Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Dropper detected-- Not sure what to do next


  • Please log in to reply
17 replies to this topic

#1 Cookies79

Cookies79

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 07 May 2014 - 04:13 PM

I recently upgraded my desktop to windows vista since xp was not supported.  It was a completely clean install as I choose not to transfer files over.  Today, I moved some files over from my back-up.  I ran a virus scan on each file as well and ran a full virus scan.  No issues detected.  Then I ran malwarebytes and two objects called trojan.dropper were found.  Not sure if my computer is infected or not.  How do I make sure this Trojan.Dropper is deleted.

 

Running Windows Vista

 

Not detected by Norton 360

 

Malwarebytes detected:  Trojan.Dropper 

                                        Type: File

                                        Location:  C:\Program Files\InstallShield Installation Information\{7A2A107B-9695-423F-9462-8F17C178BD35}\setup.exe

                                 

                                       Trojan.Dropper

                                       Type: KEY

                                       Location: Hklm\SOFTWARE\MICROSOFT\CURRENTVERSION\WINDOWS\UNINSTALL\{7A2A107B-9695-423F-9462-8F17C178BD35}


Edited by Cookies79, 07 May 2014 - 04:39 PM.


BC AdBot (Login to Remove)

 


m

#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 07 May 2014 - 04:53 PM

Hallo Cookies79 and :welcome:

Would you do the following:

Please download Kaspersky TDSSKiller HERE onto your desktop
Double-click on tdsskiller.exe to open this utility, then click on Change Parameters.
In the new open window,we will need to enable Detect TDLFS file system, then click on OK.KSN is by default enabled.
Next,we will need to start a scan with Kaspersky, so you’ll need to press the Start Scan button.
Kaspersky TDSSKiller will now scan your computer
When the scan has finished it will display a result screen stating whether or not the infection was found on your computer.

 

Thank you!



#3 Cookies79

Cookies79
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 07 May 2014 - 04:58 PM

Kapersky didn't show anything.  Does that mean I'm good?



#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 07 May 2014 - 05:19 PM

Now:

Download & SAVE to your Desktop RogueKiller HERE 64bit or HERE 32bit

Disable your antivirus protection.

Quit all programs that you may have started.
    Please disconnect any external drives from the computer before you run this scan!
    For Vista or Windows 7, right-click and select "Run as Administrator to start"
    For Windows XP, double-click to start.
    Wait until Prescan has finished ...
    Then Click on "Scan" button
    Wait until the Status box shows "Scan Finished"
    click on "delete"
    Wait until the Status box shows "Deleting Finished"
    Click on "Report" and copy/paste the content of the Notepad into your next reply.
    the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
    Exit/Close RogueKiller+



#5 Cookies79

Cookies79
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 07 May 2014 - 05:49 PM

I have a tp-link wireless usb adapter on my computer.  Should I disconnect that as well?


Edited by Cookies79, 07 May 2014 - 05:52 PM.


#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 07 May 2014 - 05:53 PM

If it is USB yes.



#7 Cookies79

Cookies79
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 07 May 2014 - 06:25 PM

I don't get any files on desktop that show RKreport[2].txt.  I just have one that shows RKreport[0].txt.  

 

I also added a desktop icon for forquarantine, myuser account and mycomputer.  

 



#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 07 May 2014 - 06:48 PM

Ok paste it.



#9 Cookies79

Cookies79
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 07 May 2014 - 07:02 PM

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : TT [Admin rights]
Mode : Scan -- Date : 05/07/2014 19:08:54
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Skytel (Skytel.exe [7]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x82299823 -> HOOKED (Unknown @ 0x87FCCF18)
[Address] SSDT[14] : NtAlertThread @ 0x8221234F -> HOOKED (Unknown @ 0x87FCCF90)
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8224E69D -> HOOKED (Unknown @ 0x87FCC9D8)
[Address] SSDT[21] : NtAlpcConnectPort @ 0x821F08A7 -> HOOKED (Unknown @ 0x87E3D9E8)
[Address] SSDT[42] : NtAssignProcessToJobObject @ 0x821C3B32 -> HOOKED (Unknown @ 0x87FC9DE8)
[Address] SSDT[67] : NtCreateMutant @ 0x82226993 -> HOOKED (Unknown @ 0x87FCCD80)
[Address] SSDT[77] : NtCreateSymbolicLinkObject @ 0x821C6349 -> HOOKED (Unknown @ 0x87FC9BE0)
[Address] SSDT[78] : NtCreateThread @ 0x82297E40 -> HOOKED (Unknown @ 0x87FC1B00)
[Address] SSDT[116] : NtDebugActiveProcess @ 0x8226AED4 -> HOOKED (Unknown @ 0x87FC9E80)
[Address] SSDT[129] : NtDuplicateObject @ 0x821FE579 -> HOOKED (Unknown @ 0x87FB3E38)
[Address] SSDT[147] : NtFreeVirtualMemory @ 0x8208AE75 -> HOOKED (Unknown @ 0x87FBFAA8)
[Address] SSDT[156] : NtImpersonateAnonymousToken @ 0x821C0F3F -> HOOKED (Unknown @ 0x87FCCE28)
[Address] SSDT[158] : NtImpersonateThread @ 0x821D6589 -> HOOKED (Unknown @ 0x87FCCEA0)
[Address] SSDT[165] : NtLoadDriver @ 0x82171E12 -> HOOKED (Unknown @ 0x87E1EA28)
[Address] SSDT[177] : NtMapViewOfSection @ 0x82216994 -> HOOKED (Unknown @ 0x87FBFA10)
[Address] SSDT[184] : NtOpenEvent @ 0x821FFDF7 -> HOOKED (Unknown @ 0x87FCCCE8)
[Address] SSDT[194] : NtOpenProcess @ 0x8222712F -> HOOKED (Unknown @ 0x87FC2A08)
[Address] SSDT[195] : NtOpenProcessToken @ 0x82207A58 -> HOOKED (Unknown @ 0x87FBDE00)
[Address] SSDT[197] : NtOpenSection @ 0x8221778C -> HOOKED (Unknown @ 0x87FC9FD0)
[Address] SSDT[201] : NtOpenThread @ 0x8222262B -> HOOKED (Unknown @ 0x87FC8A08)
[Address] SSDT[210] : NtProtectVirtualMemory @ 0x822203E2 -> HOOKED (Unknown @ 0x87FC9D40)
[Address] SSDT[282] : NtResumeThread @ 0x82221C4A -> HOOKED (Unknown @ 0x87FBEE10)
[Address] SSDT[289] : NtSetContextThread @ 0x822992CF -> HOOKED (Unknown @ 0x87FB5E88)
[Address] SSDT[305] : NtSetInformationProcess @ 0x8221A9E6 -> HOOKED (Unknown @ 0x87FCDA08)
[Address] SSDT[317] : NtSetSystemInformation @ 0x821ECF1E -> HOOKED (Unknown @ 0x87FC9F18)
[Address] SSDT[330] : NtSuspendProcess @ 0x8229975F -> HOOKED (Unknown @ 0x87FCCC50)
[Address] SSDT[331] : NtSuspendThread @ 0x821A0945 -> HOOKED (Unknown @ 0x87FBEE88)
[Address] SSDT[334] : NtTerminateProcess @ 0x821F716B -> HOOKED (Unknown @ 0x87FBDE38)
[Address] SSDT[335] : unknown @ 0x82222660 -> HOOKED (Unknown @ 0x87FB5E10)
[Address] SSDT[348] : NtUnmapViewOfSection @ 0x82216C57 -> HOOKED (Unknown @ 0x87FB3E00)
[Address] SSDT[358] : NtWriteVirtualMemory @ 0x82213A27 -> HOOKED (Unknown @ 0x87FA5B50)
[Address] SSDT[382] : NtCreateThreadEx @ 0x82222115 -> HOOKED (Unknown @ 0x87FC9C88)
[Address] Shadow SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x88145A80)
[Address] Shadow SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x88136BC8)
[Address] Shadow SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x88136B50)
[Address] Shadow SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88136C40)
[Address] Shadow SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x881459F8)
[Address] Shadow SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x8812DE30)
[Address] Shadow SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x8812DF40)
[Address] Shadow SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8812DEB8)
[Address] Shadow SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8813DDB8)
[Address] Shadow SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x881409D8)
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
::1             localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ST375063 0AS SCSI Disk Device +++++
--- User ---
[MBR] 6fb50c8b825d75bda9b3cca6f5a14d5a
[BSP] 33011a5e6af84273cc2c64e92fc9f6b2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 705339 MB
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1444677255 | Size: 9993 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )
 
Finished : << RKreport[0]_S_05072014_190854.txt >>


#10 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 07 May 2014 - 07:17 PM

I cannot use it right now,because my Dr.Web terminated even disabled to see the situation with reports.

Ok.Try another one:

Download HitmanPro HERE from onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.

 

TDSKiller and RogueKiller just delete.

Thank you!



#11 Cookies79

Cookies79
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 07 May 2014 - 07:45 PM

HitmanPro 3.7.9.216
www.hitmanpro.com
 
   Computer name . . . . : TT-PC
   Windows . . . . . . . : 6.0.2.6002.X86/4
   User name . . . . . . : TT-PC\TT
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-05-07 20:39:27
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 11
 
   Objects scanned . . . : 1,239,476
   Files scanned . . . . : 13,007
   Remnants scanned  . . : 191,334 files / 1,035,135 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\TT\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
      Size . . . . . . . : 3,168,576 bytes
      Age  . . . . . . . : 0.3 days (2014-05-07 13:51:44)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : C219B07C13DE0C45CB0D51CCD6971A389DCEDA316964CCBBF4F87CA60B31D01A
      RSA Key Size . . . : 2048
      Parent Name  . . . : C:\Windows\Explorer.EXE
      Authenticode . . . : Self-signed
      Running processes  : 3020
      Fuzzy  . . . . . . : 26.0
         Program is code self-signed.
         This program is actively listening for inbound network connections.
         Uses the Windows Registry to run each time the user logs on.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
      Startup
         HKU\S-1-5-21-2318246565-2340683352-4026040072-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Amazon Cloud Player
      Network Ports
         127.0.0.1:4750 
      Forensic Cluster
         -1.7s C:\Users\TT\AppData\Local\Amazon Cloud Player\
         -1.7s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\
         -1.7s C:\Users\TT\AppData\Local\Amazon Cloud Player\bass.dll
         -1.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\bass_aac.dll
         -1.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\cd_helper.exe
         -1.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\installerProject.xml
         -1.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\libEGL.dll
         -1.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\bassflac.dll
         -1.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\basswma.dll
         -1.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\bass_alac.dll
         -1.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\am.pak
         -1.4s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\ar.pak
         -1.4s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\bg.pak
         -1.4s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\bn.pak
         -1.4s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\ca.pak
         -1.3s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\cs.pak
         -1.3s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\da.pak
         -1.3s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\de.pak
         -1.3s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\el.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-GB.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\en-US.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\es-419.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\es.pak
         -1.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\et.pak
         -1.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\fa.pak
         -1.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\fi.pak
         -1.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\fil.pak
         -1.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\fr.pak
         -1.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\gu.pak
         -1.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\he.pak
         -1.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\hi.pak
         -1.0s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\hr.pak
         -1.0s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\hu.pak
         -1.0s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\id.pak
         -1.0s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\it.pak
         -1.0s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\ja.pak
         -1.0s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\kn.pak
         -1.0s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\ko.pak
         -1.0s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\lt.pak
         -0.8s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\lv.pak
         -0.8s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\ml.pak
         -0.8s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\mr.pak
         -0.8s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\ms.pak
         -0.7s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\nb.pak
         -0.7s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\nl.pak
         -0.7s C:\Users\TT\AppData\Local\Amazon Cloud Player\buildVariables.properties
         -0.7s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\pl.pak
         -0.7s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\pt-BR.pak
         -0.7s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\pt-PT.pak
         -0.7s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\ro.pak
         -0.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\ru.pak
         -0.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\sk.pak
         -0.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\sl.pak
         -0.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\sr.pak
         -0.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\sv.pak
         -0.4s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\sw.pak
         -0.4s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\ta.pak
         -0.4s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\te.pak
         -0.4s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\th.pak
         -0.4s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\tr.pak
         -0.4s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\uk.pak
         -0.3s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\vi.pak
         -0.3s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\zh-CN.pak
         -0.3s C:\Users\TT\AppData\Local\Amazon Cloud Player\locales\zh-TW.pak
         -0.3s C:\Users\TT\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe
          0.0s C:\Users\TT\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
          0.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\cef.pak
          0.2s C:\Windows\Prefetch\AMAZONCLOUDPLAYERINSTALLER_R2-6783A859.pf
          0.3s C:\Users\TT\AppData\Local\Amazon Cloud Player\d3dcompiler_43.dll
          0.3s C:\Users\TT\AppData\Local\Amazon Cloud Player\d3dx9_43.dll
          0.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\icudt.dll
          0.7s C:\Users\TT\AppData\Local\Amazon Cloud Player\libcef.dll
          1.7s C:\Users\TT\AppData\Local\Amazon Cloud Player\libGLESv2.dll
          1.9s C:\Users\TT\AppData\Local\Amazon Cloud Player\tag.dll
          1.9s C:\Users\TT\AppData\Local\Amazon Cloud Player\tag.dll
          1.9s C:\Users\TT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\
          2.0s C:\Users\TT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Uninstall Amazon Cloud Player.lnk
          6.3s C:\Users\TT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Amazon Cloud Player.lnk
          7.8s C:\Users\TT\AppData\Local\Amazon Cloud Player\Uninstall Amazon Cloud Player.lnk
          8.5s C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf
          8.5s C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf
          8.5s C:\Windows\Prefetch\SCHTASKS.EXE-5CA45734.pf
         11.2s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\
         11.4s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\Artwork Cache\
         11.4s C:\Users\TT\Music\Amazon MP3\
         11.4s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\Artwork Cache\tmp\
         11.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\Logs\
         11.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\
         11.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\Crash Dumps\
         11.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\Crash Dumps\
         11.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\Crash Dumps\
         11.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\Download\
         18.0s C:\Windows\Prefetch\CD_HELPER.EXE-5231F293.pf
         18.3s C:\Users\TT\Desktop\Amazon Cloud Player.lnk
         20.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Uninstall.exe
         20.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Uninstall.exe
         20.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Uninstall.exe
         21.2s C:\Windows\Prefetch\AMAZON MUSIC HELPER.EXE-A54D8368.pf
         21.2s C:\Windows\Prefetch\AMAZON MUSIC HELPER.EXE-A54D8368.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         22.9s C:\Windows\Prefetch\AMAZON CLOUD PLAYER.EXE-48C34877.pf
         25.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\Logs\cef_log.txt
         25.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\Logs\cef_log.txt
         26.9s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\Streaming Cache\
         26.9s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Cookies
         27.0s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Cookies-journal
         28.0s C:\Users\TT\AppData\Local\Amazon Cloud Player\Uninstall.dat
         28.0s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\index
         28.0s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_0
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_1
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_2
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         28.1s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\data_3
         29.5s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\f_000001
         29.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
         30.6s C:\Users\TT\AppData\Local\Amazon Cloud Player\Data\App Cache\Local Storage\https_www.amazon.com_0.localstorage-journal
 
 
Potential Unwanted Programs _________________________________________________
 
   ask.com
   C:\Users\TT\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
 
Cookies _____________________________________________________________________
 
   C:\Users\TT\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\TT\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\TT\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\TT\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\TT\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\TT\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
 
 


#12 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 07 May 2014 - 08:18 PM

May be you use this Amazon cloud player.Do nothing just close HitmanPro.

Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Thank you!



#13 Cookies79

Cookies79
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 07 May 2014 - 08:54 PM

Security Check:  

 

 Results of screen317's Security Check version 0.99.82  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (29.0) 
 Google Chrome 34.0.1847.131  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 10 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
Mini Toolbox:
 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by TT (administrator) on 07-05-2014 at 21:53:05
Running from "C:\Users\TT\Desktop"
Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
::1             localhost
 
127.0.0.1       localhost
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (05/07/2014 08:36:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2014 08:35:38 PM) (Source: Application Virtualization Client) (User: )
Description: {tid=FD4}
Failed to initialize the Application Virtualization Client PerfMon provider (error 0x80070002).
 
Error: (05/07/2014 08:25:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2014 08:24:40 PM) (Source: Application Virtualization Client) (User: )
Description: {tid=C7C}
Failed to initialize the Application Virtualization Client PerfMon provider (error 0x80070002).
 
Error: (05/07/2014 06:48:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2014 06:47:21 PM) (Source: Application Virtualization Client) (User: )
Description: {tid=D30}
Failed to initialize the Application Virtualization Client PerfMon provider (error 0x80070002).
 
Error: (05/07/2014 06:40:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2014 06:39:39 PM) (Source: Application Virtualization Client) (User: )
Description: {tid=BEC}
Failed to initialize the Application Virtualization Client PerfMon provider (error 0x80070002).
 
Error: (05/07/2014 05:59:00 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (05/07/2014 05:52:04 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (05/07/2014 08:37:03 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (05/07/2014 08:35:01 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:33:20 PM on 5/7/2014 was unexpected.
 
Error: (05/07/2014 08:26:04 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (05/07/2014 07:01:53 PM) (Source: DCOM) (User: TT-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}TT-PCTTS-1-5-21-2318246565-2340683352-4026040072-1000LocalHost (Using LRPC)
 
Error: (05/07/2014 06:57:04 PM) (Source: DCOM) (User: TT-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}TT-PCTTS-1-5-21-2318246565-2340683352-4026040072-1000LocalHost (Using LRPC)
 
Error: (05/07/2014 06:53:17 PM) (Source: DCOM) (User: TT-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}TT-PCTTS-1-5-21-2318246565-2340683352-4026040072-1000LocalHost (Using LRPC)
 
Error: (05/07/2014 06:48:44 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (05/07/2014 06:46:58 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:44:24 PM on 5/7/2014 was unexpected.
 
Error: (05/07/2014 06:41:03 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (05/07/2014 05:53:15 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
 
 
Microsoft Office Sessions:
=========================
Error: (05/07/2014 08:36:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2014 08:35:38 PM) (Source: Application Virtualization Client)(User: )
Description: {tid=FD4}
0x80070002
 
Error: (05/07/2014 08:25:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2014 08:24:40 PM) (Source: Application Virtualization Client)(User: )
Description: {tid=C7C}
0x80070002
 
Error: (05/07/2014 06:48:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2014 06:47:21 PM) (Source: Application Virtualization Client)(User: )
Description: {tid=D30}
0x80070002
 
Error: (05/07/2014 06:40:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/07/2014 06:39:39 PM) (Source: Application Virtualization Client)(User: )
Description: {tid=BEC}
0x80070002
 
Error: (05/07/2014 05:59:00 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (05/07/2014 05:52:04 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-07 17:34:20.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-07 17:34:20.895
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-07 17:34:20.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-07 17:34:20.720
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-07 17:34:20.632
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-07 17:34:20.515
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-07 17:34:20.222
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-07 17:34:20.132
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-07 17:34:20.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-07 17:34:19.969
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 48%
Total physical RAM: 3068.57 MB
Available physical RAM: 1578.77 MB
Total Pagefile: 6346.17 MB
Available Pagefile: 5079.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.25 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:688.81 GB) (Free:595.46 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\TT-PC
 
Administrator            Guest                    TT                       
 
 
**** End of log ****


#14 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:41 PM

Posted 09 May 2014 - 11:50 AM

Hallo Cookies79!

Sorry I did not replied yesterday.

Please download Emsisoft Emergency Kit HERE onto your desktop.
Start the application.It will be extracted in C:\EEK
A window will appear.Select first option Emergency Kit Scanner.Choose to update and to detect PUPs.
From left panel choose Scan Pc and after that Deep Scan.

It has a definition for this thread.

I do not see listed applications in log of Minitoolbox.

Thank you!



#15 Cookies79

Cookies79
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 09 May 2014 - 01:18 PM

Is there any log or anything that I need to post after running this?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users