HerdProtect getting stopped by AVG

[lpaigeg]

Thanks Slarty Bart. I will try those things you've suggested and get back to you later today (or tonight).



Laurie

 

[Slartybart]

Thanks Laurie,

Whenever you get the time.

 

[lpaigeg]

Slarty below i have posted my most recent HerdProtect Scan.

First of all, this is very embarrassing, although i could not "find" Systweak -- it was easily removable from the HerdProtect console once i ran it a second time. I'm a little confused about how the "inconclusive" items though. How Herd Protect says scan again in an hour. does the program notify you of this?

I am still not able to find the Acresso software on my machine

I did all the things you suggested but none of them solved the other problems I'm having which had prompted me to use Herd Protect in the first place and not sure how disabling services would affect the Herd Protect scan.

I've attached two screen shots of my running services w/ms services hidden. i looked up everything i didn't recognize and it all seems pretty kosher. Disabling everything seems to make my computer run slower.


Thank you so much, everyone, for your help.
Laurie




Saved date: 7/1/2014 11:59:58 PM
Files detected: 17
Files scanned: 3,145
Processes scanned: 47
Modules scanned: 478
ASEPs scanned: 394
Downloads scanned: 5
Deep analysis: 1/0
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path: c:\windows\system32\drivers\ipmidrv.sys
Publisher: Microsoft Corporation
MD5: e4454b6c37d7ffd5649611f6496308a7
SHA-1: a917299009753096f1858a97090ef99e84dffe14
Created: 7/13/2009 7:30:59 PM
Detections: 1
Determination: Inconclusive
- Emsisoft Anti-Malware as Gen:Variant.Kazy.250361 (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\paltalk messenger\paltalk.exe
Publisher: AVM Software Inc.
Signer: Paltalk.com
MD5: d2175b19bd5cb416ac69a907814eccd0
SHA-1: 7ca341833f8acabb3c74f74fca335ef4fee8559f
Created: 5/31/2014 11:36:38 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.Stranact (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\users\rkl\desktop\tfc.exe
Publisher: OldTimer Tools
MD5: 788fcddd88240a85039f7f561093b118
SHA-1: 6b5b2ef60b3ec25a4083b1629a4fd51574428ea1
Created: 6/28/2014 8:58:09 PM
Detections: 3
Determination: Inconclusive
- Bkav FE as HW32.CDB (Undefined malware)
- Kingsoft AntiVirus as Win32.HeurC.KVM099.a.(kcloud) (Undefined malware)
- Baidu Antivirus as Trojan.Win32.Undef (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\users\rkl\downloads\herdprotectscan_setup.exe
Publisher: Reason Company Software Inc.
Signer: Reason Software Company Inc.
MD5: 5e6c9fa4bc18a6e529eafdc7f0006162
SHA-1: f53efd19ba93ff8cbed657e13e61ae84da401e4e
Created: 6/26/2014 11:12:36 AM
Detections: 3
Determination: Inconclusive
- Trend Micro House Call as Suspicious_GEN.F47V0611 (Undefined malware)
- Kaspersky as HEUR:Trojan.Win32.Generic (Undefined malware)
- Rising Antivirus as PE:Malware.ArcadeWeb!6.727 (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\windows\plfseti.exe
Publisher:
Signer: SONIX TECHNOLOGY CO. , LTD
MD5: eadceb89dd46da2a5560ca2af016a6a6
SHA-1: 2cfef42c6e1ad0421e3352f0c1d3002e164a3f65
Created: 12/21/2010 10:26:52 AM
Detections: 1
Determination: Inconclusive
- Boost by Reason as Optional.Startup.SONIXTECHNOLOGYCO.H

---------------------------------------------------------------------------------

File path: c:\windows\system32\mrt.exe
Publisher: Microsoft Corporation
Signer: Microsoft Corporation
MD5: c6c8001c1d99079022d8c8c66bae3bac
SHA-1: 541f60d44fb49dfcbe97eeb9ba0ddb4fb7909f7d
Created: 4/4/2011 9:24:03 PM
Detections: 1
Determination: Inconclusive
- Boost by Reason as PUP.MicrosoftCorporation.D

---------------------------------------------------------------------------------

File path: c:\users\rkl\appdata\local\apps\2.0\4vm7denq.0rl\8pd26c6m.wq8\goog...app_4fe91ede9f9bdca3_0001.0003_220683e2e6fc7802\googleupdatesetup.exe
Publisher: Google Inc.
Signer: Google Inc
MD5: a6f8d4fbc12177a75ab4c06d059229b6
SHA-1: 3403381c7fef04c040a96f0d19c6311b4826ad75
Created: 10/22/2013 12:41:17 PM
Detections: 1
Determination: Inconclusive
- Antiy Labs AVL as Trojan/Win32.Generic (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\users\rkl\appdata\local\apps\2.0\4vm7denq.0rl\8pd26c6m.wq8\clic...exe_4fe91ede9f9bdca3_0001.0003_none_81523f7b64d98436\googleupdatesetup.exe
Publisher: Google Inc.
Signer: Google Inc
MD5: a6f8d4fbc12177a75ab4c06d059229b6
SHA-1: 3403381c7fef04c040a96f0d19c6311b4826ad75
Created: 10/22/2013 12:41:17 PM
Detections: 1
Determination: Inconclusive
- Antiy Labs AVL as Trojan/Win32.Generic (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\quicktime\qtsystem\quicktimeupdatehelper.exe
Publisher: Apple Inc.
MD5: 6ba0a1e9e362d1df46bf747ba0f942fa
SHA-1: e39ffa0bdd613caa6e84df3cb4dd5dae6f2a2b3d
Created: 1/17/2014 3:24:00 PM
Detections: 1
Determination: Inconclusive
- Boost by Reason as Optional.Apple.V

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{738bf5c3-af7b-4bb0-b7ef-e505efc756be}\shredder.exe
Publisher: Egis Technology Inc.
Signer: EGIS TECHNOLOGY INC.
MD5: 7e0e1f2dcfff6aa7bd28633637b441c7
SHA-1: 712b7310db3d0c0e0d012638e1d9552fca0c9967
Created: 11/26/2010 8:28:58 AM
Detections: 1
Determination: Inconclusive
- Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\egistec mywinlocker\shredder.exe
Publisher: Egis Technology Inc.
Signer: EGIS TECHNOLOGY INC.
MD5: f31bfaf4e7f073a32de7f0b7bce194d3
SHA-1: 1f1094b58dbc8c644508d7e5d8334de7b984e0c0
Created: 1/21/2010 12:23:10 AM
Detections: 1
Determination: Inconclusive
- Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\paltalk messenger\libx264-129.dll
Publisher: x264 project
MD5: bd73b37b4544aa6223ec2b97932ef5c2
SHA-1: 940629b6d4f479ab836508216d3692e1e2e7db46
Created: 5/31/2014 11:36:38 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.TsCabk (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\paltalk messenger\palsound.dll
Publisher: Paltalk.com
Signer: Paltalk.com
MD5: 1c05bde09cbdcccb3924b11f84c07e93
SHA-1: 6317c52387b438135f180c72aa9e9a50053c732c
Created: 5/31/2014 11:36:43 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.Stranact (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\paltalk messenger\webvideo.dll
Publisher: Paltalk.com
Signer: Paltalk.com
MD5: 684d004ee1b4c7dd3ae17f1abad70670
SHA-1: 2593210fe5e4d06548b3f0df5bd1414d134d8c9c
Created: 5/31/2014 11:36:44 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.Stranact (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{d0ace89d-ec7f-470f-80be-4c98ed366b32}\issetup.dll
Publisher: Acresso Software Inc.
Signer: Chicony Electronics Co., Ltd.
MD5: 73ab880f2c6f00b71ec9f68d9cae4fd1
SHA-1: b06efa2c1d0124681282b8451ca64d9a7c4ff125
Created: 12/21/2010 10:26:52 AM
Detections: 1
Determination: Inconclusive
- eSafe as Suspicious File (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{738bf5c3-af7b-4bb0-b7ef-e505efc756be}\issetup.dll
Publisher: Acresso Software Inc.
MD5: f6605e1289f6109e84ad2df9168630f3
SHA-1: 3f19ca8790d528c103f3ef9b6fc5158d22d3f922
Created: 11/26/2010 8:27:07 AM
Detections: 1
Determination: Inconclusive
- Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{0d7cd0d9-4a88-4a63-8f91-3f4e8f371768}\issetup.dll
Publisher: Acresso Software Inc.
MD5: ae53a8740ea7aabc4c9039195d0b59da
SHA-1: 10d9408e0c01c060d76de1c4440c78462d579a41
Created: 11/26/2010 8:28:12 AM
Detections: 1
Determination: Inconclusive
- Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

 

[Slartybart]

herdProtect is a very good first look, although the log can be confusing. The final screen on herdProtect is really where you need to look (I suspect that's where you found systweak). Inconclusive is usually because only a few of the 68 malware scanners identified the object/file as malware, and most of the time it is a heuristic scan, not a known entry in the definitions file.

re: Systweak - post# 11 Adwcleaner repots that it was removed. I'll look again at the herdProtect log.

I'm not sure why herdProtect asks you to run again in an hour, but I believe it gives them time to do a more though cross reference.

Regarding Nuance and the PDF reader. Take another look at Programs and Features or post some screen shots (could be along list). Anything PDF, Nuance or Acresso ... or any unknown program (toolbars, search helpers, tweakers, tuneups...) - anything you don't recogonize or are fairly certain that you did not install

Uninstall them

Regarding the services... disable all non-MS services. See how the machine runs. AVG might complain, but let it.

Looking at the DDS report it seems as though you have Microsoft Security Essentials (MSE) and AVG. Try disabling AVG - if it's the free version, uninstall it.

MSE will protect your system in the mean time. Two real time AV programs often clash with each other, each thinking the other is a virus. This wastes resources and can cause crashes.

I took a cursory look at the installed programs in the dds output and these are things I see that qualify for uninstall.

Your is the final say - I don't recognize some, others are just chewing up resources. Apple stuff usually gets bundled tieh iTunes, but very little of it is used (you might use it all, I don't know). I did not include Apple in my list (except for Bonjour and Quicktime). Google is another provider that bundles too much stuff.

If you use the programs below, leave them.

Acer Registration (I suspect that you've already registered)
Acrobat.com
Adobe AIR
Adobe Shockwave Player 12.1
Bonjour
Google Drive
Google Update Helper
Java Auto Updater
??? Launch Manager (Acer or Windows)
??? MyWinLocker
??? MyWinLocker Suite
QuickTime 7
??? Shredder
??? eSobi v2
???swMSM
​

I'd like you to re-run AdwCleaner (post# 6) and OldTimer-TFC (post# 11)

Restart after each even if you are not prompted. It's important!

 

[lpaigeg]

Hi Slarty Bart,
Thanks for all the suggestions. I sort of followed all of them. I uninstalled a couple extra programs, including Adobe Air and FlashActiveX. I still cannot find any other programs to install (screen shots below). I do have ITUnes and I like it -- I don't know which ones are important for ITUnes. I've disable all nonMS services.

With all of this done the machine runs ok....CPU usage has dropped greatly. There are 56 processes running, memory usage is sometimes high, from 50-80%

 

[Slartybart]

Good to hear the machine is running better.

Ok, I guess the screen shots are from after you chose what to uninstall. There's still a few unnecessary programs installed, but it's your machine, you get to decide what to keep. The only time I would insist on a change is if the program is known to cause issues or is related to malware.

This is one that I'll insist on - sill your choice though
The two run-time Anti-Virus programs (MSE and AVG) - pick one, uninstall the other. My recommendation is to keep MSE only because it's lightweight and not known to cause issues. If you have a paid subscription to AVG, then uninstall MSE. You do not want two running.

Another one I sort of insist on removing is Bonjour - it really isn't a Windows program (ok it is, but...) - it's more for zero configuration of networks. Windows has a much better and native way to accomplish that.

I also strongly recommend uninstalling any updater - they waste resources.
You can always click somewhere in an application (usually help) when you're running it and check for updates.

Other programs need updating
Adobe Reader
Windows Live (this is a bit tricker, it's better to use the offline installer, it's really best to back up WL 2011 data, uninstall WL 2011, and install WL 2012 as a new install)

---

AdwCleaner shows more malware, so something is amiss. The log you posted is only a scan, it doesn't look as though you ran the clean option. If you did, please post AdwCleaner[S1].txt

If you did not run the clean option, please do and then post the highest numbered AdwCleaner[S#].txt (you don't need to change the name, the date/time information is in the file)

The ask Toolbar was identified by AdwCleaner - see How do I remove the Ask.com Toolbar? for information on how toe remove. Pay attention to the "Note to 'browser' users.... where it discusses home and search settings. You'll need to check any installed browser.

Bill
.

 

[lpaigeg]

Ok, yes I the screenshots are before I did the uninstalls. After the screenshots I uninstalled ActiveX, AVG, and Adobe AIR. I've just now also uninstalled Bonjour and some Visual Studio thing associated w/ AVG. I also read the ask toolbar information and changed the settings in Chrome.

I will get to the malware question later today. I'm not sure what running it "clean" means?

Thanks for your help!
Laurie

 

[Slartybart]

Ok, yes I the screenshots are before I did the uninstalls. After the screenshots I uninstalled ActiveX, AVG, and Adobe AIR. I've just now also uninstalled Bonjour and some Visual Studio thing associated w/ AVG. I also read the ask toolbar information and changed the settings in Chrome.

I will get to the malware question later today. I'm not sure what running it "clean" means?

Thanks for your help!
Laurie

Laurie ,

Running it clean - there are two options in AdwCleaner 1) Scan, and 2) Clean
Scan only tells you about what it finds, Clean does the removal.
You ran a clean option in post# 10 so I'm not letting you off that easy

re uninstalls: please run another dds (see post# 4) and post the files.

I'd also like to see if AVG is still blocking herdProtect (not the portable version though - you know that one is not blocked by AVG)- that's what this thread is about, right?
ooops - since you uninstalled AVG, it won't block herdProtect - sorry I should read posts more carefully.


Thanks, you're doing great.

Bill
.

 

[lpaigeg]

Running it clean - there are two options in AdwCleaner 1) Scan, and 2) Clean
Scan only tells you about what it finds, Clean does the removal.
You ran a clean option in #10 so I'm not letting you off that easy

Ok, ok I forgot last time I ran AdwCleaner to then click on the xClean button. I did that just now.
___________________________________________________________________________________


ADw Report
# AdwCleaner v3.214 - Report created 06/07/2014 at 22:38:43
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Starter (32 bits)
# Username : rkl - LPAIGEG
# Running from : C:\Users\rkl\Desktop\adwcleaner_3.214.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\rkl\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1518 octets] - [28/06/2014 17:13:46]
AdwCleaner[R1].txt - [1110 octets] - [04/07/2014 14:26:10]
AdwCleaner[R2].txt - [973 octets] - [06/07/2014 22:30:42]
AdwCleaner[S0].txt - [1755 octets] - [28/06/2014 17:24:00]
AdwCleaner[S1].txt - [1180 octets] - [04/07/2014 14:30:20]
AdwCleaner[S2].txt - [895 octets] - [06/07/2014 22:38:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [954 octets] ##########
_____________________________________________________________________________________

re uninstalls: please run another dds. Did this also. The report is below and I'll attach the Attach file. the Attch file shows a couple of programs that I thought I uninstalled and others I've never heard of, including D3DX10, MSVCRT, SwMSM, Bing Rewards Client Installer, and MSVCH2008 Redistributable. ALSO saw two updaTER programs (Java and another), whereas all I see in the uninstall part of control panel is the program itself or something that says Java Update, not the updaTER.
______________________________________________________________________________________

DDS REPORT
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: BrowserJavaVersion: 10.55.2
Run by rkl at 22:46:43 on 2014-07-06
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.191 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [mwlDaemon] c:\program files\egistec mywinlocker\x86\mwlDaemon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [EgisUpdate] "c:\program files\egistec ips\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
StartupFolder: c:\users\rkl\appdata\roaming\micros~1\windows\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
TCP: NameServer = 64.72.64.10 8.8.8.8
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C} : DHCPNameServer = 64.72.64.10 8.8.8.8
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\34347457563747 : DHCPNameServer = 136.244.1.1 136.244.1.2 8.8.8.8
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\35D616C6C644565627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\64964646C6568656164637D27457563747 : DHCPNameServer = 192.168.2.253
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\C41607964657D6028496C6C602641627D6 : DHCPNameServer = 10.1.10.1 75.75.76.76
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\D496E6E61672370286964656F65747 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{A81087B2-589B-456F-8D51-F5A5BADAE6F1} : DHCPNameServer = 192.168.0.1 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 104768]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-26 68208]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwsn00.sys [2013-7-25 10382576]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-11-26 82768]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-11-26 6766080]
S4 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-11-26 321104]
S4 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-12-21 735776]
S4 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
S4 MWLService;MyWinLocker Service;c:\program files\egistec mywinlocker\x86\MWLService.exe [2010-5-26 305520]
S4 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-11-26 260640]
S4 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-11-26 243232]
.
=============== Created Last 30 ================
.
2014-07-06 17:04:32 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9545aeb6-c15d-4e0f-8e75-73c987b324a8}\mpengine.dll
2014-07-05 04:00:53 8140904 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-07-04 02:28:42 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d2c89b8e-3201-4a46-a53d-ca21fd74b3d2}\gapaengine.dll
2014-06-28 21:15:17 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-28 21:12:10 -------- d-----w- C:\AdwCleaner
2014-06-26 15:14:43 -------- d-----w- c:\program files\Reason
2014-06-19 16:38:49 -------- d-----w- c:\users\rkl\appdata\local\Adobe
.
==================== Find3M ====================
.
2014-06-17 17:27:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-17 17:27:11 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-15 00:13:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 22:48:41.76 ===============
_______________________________________________________________________________________

Yes, Herd Protect runs now. I offered to start another thread but someone said not to.
Thanks Bill!
Laurie

 

[Slartybart]

Laurie,

It's late here and I just thought I'd let you know I saw your post - thanks.

I'll look at the details on the morrow (fancy Shakespearean speak )

Some of the programs you did not recognize are well known by geeks. Others have to be researched.

I'll post a list and ask you to confirm, ok

We're fine finishing up in this thread - no need for a new thread as it's all still related to the one issue.

Bill
.