconfig as a possible point of entry - that's good.

The other area in msconfig that might contribute to this would be Services. Take a look at this tutorial and follow the instructions in Step 1. Yyou've already partially completed step 2 by modifying the Startup tab, the rest of step two is troubleshooting by elimination (trial and error).
Troubleshoot Application Conflicts by Performing a Clean Startup

You might post a screenshot of the Services tab after hiding all MS services.

Take another look at Programs & Features - look for anything that's not familiar to you and post what it is (a screen shot might help, but sometimes, it's unwieldy due to the size - your call). The end might be to uninstall it, but I don't want to suggest that yet.
My System SpecsSystem Spec
Reply

 HerdProtect getting stopped by AVG




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
VirusTotal + HerdProtect - Check Files with Simultaneously
Check Files with VirusTotal + HerdProtect Simultaneously The main purpose with this solution is to check downloaded software before running or installing it! Feb 18, 2015: New version of the script code and .bat file. Fixed a bug that caused the script to fail and stop further executing if...
Tutorials
GPU-Z Stopped Working?
Hi, I have an hp pavillion dv6 7050ca and I just downloaded the new NVIDIA driver version 344.11..I opened GPU-Z and instantly is says it has stopped working and windows is finding a solution..So I thought it was this driver problem and I reinstalled the previous one. After I reinstalled, same...
Graphic Cards
RDP has stopped working
Hi everyone, One of our work machines has decided it doesn't want to use RDP. I was just going to do system restore but there are no restore points (guess I'll have to check that too). Anyway I have tried updating RDP from the microsoft site but I get the message that the KB has already been...
Network & Sharing
herdProtect: Malware Detection
herdProtect by Reason Malware Detection: herdProtect, a multi-engine cloud based scanner ! Warning ! Effective malware remediation often requires specialized knowledge and tools. You can use this tutorial on your own, but it is best to have the guidance of a SevenForums (SF) member...
Tutorials
Windows installer has stopped working or setup.exe has stopped working
HI, I'VE INSTTALED WINDOWS 7 PROF.ON MY PC. I M TRYING TO INSTALL WINDOWS7ULTIMATE BY CLICKING ON SETUP.EXE AN ERROR MASSAGE APPEARED SAYING: THEN I TRIED TO INSTALL WINDOWS 8 ON MY PC.. BUT THE ERROR MASSAGE APPEARED SAYING SAME THING AND ALL OTHER SETUP IN THAT DRIVE ARE SAYING SAME...
General Discussion
GTA IV stopped working
So here goes my story.. GTA IV just stopped working, even if it has worked for a year without any problems. I've reinstalled the game few times, downloaded a new patch from Rockstar Games, but still it doesn't work. Just sends me an error if I start the game when it passes from the Rockstar...
Gaming


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:32.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App