SOLVED Please help, AVG/command line scan log???

T

trebor80

Joined
May 17, 2014
Messages
4
Reaction score
0
Been noticing my hp win7 laptop being glitchy and slow and blinking during shutdown. Haven't been able to figure out what it is so I ran a command line scanner (AVG premium trail version). Was thinking I just had conflicts in setting or virus protection software but that didn't seem to be it. Anyway the safe mode scan I did returned some thing that I've never seen and indicated some avg files as corrupt. I am not tech savvy and don't know where to go from here. I've ran hijack this- nothing stands out to me, malwarebytes- nothing, JRT- fixed a few things but I'm still runnung slow and glitchy. Here's the avg log any help would be greatly appreciated.

AVG 2014 AntiVirus command line scanner

Copyright (c) 1992 - 2013 AVG Technologies

Program version 2014.0.4577, engine 2014.0.3950

Virus Database: Version 3950/7509 2014-05-16

@Scan_BootSectorName|%name%=HIDDEN| Found Bootkit.61030040.F987090C is OK.

@Scan_BootSectorName|%name%=C:\| Found Bootkit.61030040.F987090C is OK.

@Scan_BootSectorName|%name%=D:\| Found Bootkit.61030040.F987090C is OK.

C:\Documents and Settings\All Users\AVG\AWL2012\TTUSvc.tt Locked file. Not scanned. is OK.

C:\Documents and Settings\All Users\Desktop\ Locked file. Not scanned. is OK.

C:\Documents and Settings\All Users\Documents\ Locked file. Not scanned. is OK.

C:\Documents and Settings\All Users\Favorites\ Locked file. Not scanned. is OK.

C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\157dbbc73ab28e13f9ac159d717e4f86_d04d92b3-b004-42b8-865f-040d3b7764e5 Locked file. Not scanned. is OK.

C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\6ba61fab89d50e9bbcb1b50e2bcdc18f_d04d92b3-b004-42b8-865f-040d3b7764e5 Locked file. Not scanned. is OK.

C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\7728df690e72383bae57e12fed499b66_d04d92b3-b004-42b8-865f-040d3b7764e5 Locked file. Not scanned. is OK.

C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\926d89af5682b131b6cdf51f7da5cbda_d04d92b3-b004-42b8-865f-040d3b7764e5 Locked file. Not scanned. is OK.

C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\d12a9f52b51b1bc4fc70c46285719674_d04d92b3-b004-42b8-865f-040d3b7764e5 Locked file. Not scanned. is OK.

C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\e7860b9e5e5190632dcb7f4aae2bd721_d04d92b3-b004-42b8-865f-040d3b7764e5 Locked file. Not scanned. is OK.

C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\f20ce308cec88f867fbce252bcbafeb7_d04d92b3-b004-42b8-865f-040d3b7764e5 Locked file. Not scanned. is OK.

C:\Documents and Settings\All Users\Templates\ Locked file. Not scanned. is OK.

C:\Documents and Settings\Default\AppData\Local\History\ Locked file. Not scanned. is OK.

C:\Documents and Settings\Default\AppData\Local\Temporary Internet Files\ Locked file. Not scanned. is OK.

C:\Documents and Settings\Default\Cookies\ Locked file. Not scanned. is OK.

C:\Documents and Settings\Default\Documents\My Music\ Locked file. Not scanned. is OK.

C:\Documents and Settings\Default\Documents\My Pictures\ Locked file. Not scanned. is OK.

C:\Documents and Settings\Default\Documents\My Videos\ Locked file. Not scanned. is OK.

C:\Documents and Settings\Default\NetHood\ Locked file. Not scanned. is OK.

C:\Documents and Settings\Default\PrintHood\ Locked file. Not scanned. is OK.

C:\Documents and Settings\Default\Templates\ Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\AppData\Local\Avg2014\log\avg-8943990c-b519-4e73-9ad0-ca4e5a789f18.tmp Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\AppData\Local\Avg2014\temp\avg-3f517905-b676-436d-b0e7-350d8f43234d.tmp Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\AppData\Local\Avg2014\temp\avg-c83ebd36-d0ac-4c48-a2e0-9b1b191fb938.tmp Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\AppData\Local\History\ Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\Documents\My Music\ Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\Documents\My Pictures\ Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\Documents\My Videos\ Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\NetHood\ Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\ntuser.dat Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\ntuser.dat.LOG1 Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\ntuser.dat.LOG2 Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\PrintHood\ Locked file. Not scanned. is OK.

C:\Documents and Settings\owner\Templates\ Locked file. Not scanned. is OK.

C:\Documents and Settings\Public\Documents\My Music\ Locked file. Not scanned. is OK.

C:\Documents and Settings\Public\Documents\My Pictures\ Locked file. Not scanned. is OK.

C:\Documents and Settings\Public\Documents\My Videos\ Locked file. Not scanned. is OK.

C:\hiberfil.sys Locked file. Not scanned. is OK.

C:\pagefile.sys Locked file. Not scanned. is OK.

08:38:25 Error 0xe001003d:

C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\FPC\Downloaded\

08:38:25 Error 0xe001003d:

C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\Ogun\Downloaded\

C:\System Volume Information\MountPointManagerRemoteDatabase Locked file. Not scanned. is OK.

C:\System Volume Information\Syscache.hve Locked file. Not scanned. is OK.

C:\System Volume Information\Syscache.hve.LOG1 Locked file. Not scanned. is OK.

C:\System Volume Information\Syscache.hve.LOG2 Locked file. Not scanned. is OK.

C:\System Volume Information\WindowsImageBackup\ Locked file. Not scanned. is OK.

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\System Volume Information\{67797a02-d291-11e3-a4a3-e4115bf0a59c}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\System Volume Information\{67797a06-d291-11e3-a4a3-e4115bf0a59c}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\System Volume Information\{68220404-d332-11e3-bf00-e4115bf0a59c}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\System Volume Information\{68220408-d332-11e3-bf00-e4115bf0a59c}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\System Volume Information\{68220417-d332-11e3-bf00-e4115bf0a59c}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\System Volume Information\{68220464-d332-11e3-bf00-e4115bf0a59c}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\System Volume Information\{68220484-d332-11e3-bf00-e4115bf0a59c}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\System Volume Information\{6822048a-d332-11e3-bf00-e4115bf0a59c}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\System Volume Information\{6822048e-d332-11e3-bf00-e4115bf0a59c}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\System Volume Information\{6a421f1a-d93f-11e3-a675-e4115bf0a59c}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\System Volume Information\{7dbead2c-d720-11e3-9774-e4115bf0a59c}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\System Volume Information\{ae562e13-d426-11e3-ba97-e4115bf0a59c}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\System Volume Information\{ae562e7c-d426-11e3-ba97-e4115bf0a59c}{3808876b-c176-4e48-b7ae-04046e6cc752} Locked file. Not scanned. is OK.

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not scanned. is OK.

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not scanned. is OK.

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not scanned. is OK.

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 Locked file. Not scanned. is OK.

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 Locked file. Not scanned. is OK.

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not scanned. is OK.

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 Locked file. Not scanned. is OK.

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 Locked file. Not scanned. is OK.

C:\Windows\System32\catroot2\edb.log Locked file. Not scanned. is OK.

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not scanned. is OK.

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not scanned. is OK.

C:\Windows\System32\config\DEFAULT Locked file. Not scanned. is OK.

C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not scanned. is OK.

C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not scanned. is OK.

C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not scanned. is OK.

C:\Windows\System32\config\RegBack\SAM Locked file. Not scanned. is OK.

C:\Windows\System32\config\RegBack\SECURITY Locked file. Not scanned. is OK.

C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not scanned. is OK.

C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not scanned. is OK.

C:\Windows\System32\config\SAM Locked file. Not scanned. is OK.

C:\Windows\System32\config\SAM.LOG1 Locked file. Not scanned. is OK.

C:\Windows\System32\config\SAM.LOG2 Locked file. Not scanned. is OK.

C:\Windows\System32\config\SECURITY Locked file. Not scanned. is OK.

C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not scanned. is OK.

C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not scanned. is OK.

C:\Windows\System32\config\SOFTWARE Locked file. Not scanned. is OK.

C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not scanned. is OK.

C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not scanned. is OK.

C:\Windows\System32\config\SYSTEM Locked file. Not scanned. is OK.

C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not scanned. is OK.

C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not scanned. is OK.

C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-017ae13d-66db-4765-baa8-c739edeb704b.tmp Corrupted executable file

C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\temp\avg-3778992f-131a-4829-8508-143c8c2ed55e.tmp Corrupted executable file

C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not scanned. is OK.

C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat Locked file. Not scanned. is OK.

C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 Locked file. Not scanned. is OK.

C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 Locked file. Not scanned. is OK.

C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{c2461d92-722a-11e2-b280-74de2ba1ffd9}.TM.blf Locked file. Not scanned. is OK.

C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{c2461d92-722a-11e2-b280-74de2ba1ffd9}.TMContainer00000000000000000001.regtrans-ms Locked file. Not scanned. is OK.

C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{c2461d92-722a-11e2-b280-74de2ba1ffd9}.TMContainer00000000000000000002.regtrans-ms Locked file. Not scanned. is OK.

D:\System Volume Information\ Locked file. Not scanned. is OK.


------------------------------------------------------------

Test started: 17.5.2014 3:04:48

Duration of test: 1 hour(s) 7 minute(s) 10 second(s)

------------------------------------------------------------

Objects scanned : 358480

Found infections : 102

Found high severity : 0

Found med severity : 2

Found info severity : 103

Fixed high severity : 0

Fixed med severity : 2

Fixed info severity : 0
 
Shintaro

Shintaro

Moderator
Joined
Mar 1, 2012
Messages
2,134
Reaction score
252
Welcome to the W7Forums.

Run the following:

  1. Download and run TDSSKiller.
    1. Accept the "End User License Agreement"
    2. Accept the "KSN Statement"
    3. Select "Change Parameters" and Select:
      • Verify file digital signatures
      • Detect TDLFS file system
      • Use KSN to scan objects
    4. When the scan is complete the log file is in C:\ It will have a name like "TDSSKiller.3.0.0.34_04.05.2014_08.05.16_log.txt"
  2. Install Malwarebytes (Free Version)
    1. Select "Threat Scan"
    2. When it is completed, please upload the log file from: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
  3. Please download and run Windows Defender Offline.
    1. Click "Next"
    2. Click "I Accept"
    3. Select Either: (Typically it is either CD/DVD or USB)
      • CD or DVD
      • USB
      • ISO file
    4. Cllick "Next"
    5. It will create a CD / DVD / USB and will boot and scan your hard drive offline.

Hope this helps.
 
T

trebor80

Joined
May 17, 2014
Messages
4
Reaction score
0
yes sir I seem to be humming along at the speed I'm used to an my windows assesment score went from 3.1 to 3.4 where it's supposed to be. The graphics unit was what was being drained. And the file it was hiding in was a counterfeit (unsigned) HP Software Framework Service. Thank you for your help. I use this forum alot to learn from and this was the first time I've had to post something. Mucho gracious!
 
Shintaro

Shintaro

Moderator
Joined
Mar 1, 2012
Messages
2,134
Reaction score
252
Mate,

Happy to help.
If all is ok, please mark the thread as solved.

Also, if possible could you please post the logs from TDSSKiller and MalwareBytes.
 
Last edited:
T

trebor80

Joined
May 17, 2014
Messages
4
Reaction score
0
The usb stick i used was formatted when i put the win offline defender on it. so the logs were erased. Downloaded tdsskiller again an ran it but it returned nothing. I got the trial version of the pro malwarebytes an it's not picking anything up. I wouldv'e liked to show you the file that it was in. It had a sha256 hash and a shorter hash with it and it was unsigned. The hp software framework is still on running services but I think thats needed for the wireless auto connect(??). Also the old hp software framework was logging on as a different account with a long password and the present one logs on as "this account" with no password, the executable is hpCaslNotification and file path is C:\Program Files (x86)\Hewlett-Packard\Shared. I know all this really tells you nothing without you seeing the logs. Is there anything I can do to ensure its not still buried somewhere an waiting to come back?
 
T

trebor80

Joined
May 17, 2014
Messages
4
Reaction score
0
Gonna close this an mark as solved since it seems to be that. If the problem comes back or something else I'll post a question an be more attentive to where i put the log file. Thank you for help it was really the tdsskiller that done it. Thanks again, this forum, as always, is the best one for windows.
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SOLVED Please help me un-park four of eight CPU's? 1
BOOTMGR error........Please help 3
Help trying to access external hard drive.....please 4
HELP please! Forbidden accedss and 403 Error 0
Problem with network since having to replace router, please help. 2
System Crash & BSOD, please help to revive my laptop 0
The BSOD Blues, please help! 0
SOLVED Laptop crashes (no BSOD) - please help me 3

Top