HerdProtect getting stopped by AVG

[lpaigeg]

Hi, I just downloaded and tried to run Herd Protect. Then AVG popped up with a security threat. The first time i clicked the "allow threat" The second and third time I clicked "remove threat." Then I turned off AVG in the task manager. But Herd Protect stayd stuck and the AVG window kept returning.

The screenshot shows the threat I created an exception for.

I apologize for not knowing what i'm doing. I have three questions:

How do I get HerdProtect to run?
How do I get rid of the Malware on my computer?
Why didn't AVG get rid of that stuff in the first place?

 

[Jacee]

Did you download it from here? Download herdProtect - Free Anti-Malware Platform

 

[lpaigeg]

Yes, I did. Downloaded it from a lin in another thread that seemed potentially related to my issues.

 

[Jacee]

Download DDS from one of these links:
DDS.com
DDS.pif

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt <--- will be minimized in the task tray
• Save both reports to your desktop.

Include the contents of both logs in your next post.

 

[lpaigeg]

Hi Jacee,
Here are the contents of the reports. THanK you in advance!!
Laurie

<<>><<>><<>><<>><<>><<>><<>><<>>

DDS
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: BrowserJavaVersion: 10.55.2
Run by rkl at 21:32:11 on 2014-06-27
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.337 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
TCP: NameServer = 64.72.64.10 8.8.8.8
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C} : DHCPNameServer = 64.72.64.10 8.8.8.8
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\34347457563747 : DHCPNameServer = 136.244.1.1 136.244.1.2 8.8.8.8
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\35D616C6C644565627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\64964646C6568656164637D27457563747 : DHCPNameServer = 192.168.2.253
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\C41607964657D6028496C6C602641627D6 : DHCPNameServer = 10.1.10.1 75.75.76.76
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\D496E6E61672370286964656F65747 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{A81087B2-589B-456F-8D51-F5A5BADAE6F1} : DHCPNameServer = 192.168.0.1 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-5-13 149784]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-5-13 237848]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-5-13 107288]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-5-13 27416]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-5-13 122136]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-5-13 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-5-13 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-5-13 192280]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-5-13 210200]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-5-13 292424]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-11-26 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-12-21 735776]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 104768]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-11-26 260640]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-11-26 243232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-26 68208]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwsn00.sys [2013-7-25 10382576]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-11-26 82768]
S3 MWLService;MyWinLocker Service;c:\program files\egistec mywinlocker\x86\MWLService.exe [2010-5-26 305520]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-11-26 6766080]
.
=============== Created Last 30 ================
.
2014-06-28 00:57:26 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cbe428b8-5687-4a43-b8f8-4521ea8a8015}\mpengine.dll
2014-06-26 15:14:43 -------- d-----w- c:\program files\Reason
2014-06-26 14:49:18 8140904 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-06-24 03:16:00 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{96d6491b-f4eb-4643-a1dd-d5de05b86820}\gapaengine.dll
2014-06-19 16:38:49 -------- d-----w- c:\users\rkl\appdata\local\Adobe
2014-06-05 22:48:52 -------- d-----w- c:\program files\CCleaner
2014-06-05 22:40:10 -------- d-----w- c:\users\rkl\appdata\roaming\rightbackup
2014-06-05 22:34:11 -------- d-----w- c:\users\rkl\appdata\roaming\systweak
2014-06-02 12:10:52 -------- d-----w- c:\windows\pss
2014-05-31 15:37:22 -------- d-----w- c:\users\rkl\appdata\roaming\Paltalk
2014-05-31 15:37:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-31 15:37:16 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-31 15:36:31 -------- d-----w- c:\program files\Paltalk Messenger
.
==================== Find3M ====================
.
2014-05-13 18:19:14 192280 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-05-13 18:17:24 237848 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-05-13 18:17:22 210200 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-05-13 18:17:22 122136 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-05-13 18:17:20 149784 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-05-13 18:09:12 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-05-13 18:04:36 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-05-13 18:04:34 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-05-05 16:55:33 0 ----a-w- c:\windows\system32\shoADB.tmp
2014-04-21 02:38:21 0 ----a-w- c:\windows\system32\sho2AB5.tmp
2014-04-15 00:13:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 21:34:39.14 ===============



ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 2/14/2011 1:07:06 AM
System Uptime: 6/27/2014 8:44:34 PM (1 hours ago)
.
Motherboard: Acer | | JE02_PT
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | CPU | 1666/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 183.748 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP180: 6/5/2014 6:58:53 PM - Removed Microsoft Silverlight
RP181: 6/6/2014 7:54:25 PM - Windows Update
RP182: 6/11/2014 8:17:45 AM - Windows Update
RP183: 6/14/2014 7:13:22 PM - Windows Update
RP184: 6/15/2014 3:45:35 PM - Removed Paint.NET v3.5.11
RP185: 6/18/2014 2:03:36 PM - Windows Update
RP186: 6/21/2014 5:36:18 PM - Windows Update
RP187: 6/24/2014 11:21:02 PM - Windows Update
.
==== Installed Programs ======================
.
Acer Crystal Eye webcam Ver:1.1.192.810
Acer ePower Management
Acer eRecovery Management
Acer Game Console
Acer Games
Acer Registration
Acer ScreenSaver
Acer System Information
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader 9.1 MUI
Adobe Shockwave Player 12.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AVG 2014
Bing Rewards Client Installer
Blackhawk Striker 2
Bonjour
CCleaner
D3DX10
ENE USB Card Reader Driver
eSobi v2
Farm Frenzy
Final Drive Nitro
Google Chrome
Google Drive
Google Update Helper
herdProtect Anti-Malware Scanner
Identity Card
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 55
Java Auto Updater
Jewel Quest Solitaire 2
Launch Manager
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MyWinLocker
MyWinLocker Suite
Paltalk Messenger 11.4
Penguins!
Picasa 3
QuickTime 7
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Shredder
Skype™ 6.14
swMSM
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Virtual Villagers 4 - The Tree of Life
Visual Studio 2012 x86 Redistributables
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
6/26/2014 12:00:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
6/25/2014 11:21:34 PM, Error: Service Control Manager [7022] - The Security Center service hung on starting.
6/25/2014 11:20:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
.
==== End Of File ===========================

 

[Jacee]

Let's see what adware we can get rid of first.


Please download AdwCleaner by Xplode and save to your Desktop.
Step 1.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Step 2.
Using AdwCleaner v3: Scan & Clean:
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder


******Post both .txt logs

 

[andrew129260]

When you downloaded herdprotect did you choose installer or portable?

 

[lpaigeg]

Hi Jacee -- the scan report looks pretty small to me, but yes confusing. I don't really know what any of those programs are.

Andrew: I downloaded the installer version, not the portable. I think so anyway.

I'll run the cleaner now and post that in my next reply.

ADW SCAn REPORT
# AdwCleaner v3.213 - Report created 28/06/2014 at 17:13:46
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Starter (32 bits)
# Username : rkl - LPAIGEG
# Running from : C:\Users\rkl\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\rkl\AppData\Roaming\Systweak

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\rkl\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1378 octets] - [28/06/2014 17:13:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1438 octets] ##########

 

[andrew129260]

1.) Download herdprotect: (choose the portable version)

Download herdProtect - Free Anti-Malware Platform

2.) Run the scan.

3.) When the scan finishes, save the results per the screenshot below. Then upload the log here.

DO NOT REMOVE ANYTHING YET. I will advise if anything needs removed when I receive the log.

Attached Images

 

[lpaigeg]

ADCLEANER REPORT

# AdwCleaner v3.213 - Report created 28/06/2014 at 17:24:00
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Starter (32 bits)
# Username : rkl - LPAIGEG
# Running from : C:\Users\rkl\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\rkl\AppData\Roaming\Systweak

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\rkl\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}

*************************

AdwCleaner[R0].txt - [1518 octets] - [28/06/2014 17:13:46]
AdwCleaner[S0].txt - [1615 octets] - [28/06/2014 17:24:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1675 octets] ##########

 

[Jacee]

Okay, got rid of the adware!


Now, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forum and save it to your desktop.


Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.





Rescan with DDS and post the .txt log.

 

[lpaigeg]

I ran TFC -- it did not request a reboot. Here is the scan report:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: BrowserJavaVersion: 10.55.2
Run by rkl at 21:01:39 on 2014-06-28
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.384 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
TCP: NameServer = 64.72.64.10 8.8.8.8
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C} : DHCPNameServer = 64.72.64.10 8.8.8.8
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\34347457563747 : DHCPNameServer = 136.244.1.1 136.244.1.2 8.8.8.8
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\35D616C6C644565627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\64964646C6568656164637D27457563747 : DHCPNameServer = 192.168.2.253
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\C41607964657D6028496C6C602641627D6 : DHCPNameServer = 10.1.10.1 75.75.76.76
TCP: Interfaces\{2B169545-0321-4137-ACB4-A1CA7E59889C}\D496E6E61672370286964656F65747 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{A81087B2-589B-456F-8D51-F5A5BADAE6F1} : DHCPNameServer = 192.168.0.1 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-5-13 149784]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-5-13 237848]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-5-13 107288]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-5-13 27416]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-5-13 122136]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-5-13 198936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-5-13 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-5-13 192280]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-5-13 210200]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-5-13 292424]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-11-26 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-12-21 735776]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 104768]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-11-26 260640]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-11-26 243232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-26 68208]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwsn00.sys [2013-7-25 10382576]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-11-26 82768]
S3 MWLService;MyWinLocker Service;c:\program files\egistec mywinlocker\x86\MWLService.exe [2010-5-26 305520]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-11-26 6766080]
.
=============== Created Last 30 ================
.
2014-06-28 21:15:17 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-28 21:12:10 -------- d-----w- C:\AdwCleaner
2014-06-28 00:57:26 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cbe428b8-5687-4a43-b8f8-4521ea8a8015}\mpengine.dll
2014-06-26 15:14:43 -------- d-----w- c:\program files\Reason
2014-06-26 14:49:18 8140904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-06-24 03:16:00 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{96d6491b-f4eb-4643-a1dd-d5de05b86820}\gapaengine.dll
2014-06-19 16:38:49 -------- d-----w- c:\users\rkl\appdata\local\Adobe
2014-06-05 22:48:52 -------- d-----w- c:\program files\CCleaner
2014-06-05 22:40:10 -------- d-----w- c:\users\rkl\appdata\roaming\rightbackup
2014-06-02 12:10:52 -------- d-----w- c:\windows\pss
2014-05-31 15:37:22 -------- d-----w- c:\users\rkl\appdata\roaming\Paltalk
2014-05-31 15:37:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-31 15:37:16 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-31 15:36:31 -------- d-----w- c:\program files\Paltalk Messenger
.
==================== Find3M ====================
.
2014-05-13 18:19:14 192280 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-05-13 18:17:24 237848 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-05-13 18:17:22 210200 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-05-13 18:17:22 122136 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-05-13 18:17:20 149784 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-05-13 18:09:12 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-05-13 18:04:36 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-05-13 18:04:34 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-04-15 00:13:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 21:03:56.64 ===============

 

[lpaigeg]

Jacee & Andrew:
I did download the portable version. Scan results are below.

HERD PROTECT SCAN RESULTS
Saved date: 6/28/2014 11:14:24 PM
Files detected: 23
Files scanned: 3,219
Processes scanned: 53
Modules scanned: 498
ASEPs scanned: 396
Downloads scanned: 5
Deep analysis: 7/0
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path: c:\program files\acer games\acer game console\gameconsoleservice.exe
Publisher: WildTangent, Inc.
Signer: WildTangent Inc
MD5: ce16683cfd11fe70bde435dda5ea1fca
SHA-1: ff1041c97622b81d6fd03e3a7f17c8884cc2e8c2
Created: 4/3/2010 7:01:24 PM
Detections: 3
Determination: Inconclusive
- Dr.Web as MULDROP.Trojan (Undefined malware)
- Boost by Reason as Optional.Service.WildTangent.S
- Antiy Labs AVL as Trojan/Win32.Mufanom.gen (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\windows\system32\drivers\ipmidrv.sys
Publisher: Microsoft Corporation
MD5: e4454b6c37d7ffd5649611f6496308a7
SHA-1: a917299009753096f1858a97090ef99e84dffe14
Created: 7/13/2009 7:30:59 PM
Detections: 1
Determination: Inconclusive
- Emsisoft Anti-Malware as Gen:Variant.Kazy.250361 (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\paltalk messenger\paltalk.exe
Publisher: AVM Software Inc.
Signer: Paltalk.com
MD5: d2175b19bd5cb416ac69a907814eccd0
SHA-1: 7ca341833f8acabb3c74f74fca335ef4fee8559f
Created: 5/31/2014 11:36:38 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.Stranact (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\users\rkl\desktop\tfc.exe
Publisher: OldTimer Tools
MD5: 788fcddd88240a85039f7f561093b118
SHA-1: 6b5b2ef60b3ec25a4083b1629a4fd51574428ea1
Created: 6/28/2014 8:58:09 PM
Detections: 3
Determination: Inconclusive
- Bkav FE as HW32.CDB (Undefined malware)
- Kingsoft AntiVirus as Win32.HeurC.KVM099.a.(kcloud) (Undefined malware)
- Baidu Antivirus as Trojan.Win32.Undef (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\users\rkl\downloads\herdprotectscan_setup.exe
Publisher: Reason Company Software Inc.
Signer: Reason Software Company Inc.
MD5: 5e6c9fa4bc18a6e529eafdc7f0006162
SHA-1: f53efd19ba93ff8cbed657e13e61ae84da401e4e
Created: 6/26/2014 11:12:36 AM
Detections: 3
Determination: Inconclusive
- Trend Micro House Call as Suspicious_GEN.F47V0611 (Undefined malware)
- Kaspersky as HEUR:Trojan.Win32.Generic (Undefined malware)
- Rising Antivirus as PE:Malware.ArcadeWeb!6.727 (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\users\rkl\downloads\cbsidlm-cbsi183-free_jpg_to_pdf-seo-75732662.exe
Publisher: CNET Download.com
Signer: CBS Interactive
MD5: 609b83259466f78ec2014119b22100f8
SHA-1: 23b050563a81a1c57daba7805b1e3e6b4c874f2b
Created: 4/7/2014 12:05:35 PM
Detections: 7
Determination: Adware
- McAfee as Artemis!609B83259466 (Undefined malware)
- Trend Micro House Call as TROJ_GEN.F47V0220 (Undefined malware)
- VIPRE Antivirus as Opencandy (Adware)
- McAfee Web Gateway as Artemis!609B83259466 (Undefined malware)
- AhnLab V3 Security as PUP/Win32.Downloader (Adware)
- ESET NOD32 as Win32/CNETInstaller (variant) (Undefined malware)
- Reason Heuristics as Bundler.PPI.CBSInteractive.e (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\users\rkl\downloads\rcp_dcomnew_util_300.exe
Publisher: Systweak Inc
Signer: Systweak Software
MD5: 20ccd9717c7bb4183af8b6f2d14c63fa
SHA-1: 2976151506b7afc6c0d7a96e48ebe1a427e6b36d
Created: 6/5/2014 6:30:03 PM
Detections: 5
Determination: Adware
- Reason Heuristics as PUP.Optional.SystweakSoftware.U (Adware)
- ESET NOD32 as Win32/Systweak (Undefined malware)
- Trend Micro House Call as TROJ_GEN.F47V0516 (Undefined malware)
- Dr.Web as riskware program Program.Unwanted.31 (Undefined malware)
- G Data as Win32.Application.RegCleanPro (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\windows\plfseti.exe
Publisher:
Signer: SONIX TECHNOLOGY CO. , LTD
MD5: eadceb89dd46da2a5560ca2af016a6a6
SHA-1: 2cfef42c6e1ad0421e3352f0c1d3002e164a3f65
Created: 12/21/2010 10:26:52 AM
Detections: 1
Determination: Inconclusive
- Boost by Reason as Optional.Startup.SONIXTECHNOLOGYCO.H

---------------------------------------------------------------------------------

File path: c:\windows\system32\mrt.exe
Publisher: Microsoft Corporation
Signer: Microsoft Corporation
MD5: c6c8001c1d99079022d8c8c66bae3bac
SHA-1: 541f60d44fb49dfcbe97eeb9ba0ddb4fb7909f7d
Created: 4/4/2011 9:24:03 PM
Detections: 1
Determination: Inconclusive
- Boost by Reason as PUP.MicrosoftCorporation.D

---------------------------------------------------------------------------------

File path: c:\users\rkl\appdata\local\apps\2.0\4vm7denq.0rl\8pd26c6m.wq8\goog...app_4fe91ede9f9bdca3_0001.0003_220683e2e6fc7802\googleupdatesetup.exe
Publisher: Google Inc.
Signer: Google Inc
MD5: a6f8d4fbc12177a75ab4c06d059229b6
SHA-1: 3403381c7fef04c040a96f0d19c6311b4826ad75
Created: 10/22/2013 12:41:17 PM
Detections: 1
Determination: Inconclusive
- Antiy Labs AVL as Trojan/Win32.Generic (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\users\rkl\appdata\local\apps\2.0\4vm7denq.0rl\8pd26c6m.wq8\clic...exe_4fe91ede9f9bdca3_0001.0003_none_81523f7b64d98436\googleupdatesetup.exe
Publisher: Google Inc.
Signer: Google Inc
MD5: a6f8d4fbc12177a75ab4c06d059229b6
SHA-1: 3403381c7fef04c040a96f0d19c6311b4826ad75
Created: 10/22/2013 12:41:17 PM
Detections: 1
Determination: Inconclusive
- Antiy Labs AVL as Trojan/Win32.Generic (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\quicktime\qtsystem\quicktimeupdatehelper.exe
Publisher: Apple Inc.
MD5: 6ba0a1e9e362d1df46bf747ba0f942fa
SHA-1: e39ffa0bdd613caa6e84df3cb4dd5dae6f2a2b3d
Created: 1/17/2014 3:24:00 PM
Detections: 1
Determination: Inconclusive
- Boost by Reason as Optional.Apple.V

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{738bf5c3-af7b-4bb0-b7ef-e505efc756be}\shredder.exe
Publisher: Egis Technology Inc.
Signer: EGIS TECHNOLOGY INC.
MD5: 7e0e1f2dcfff6aa7bd28633637b441c7
SHA-1: 712b7310db3d0c0e0d012638e1d9552fca0c9967
Created: 11/26/2010 8:28:58 AM
Detections: 1
Determination: Inconclusive
- Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\egistec mywinlocker\shredder.exe
Publisher: Egis Technology Inc.
Signer: EGIS TECHNOLOGY INC.
MD5: f31bfaf4e7f073a32de7f0b7bce194d3
SHA-1: 1f1094b58dbc8c644508d7e5d8334de7b984e0c0
Created: 1/21/2010 12:23:10 AM
Detections: 1
Determination: Inconclusive
- Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\acer games\uninstall.exe
Publisher: WildTangent
MD5: 237044acc92aad07375cad594418966b
SHA-1: e7d29577638c80909291c80048584ef9c6a6568c
Created: 11/26/2010 8:12:27 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.CDB (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\acer games\virtual villagers 4 - the tree of life\virtual villagers - the tree of life-wt.exe
Publisher: WildTangent, Inc.
Signer: WildTangent Inc
MD5: fafd9e01a8f6f7e310fd8e23888b69f0
SHA-1: 47f54a6e8fde8d33ea61efd7572e795745570d3c
Created: 4/16/2010 1:50:38 PM
Detections: 1
Determination: Inconclusive
- Norman as Obfuscated.T (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\acer games\final drive nitro\racing-wt.exe
Publisher: WildTangent, Inc.
Signer: WildTangent Inc
MD5: bfde24d3643b824b61cd6d7c0d68d493
SHA-1: dc1b55bf7cb1854f4e5d6406c889661f8538bc98
Created: 4/16/2010 3:36:20 AM
Detections: 3
Determination: Inconclusive
- Norman as Obfuscated.T (Undefined malware)
- Trend Micro House Call as TROJ_GEN.F47V0917 (Undefined malware)
- AVG as Win32/Heur.dropper (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\paltalk messenger\libx264-129.dll
Publisher: x264 project
MD5: bd73b37b4544aa6223ec2b97932ef5c2
SHA-1: 940629b6d4f479ab836508216d3692e1e2e7db46
Created: 5/31/2014 11:36:38 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.TsCabk (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\paltalk messenger\palsound.dll
Publisher: Paltalk.com
Signer: Paltalk.com
MD5: 1c05bde09cbdcccb3924b11f84c07e93
SHA-1: 6317c52387b438135f180c72aa9e9a50053c732c
Created: 5/31/2014 11:36:43 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.Stranact (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\paltalk messenger\webvideo.dll
Publisher: Paltalk.com
Signer: Paltalk.com
MD5: 684d004ee1b4c7dd3ae17f1abad70670
SHA-1: 2593210fe5e4d06548b3f0df5bd1414d134d8c9c
Created: 5/31/2014 11:36:44 AM
Detections: 1
Determination: Inconclusive
- Bkav FE as HW32.Stranact (Undefined malware)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{d0ace89d-ec7f-470f-80be-4c98ed366b32}\issetup.dll
Publisher: Acresso Software Inc.
Signer: Chicony Electronics Co., Ltd.
MD5: 73ab880f2c6f00b71ec9f68d9cae4fd1
SHA-1: b06efa2c1d0124681282b8451ca64d9a7c4ff125
Created: 12/21/2010 10:26:52 AM
Detections: 1
Determination: Inconclusive
- eSafe as Suspicious File (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{738bf5c3-af7b-4bb0-b7ef-e505efc756be}\issetup.dll
Publisher: Acresso Software Inc.
MD5: f6605e1289f6109e84ad2df9168630f3
SHA-1: 3f19ca8790d528c103f3ef9b6fc5158d22d3f922
Created: 11/26/2010 8:27:07 AM
Detections: 1
Determination: Inconclusive
- Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

---------------------------------------------------------------------------------

File path: c:\program files\installshield installation information\{0d7cd0d9-4a88-4a63-8f91-3f4e8f371768}\issetup.dll
Publisher: Acresso Software Inc.
MD5: ae53a8740ea7aabc4c9039195d0b59da
SHA-1: 10d9408e0c01c060d76de1c4440c78462d579a41
Created: 11/26/2010 8:28:12 AM
Detections: 1
Determination: Inconclusive
- Clam AntiVirus as PUA.Packed.PECompact-1 (Ignore)

 

[Jacee]

Take a look at this page about "Acresso Software Inc" (Nuance Software Manager)... What is Acresso software manager agent and how do I get rid of it? - Microsoft Community


It's up to you if you want to uninstall the PDF reader or not.


I've seen many say that Sumatra is a good, free PDF reader. Just make sure you uncheck any pre-checked boxes when downloading and installing! Download Sumatra PDF 2.5.2 - FileHippo.com

 

[lpaigeg]

Hi Jacee,
I can't find the Acresso File or any PDF reader. I looked in Program files, I did a windows search -- even searching issetup.dll and it doesn't find such a file except for within the scan document.

Questions:
--How do I get rid of Acresso files?
-- what about the other files detected by the scan? What about Systweak? And should I get rid of Googleupdatesetup (why is there such a file anyway?)?
--NOTE: the PalTalk Messenger is a wanted program.

Thanks Again!!
Laurie

PS Since my original question was about how to run HerdProtect should I mark it solved and start a new thread?

 

[andrew129260]

Questions:
And should I get rid of Googleupdatesetup (why is there such a file anyway?)?

PS Since my original question was about how to run HerdProtect should I mark it solved and start a new thread?

I'll let jacee answer the other stuff.

Googleupdatesetup or google services run in the background to automatically update your google software you have installed such as chrome, google toolbar, google earth etc. If you uninstall all google products from your pc the service will delete itself. If you do not want those programs look through your programs and features program list.

no, stay in this thread.

+1 on Sumatra. Great free pdf reader and no junk you have to uncheck on install.

 

[lpaigeg]

Hi Jacee,
I've read a bunch from the link below but I don't understand a lot of it. I never downloaded this .pdf reader so I'm not sure where it came from. I use Adobe Acrobat.

I've searched for Acresso, Nuance, and did a general search (as per one of the posts found at the link below) for "software" and I come up with zilch. Can't figure out how to find it to remove it other than doing regedit which i've never done before.

Grateful for any advice at this point.

Laurie

Take a look at this page about "Acresso Software Inc" (Nuance Software Manager)... What is Acresso software manager agent and how do I get rid of it? - Microsoft Community


It's up to you if you want to uninstall the PDF reader or not.


I've seen many say that Sumatra is a good, free PDF reader. Just make sure you uncheck any pre-checked boxes when downloading and installing! Download Sumatra PDF 2.5.2 - FileHippo.com

 

[Slartybart]

The discussion over there eventually gets around to what the Acresso Software manager does. It seems to be used by some reputable companies (Brother, Dragon Speaking...) to provide automatic updates. I don't know if this is true or not, but the following solution is easy and seems reasonable.

I'll take it one step further and tell you that it's fairly common practice to not have anything checked on the Startup Tab in msconfig, except your Anti-Virus program. If you have a Synaptics touchpad and have set any features, then you'll want to leave the Synaptics entry checked too. If you don't have anything special configured for the Synaptics device (scroll rate, click rate, button assignments, that sort of thing) then it should work fine without the extra startup.

So you might end up with two entries checked on the Startup tab
1) your AV, and
2) Synaptics touchpad.

Press Ok and reboot.

LHWood replied on February 14, 2014

Reply In reply to Realtor_Jason's post on January 2, 2014

Easiest way to deactivate this junk is to:

*Click the Start icon...bottom left on your desktop display
*In the Search box type: msconfig
*When it opens click the Startup tab
*Go down the list to Software Manager...it'll show Acresso as the software supplier
*Uncheck the box next to Software Manager
*Click Apply and then OK
*You'll be asked if you want to restart Windows....click Yes

Software Manager will now be dormant when you start your computer. You can always reactivate the program by doing the above and scrolling down and recheck the box next to Software Manager and Apply and OK and then restart .

All done.

Good luck.

 

[lpaigeg]

Ok, I went to msconfig and deactivated everything. But there was no Software Manager listed.

 

[Slartybart]

Ok, thanks.

After each change, try the installed version of herdProtect (not the portable version) to see if the change had any affect on the original issue. Go ahead and try it now, after the Startup tab changes.

If herdProtect launches, the issue might be resolved and there's no need to proceed with other troubleshooting.

We could go around for a while, posting images and listings, but it's probably better just to say:
"Look around your computer and if there are any entries with Acresso or Nuance in the name, post that information"

I'm working off of Jacee's information and the MS link she posted, as I'm not familiar with either Acresso or Nuance.
There are a few other names in that link that you might want to investigate (Flex, Brother, and Dragon, are referenced). The difficulty is that there are many ways the software might have arrived on your machine and there are many names it goes by (based on the Vendor).

You've already eliminated the Startup tab in msconfig as a possible point of entry - that's good.

The other area in msconfig that might contribute to this would be Services. Take a look at this tutorial and follow the instructions in Step 1. Yyou've already partially completed step 2 by modifying the Startup tab, the rest of step two is troubleshooting by elimination (trial and error).
http://www.sevenforums.com/tutorial...ation-conflicts-performing-clean-startup.html

You might post a screenshot of the Services tab after hiding all MS services.

Take another look at Programs & Features - look for anything that's not familiar to you and post what it is (a screen shot might help, but sometimes, it's unwieldy due to the size - your call). The end might be to uninstall it, but I don't want to suggest that yet.