HerdProtect getting stopped by AVG

Page 2 of 3 FirstFirst 123 LastLast

  1. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #11

    Okay, got rid of the adware!


    Now, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forum and save it to your desktop.


    Save any unsaved work. TFC will close ALL open programs including your browser!
    Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
    Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
    Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.





    Rescan with DDS and post the .txt log.
      My Computer


  2. Posts : 15
    CT: CONNECTICUT
    Thread Starter
       #12

    I ran TFC -- it did not request a reboot. Here is the scan report:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: BrowserJavaVersion: 10.55.2
    Run by rkl at 21:01:39 on 2014-06-28
    Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.384 [GMT -4:00]
    .
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ================
    .
    c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
    C:\Program Files\AVG\AVG2014\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2014\avgidsagent.exe
    C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files\Acer\Registration\GREGsvc.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG2014\avgui.exe
    C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
    C:\Program Files\AVG\AVG2014\avgnsx.exe
    C:\Program Files\AVG\AVG2014\avgemcx.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
    TCP: NameServer = 64.72.64.10 8.8.8.8
    TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C} : DHCPNameServer = 64.72.64.10 8.8.8.8
    TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\34347457563747 : DHCPNameServer = 136.244.1.1 136.244.1.2 8.8.8.8
    TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\35D616C6C644565627 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\64964646C6568656164637D27457563747 : DHCPNameServer = 192.168.2.253
    TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\C41607964657D6028496C6C602641627D6 : DHCPNameServer = 10.1.10.1 75.75.76.76
    TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\D496E6E61672370286964656F65747 : DHCPNameServer = 10.0.1.1
    TCP: Interfaces\{A81087B2-589B-456F-8D51-F5A5BADAE6F1} : DHCPNameServer = 192.168.0.1 192.168.0.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-5-13 149784]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-5-13 237848]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-5-13 107288]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-5-13 27416]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
    R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-5-13 122136]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-5-13 198936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-5-13 21272]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-5-13 192280]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-5-13 210200]
    R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
    R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
    R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-5-13 3644432]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-5-13 292424]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
    R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-11-26 321104]
    R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-12-21 735776]
    R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 104768]
    R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-11-26 260640]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
    R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-11-26 243232]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-26 68208]
    R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwsn00.sys [2013-7-25 10382576]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-11-26 82768]
    S3 MWLService;MyWinLocker Service;c:\program files\egistec mywinlocker\x86\MWLService.exe [2010-5-26 305520]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-11-26 6766080]
    .
    =============== Created Last 30 ================
    .
    2014-06-28 21:15:17 536576 ----a-w- c:\windows\system32\sqlite3.dll
    2014-06-28 21:12:10 -------- d-----w- C:\AdwCleaner
    2014-06-28 00:57:26 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cbe428b8-5687-4a43-b8f8-4521ea8a8015}\mpengine.dll
    2014-06-26 15:14:43 -------- d-----w- c:\program files\Reason
    2014-06-26 14:49:18 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2014-06-24 03:16:00 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{96d6491b-f4eb-4643-a1dd-d5de05b86820}\gapaengine.dll
    2014-06-19 16:38:49 -------- d-----w- c:\users\rkl\appdata\local\Adobe
    2014-06-05 22:48:52 -------- d-----w- c:\program files\CCleaner
    2014-06-05 22:40:10 -------- d-----w- c:\users\rkl\appdata\roaming\rightbackup
    2014-06-02 12:10:52 -------- d-----w- c:\windows\pss
    2014-05-31 15:37:22 -------- d-----w- c:\users\rkl\appdata\roaming\Paltalk
    2014-05-31 15:37:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-05-31 15:37:16 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-05-31 15:36:31 -------- d-----w- c:\program files\Paltalk Messenger
    .
    ==================== Find3M ====================
    .
    2014-05-13 18:19:14 192280 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2014-05-13 18:17:24 237848 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2014-05-13 18:17:22 210200 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2014-05-13 18:17:22 122136 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
    2014-05-13 18:17:20 149784 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2014-05-13 18:09:12 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2014-05-13 18:04:36 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2014-05-13 18:04:34 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2014-04-15 00:13:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    ============= FINISH: 21:03:56.64 ===============
      My Computer


  3. Posts : 15
    CT: CONNECTICUT
    Thread Starter
       #13

    Jacee & Andrew:
    I did download the portable version. Scan results are below.

    HERD PROTECT SCAN RESULTS
    Saved date: 6/28/2014 11:14:24 PM
    Files detected: 23
    Files scanned: 3,219
    Processes scanned: 53
    Modules scanned: 498
    ASEPs scanned: 396
    Downloads scanned: 5
    Deep analysis: 7/0
    ---------------------------------------------------------------------------------

    Files

    ---------------------------------------------------------------------------------

    File path: c:\program files\acer games\acer game console\gameconsoleservice.exe
    Publisher: WildTangent, Inc.
    Signer: WildTangent Inc
    MD5: ce16683cfd11fe70bde435dda5ea1fca
    SHA-1: ff1041c97622b81d6fd03e3a7f17c8884cc2e8c2
    Created: 4/3/2010 7:01:24 PM
    Detections: 3
    Determination: Inconclusive
    - Dr.Web as MULDROP.Trojan (Undefined malware)
    - Boost by Reason as Optional.Service.WildTangent.S
    - Antiy Labs AVL as Trojan/Win32.Mufanom.gen (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\windows\system32\drivers\ipmidrv.sys
    Publisher: Microsoft Corporation
    MD5: e4454b6c37d7ffd5649611f6496308a7
    SHA-1: a917299009753096f1858a97090ef99e84dffe14
    Created: 7/13/2009 7:30:59 PM
    Detections: 1
    Determination: Inconclusive
    - Emsisoft Anti-Malware as Gen:Variant.Kazy.250361 (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\program files\paltalk messenger\paltalk.exe
    Publisher: AVM Software Inc.
    Signer: Paltalk.com
    MD5: d2175b19bd5cb416ac69a907814eccd0
    SHA-1: 7ca341833f8acabb3c74f74fca335ef4fee8559f
    Created: 5/31/2014 11:36:38 AM
    Detections: 1
    Determination: Inconclusive
    - Bkav FE as HW32.Stranact (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\users\rkl\desktop\tfc.exe
    Publisher: OldTimer Tools
    MD5: 788fcddd88240a85039f7f561093b118
    SHA-1: 6b5b2ef60b3ec25a4083b1629a4fd51574428ea1
    Created: 6/28/2014 8:58:09 PM
    Detections: 3
    Determination: Inconclusive
    - Bkav FE as HW32.CDB (Undefined malware)
    - Kingsoft AntiVirus as Win32.HeurC.KVM099.a.(kcloud) (Undefined malware)
    - Baidu Antivirus as Trojan.Win32.Undef (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\users\rkl\downloads\herdprotectscan_setup.exe
    Publisher: Reason Company Software Inc.
    Signer: Reason Software Company Inc.
    MD5: 5e6c9fa4bc18a6e529eafdc7f0006162
    SHA-1: f53efd19ba93ff8cbed657e13e61ae84da401e4e
    Created: 6/26/2014 11:12:36 AM
    Detections: 3
    Determination: Inconclusive
    - Trend Micro House Call as Suspicious_GEN.F47V0611 (Undefined malware)
    - Kaspersky as HEUR:Trojan.Win32.Generic (Undefined malware)
    - Rising Antivirus as PE:Malware.ArcadeWeb!6.727 (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\users\rkl\downloads\cbsidlm-cbsi183-free_jpg_to_pdf-seo-75732662.exe
    Publisher: CNET Download.com
    Signer: CBS Interactive
    MD5: 609b83259466f78ec2014119b22100f8
    SHA-1: 23b050563a81a1c57daba7805b1e3e6b4c874f2b
    Created: 4/7/2014 12:05:35 PM
    Detections: 7
    Determination: Adware
    - McAfee as Artemis!609B83259466 (Undefined malware)
    - Trend Micro House Call as TROJ_GEN.F47V0220 (Undefined malware)
    - VIPRE Antivirus as Opencandy (Adware)
    - McAfee Web Gateway as Artemis!609B83259466 (Undefined malware)
    - AhnLab V3 Security as PUP/Win32.Downloader (Adware)
    - ESET NOD32 as Win32/CNETInstaller (variant) (Undefined malware)
    - Reason Heuristics as Bundler.PPI.CBSInteractive.e (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\users\rkl\downloads\rcp_dcomnew_util_300.exe
    Publisher: Systweak Inc
    Signer: Systweak Software
    MD5: 20ccd9717c7bb4183af8b6f2d14c63fa
    SHA-1: 2976151506b7afc6c0d7a96e48ebe1a427e6b36d
    Created: 6/5/2014 6:30:03 PM
    Detections: 5
    Determination: Adware
    - Reason Heuristics as PUP.Optional.SystweakSoftware.U (Adware)
    - ESET NOD32 as Win32/Systweak (Undefined malware)
    - Trend Micro House Call as TROJ_GEN.F47V0516 (Undefined malware)
    - Dr.Web as riskware program Program.Unwanted.31 (Undefined malware)
    - G Data as Win32.Application.RegCleanPro (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\windows\plfseti.exe
    Publisher:
    Signer: SONIX TECHNOLOGY CO. , LTD
    MD5: eadceb89dd46da2a5560ca2af016a6a6
    SHA-1: 2cfef42c6e1ad0421e3352f0c1d3002e164a3f65
    Created: 12/21/2010 10:26:52 AM
    Detections: 1
    Determination: Inconclusive
    - Boost by Reason as Optional.Startup.SONIXTECHNOLOGYCO.H

    ---------------------------------------------------------------------------------

    File path: c:\windows\system32\mrt.exe
    Publisher: Microsoft Corporation
    Signer: Microsoft Corporation
    MD5: c6c8001c1d99079022d8c8c66bae3bac
    SHA-1: 541f60d44fb49dfcbe97eeb9ba0ddb4fb7909f7d
    Created: 4/4/2011 9:24:03 PM
    Detections: 1
    Determination: Inconclusive
    - Boost by Reason as PUP.MicrosoftCorporation.D

    ---------------------------------------------------------------------------------

    File path: c:\users\rkl\appdata\local\apps\2.0\4vm7denq.0rl\8pd26c6m.wq8\goog...app_4fe91ede9f9bdca3_0001.0003_ 220683e2e6fc7802\googleupdatesetup.exe
    Publisher: Google Inc.
    Signer: Google Inc
    MD5: a6f8d4fbc12177a75ab4c06d059229b6
    SHA-1: 3403381c7fef04c040a96f0d19c6311b4826ad75
    Created: 10/22/2013 12:41:17 PM
    Detections: 1
    Determination: Inconclusive
    - Antiy Labs AVL as Trojan/Win32.Generic (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\users\rkl\appdata\local\apps\2.0\4vm7denq.0rl\8pd26c6m.wq8\clic...exe_4fe91ede9f9bdca3_0001.0003_ none_81523f7b64d98436\googleupdatesetup.exe
    Publisher: Google Inc.
    Signer: Google Inc
    MD5: a6f8d4fbc12177a75ab4c06d059229b6
    SHA-1: 3403381c7fef04c040a96f0d19c6311b4826ad75
    Created: 10/22/2013 12:41:17 PM
    Detections: 1
    Determination: Inconclusive
    - Antiy Labs AVL as Trojan/Win32.Generic (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\program files\quicktime\qtsystem\quicktimeupdatehelper.exe
    Publisher: Apple Inc.
    MD5: 6ba0a1e9e362d1df46bf747ba0f942fa
    SHA-1: e39ffa0bdd613caa6e84df3cb4dd5dae6f2a2b3d
    Created: 1/17/2014 3:24:00 PM
    Detections: 1
    Determination: Inconclusive
    - Boost by Reason as Optional.Apple.V

    ---------------------------------------------------------------------------------

    File path: c:\program files\installshield installation information\{738bf5c3-af7b-4bb0-b7ef-e505efc756be}\shredder.exe
    Publisher: Egis Technology Inc.
    Signer: EGIS TECHNOLOGY INC.
    MD5: 7e0e1f2dcfff6aa7bd28633637b441c7
    SHA-1: 712b7310db3d0c0e0d012638e1d9552fca0c9967
    Created: 11/26/2010 8:28:58 AM
    Detections: 1
    Determination: Inconclusive
    - Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

    ---------------------------------------------------------------------------------

    File path: c:\program files\egistec mywinlocker\shredder.exe
    Publisher: Egis Technology Inc.
    Signer: EGIS TECHNOLOGY INC.
    MD5: f31bfaf4e7f073a32de7f0b7bce194d3
    SHA-1: 1f1094b58dbc8c644508d7e5d8334de7b984e0c0
    Created: 1/21/2010 12:23:10 AM
    Detections: 1
    Determination: Inconclusive
    - Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

    ---------------------------------------------------------------------------------

    File path: c:\program files\acer games\uninstall.exe
    Publisher: WildTangent
    MD5: 237044acc92aad07375cad594418966b
    SHA-1: e7d29577638c80909291c80048584ef9c6a6568c
    Created: 11/26/2010 8:12:27 AM
    Detections: 1
    Determination: Inconclusive
    - Bkav FE as HW32.CDB (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\program files\acer games\virtual villagers 4 - the tree of life\virtual villagers - the tree of life-wt.exe
    Publisher: WildTangent, Inc.
    Signer: WildTangent Inc
    MD5: fafd9e01a8f6f7e310fd8e23888b69f0
    SHA-1: 47f54a6e8fde8d33ea61efd7572e795745570d3c
    Created: 4/16/2010 1:50:38 PM
    Detections: 1
    Determination: Inconclusive
    - Norman as Obfuscated.T (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\program files\acer games\final drive nitro\racing-wt.exe
    Publisher: WildTangent, Inc.
    Signer: WildTangent Inc
    MD5: bfde24d3643b824b61cd6d7c0d68d493
    SHA-1: dc1b55bf7cb1854f4e5d6406c889661f8538bc98
    Created: 4/16/2010 3:36:20 AM
    Detections: 3
    Determination: Inconclusive
    - Norman as Obfuscated.T (Undefined malware)
    - Trend Micro House Call as TROJ_GEN.F47V0917 (Undefined malware)
    - AVG as Win32/Heur.dropper (Ignore)

    ---------------------------------------------------------------------------------

    File path: c:\program files\paltalk messenger\libx264-129.dll
    Publisher: x264 project
    MD5: bd73b37b4544aa6223ec2b97932ef5c2
    SHA-1: 940629b6d4f479ab836508216d3692e1e2e7db46
    Created: 5/31/2014 11:36:38 AM
    Detections: 1
    Determination: Inconclusive
    - Bkav FE as HW32.TsCabk (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\program files\paltalk messenger\palsound.dll
    Publisher: Paltalk.com
    Signer: Paltalk.com
    MD5: 1c05bde09cbdcccb3924b11f84c07e93
    SHA-1: 6317c52387b438135f180c72aa9e9a50053c732c
    Created: 5/31/2014 11:36:43 AM
    Detections: 1
    Determination: Inconclusive
    - Bkav FE as HW32.Stranact (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\program files\paltalk messenger\webvideo.dll
    Publisher: Paltalk.com
    Signer: Paltalk.com
    MD5: 684d004ee1b4c7dd3ae17f1abad70670
    SHA-1: 2593210fe5e4d06548b3f0df5bd1414d134d8c9c
    Created: 5/31/2014 11:36:44 AM
    Detections: 1
    Determination: Inconclusive
    - Bkav FE as HW32.Stranact (Undefined malware)

    ---------------------------------------------------------------------------------

    File path: c:\program files\installshield installation information\{d0ace89d-ec7f-470f-80be-4c98ed366b32}\issetup.dll
    Publisher: Acresso Software Inc.
    Signer: Chicony Electronics Co., Ltd.
    MD5: 73ab880f2c6f00b71ec9f68d9cae4fd1
    SHA-1: b06efa2c1d0124681282b8451ca64d9a7c4ff125
    Created: 12/21/2010 10:26:52 AM
    Detections: 1
    Determination: Inconclusive
    - eSafe as Suspicious File (Ignore)

    ---------------------------------------------------------------------------------

    File path: c:\program files\installshield installation information\{738bf5c3-af7b-4bb0-b7ef-e505efc756be}\issetup.dll
    Publisher: Acresso Software Inc.
    MD5: f6605e1289f6109e84ad2df9168630f3
    SHA-1: 3f19ca8790d528c103f3ef9b6fc5158d22d3f922
    Created: 11/26/2010 8:27:07 AM
    Detections: 1
    Determination: Inconclusive
    - Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

    ---------------------------------------------------------------------------------

    File path: c:\program files\installshield installation information\{0d7cd0d9-4a88-4a63-8f91-3f4e8f371768}\issetup.dll
    Publisher: Acresso Software Inc.
    MD5: ae53a8740ea7aabc4c9039195d0b59da
    SHA-1: 10d9408e0c01c060d76de1c4440c78462d579a41
    Created: 11/26/2010 8:28:12 AM
    Detections: 1
    Determination: Inconclusive
    - Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)
      My Computer


  4. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #14

    Take a look at this page about "Acresso Software Inc" (Nuance Software Manager)... What is Acresso software manager agent and how do I get rid of it? - Microsoft Community


    It's up to you if you want to uninstall the PDF reader or not.


    I've seen many say that Sumatra is a good, free PDF reader. Just make sure you uncheck any pre-checked boxes when downloading and installing! Download Sumatra PDF 2.5.2 - FileHippo.com
      My Computer


  5. Posts : 15
    CT: CONNECTICUT
    Thread Starter
       #15

    Hi Jacee,
    I can't find the Acresso File or any PDF reader. I looked in Program files, I did a windows search -- even searching issetup.dll and it doesn't find such a file except for within the scan document.

    Questions:
    --How do I get rid of Acresso files?
    -- what about the other files detected by the scan? What about Systweak? And should I get rid of Googleupdatesetup (why is there such a file anyway?)?
    --NOTE: the PalTalk Messenger is a wanted program.

    Thanks Again!!
    Laurie

    PS Since my original question was about how to run HerdProtect should I mark it solved and start a new thread?
      My Computer


  6. Posts : 4,566
    Windows 10 Pro
       #16

    lpaigeg said:
    Questions:
    And should I get rid of Googleupdatesetup (why is there such a file anyway?)?

    PS Since my original question was about how to run HerdProtect should I mark it solved and start a new thread?
    I'll let jacee answer the other stuff.

    Googleupdatesetup or google services run in the background to automatically update your google software you have installed such as chrome, google toolbar, google earth etc. If you uninstall all google products from your pc the service will delete itself. If you do not want those programs look through your programs and features program list.

    no, stay in this thread.

    +1 on Sumatra. Great free pdf reader and no junk you have to uncheck on install.
      My Computer


  7. Posts : 15
    CT: CONNECTICUT
    Thread Starter
       #17

    Hi Jacee,
    I've read a bunch from the link below but I don't understand a lot of it. I never downloaded this .pdf reader so I'm not sure where it came from. I use Adobe Acrobat.

    I've searched for Acresso, Nuance, and did a general search (as per one of the posts found at the link below) for "software" and I come up with zilch. Can't figure out how to find it to remove it other than doing regedit which i've never done before.

    Grateful for any advice at this point.

    Laurie


    Jacee said:
    Take a look at this page about "Acresso Software Inc" (Nuance Software Manager)... What is Acresso software manager agent and how do I get rid of it? - Microsoft Community


    It's up to you if you want to uninstall the PDF reader or not.


    I've seen many say that Sumatra is a good, free PDF reader. Just make sure you uncheck any pre-checked boxes when downloading and installing! Download Sumatra PDF 2.5.2 - FileHippo.com
      My Computer


  8. Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       #18

    The discussion over there eventually gets around to what the Acresso Software manager does. It seems to be used by some reputable companies (Brother, Dragon Speaking...) to provide automatic updates. I don't know if this is true or not, but the following solution is easy and seems reasonable.

    I'll take it one step further and tell you that it's fairly common practice to not have anything checked on the Startup Tab in msconfig, except your Anti-Virus program. If you have a Synaptics touchpad and have set any features, then you'll want to leave the Synaptics entry checked too. If you don't have anything special configured for the Synaptics device (scroll rate, click rate, button assignments, that sort of thing) then it should work fine without the extra startup.

    So you might end up with two entries checked on the Startup tab
    1) your AV, and
    2) Synaptics touchpad.

    Press Ok and reboot.


    LHWood (A) Microsoft Coummunity said:
    LHWood replied on February 14, 2014

    Reply In reply to Realtor_Jason's post on January 2, 2014

    Easiest way to deactivate this junk is to:

    *Click the Start icon...bottom left on your desktop display
    *In the Search box type: msconfig
    *When it opens click the Startup tab
    *Go down the list to Software Manager...it'll show Acresso as the software supplier
    *Uncheck the box next to Software Manager
    *Click Apply and then OK
    *You'll be asked if you want to restart Windows....click Yes

    Software Manager will now be dormant when you start your computer. You can always reactivate the program by doing the above and scrolling down and recheck the box next to Software Manager and Apply and OK and then restart .

    All done.

    Good luck.
      My Computer


  9. Posts : 15
    CT: CONNECTICUT
    Thread Starter
       #19

    Ok, I went to msconfig and deactivated everything. But there was no Software Manager listed.
      My Computer


  10. Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       #20

    Ok, thanks.

    After each change, try the installed version of herdProtect (not the portable version) to see if the change had any affect on the original issue. Go ahead and try it now, after the Startup tab changes.

    If herdProtect launches, the issue might be resolved and there's no need to proceed with other troubleshooting.

    We could go around for a while, posting images and listings, but it's probably better just to say:
    "Look around your computer and if there are any entries with Acresso or Nuance in the name, post that information"

    I'm working off of Jacee's information and the MS link she posted, as I'm not familiar with either Acresso or Nuance.
    There are a few other names in that link that you might want to investigate (Flex, Brother, and Dragon, are referenced). The difficulty is that there are many ways the software might have arrived on your machine and there are many names it goes by (based on the Vendor).

    You've already eliminated the Startup tab in msconfig as a possible point of entry - that's good.

    The other area in msconfig that might contribute to this would be Services. Take a look at this tutorial and follow the instructions in Step 1. Yyou've already partially completed step 2 by modifying the Startup tab, the rest of step two is troubleshooting by elimination (trial and error).
    Troubleshoot Application Conflicts by Performing a Clean Startup

    You might post a screenshot of the Services tab after hiding all MS services.

    Take another look at Programs & Features - look for anything that's not familiar to you and post what it is (a screen shot might help, but sometimes, it's unwieldy due to the size - your call). The end might be to uninstall it, but I don't want to suggest that yet.
      My Computer


 
Page 2 of 3 FirstFirst 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:32.
Find Us