Another Trojan.Dropper.BCMiner

Kojihama · July 30, 2012

hey guys,

Yep, i'm another sucker who picked up Trojan.Dropper.BCMiner. Any help to remove this would be appreciated. I've attached the two DDS log files.

Thanks in advance

DDS.txt

Attach.txt

Kojihama · July 30, 2012

Reading through the other threads most recommended running rogue killer and posting the report. I've followed those instructions and have posted them here too. I hope it helps speed the process up.

RKreport1.txt

Maniac · July 30, 2012

Hello Kojihama and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall the following application: µTorrent

Step 2

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Kojihama · July 30, 2012

Hi Maniac,

Thanks for the quick response. Here's the output of OTL as requested.

OTL Extras logfile created on: 30/07/2012 9:47:05 PM - Run 1

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Kin\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 6.90 Gb Available Physical Memory | 86.55% Memory free

15.95 Gb Paging File | 15.07 Gb Available in Paging File | 94.50% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 119.14 Gb Total Space | 48.02 Gb Free Space | 40.31% Space Free | Partition Type: NTFS

Drive D: | 698.63 Gb Total Space | 516.25 Gb Free Space | 73.89% Space Free | Partition Type: NTFS

Drive E: | 1863.01 Gb Total Space | 475.42 Gb Free Space | 25.52% Space Free | Partition Type: NTFS

Drive G: | 195.31 Gb Total Space | 145.78 Gb Free Space | 74.64% Space Free | Partition Type: NTFS

Drive H: | 1472.39 Gb Total Space | 351.63 Gb Free Space | 23.88% Space Free | Partition Type: NTFS

Drive I: | 195.31 Gb Total Space | 134.65 Gb Free Space | 68.94% Space Free | Partition Type: NTFS

Computer Name: PNEUMA | User Name: Kin | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-598640673-2728543615-492696790-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel® Network Connections 15.6.25.0

"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59

"doPDF 7 printer_is1" = doPDF 7.2 printer

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"PROSetDX" = Intel® Network Connections 15.6.25.0

"sp6" = Logitech SetPoint 6.32

"TeraCopy_is1" = TeraCopy 2.27

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver

"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53744FB0-7D1E-4572-B544-C230E6D23E2C}" = Razer BlackWidow

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{9013B370-99D4-404B-9DB9-779B51CEB5FF}" = LeapFrog My Pals Plugin

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver

"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect

"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AudioCS" = Creative Audio Control Panel

"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition

"DAEMON Tools Lite" = DAEMON Tools Lite

"Diablo III" = Diablo III

"ENTERPRISE" = Microsoft Office Enterprise 2007

"FileZilla Client" = FileZilla Client 3.5.2

"iiUsage_is1" = iiUsage 1.2.2

"MagniDriver" = marvell 91xx driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MusicBrainz Picard" = MusicBrainz Picard

"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Steam App 105600" = Terraria

"Steam App 41500" = Torchlight

"Steam App 58520" = Blood Bowl: Legendary Edition

"Steam App 65800" = Dungeon Defenders

"Steam App 99300" = Renegade Ops

"UPCShell" = LeapFrog Connect

"VLC media player" = VLC media player 2.0.1

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 13/06/2012 1:05:35 PM | Computer Name = pneuma | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 22/06/2012 3:35:22 AM | Computer Name = pneuma | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version:

11.3.300.257, time stamp: 0x4fc82063 Faulting module name: NPSWF32_11_3_300_257.dll,

version: 11.3.300.257, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:

0x000ccb60 Faulting process id: 0xac Faulting application start time: 0x01cd50396bed249b

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Report

Id: d2737ef4-bc3c-11e1-b68b-14dae9d3d784

Error - 25/06/2012 9:57:52 AM | Computer Name = pneuma | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version:

11.3.300.257, time stamp: 0x4fc82063 Faulting module name: NPSWF32_11_3_300_257.dll,

version: 11.3.300.257, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:

0x000ccb60 Faulting process id: 0x1318 Faulting application start time: 0x01cd52d9f4b5a1a9

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Report

Id: c133df83-becd-11e1-a6d8-14dae9d3d784

Error - 25/06/2012 9:59:44 AM | Computer Name = pneuma | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version:

11.3.300.257, time stamp: 0x4fc82063 Faulting module name: NPSWF32_11_3_300_257.dll,

version: 11.3.300.257, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:

0x0016b4bd Faulting process id: 0x5b4 Faulting application start time: 0x01cd52da85fd7561

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Report

Id: 041db0a0-bece-11e1-a6d8-14dae9d3d784

Error - 26/06/2012 4:31:25 AM | Computer Name = pneuma | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version:

11.3.300.257, time stamp: 0x4fc82063 Faulting module name: NPSWF32_11_3_300_257.dll,

version: 11.3.300.257, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:

0x000ccb60 Faulting process id: 0x7c4 Faulting application start time: 0x01cd5375e5f6d0a4

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Report

Id: 508d8b09-bf69-11e1-a6d8-14dae9d3d784

Error - 26/06/2012 9:45:31 AM | Computer Name = pneuma | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version:

11.3.300.257, time stamp: 0x4fc82063 Faulting module name: NPSWF32_11_3_300_257.dll,

version: 11.3.300.257, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:

0x000ccb60 Faulting process id: 0xd68 Faulting application start time: 0x01cd539fb04cab23

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Report

Id: 319c3539-bf95-11e1-a6d8-14dae9d3d784

Error - 29/06/2012 11:43:59 PM | Computer Name = pneuma | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version:

11.3.300.257, time stamp: 0x4fc82063 Faulting module name: NPSWF32_11_3_300_257.dll,

version: 11.3.300.257, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:

0x0016b4a9 Faulting process id: 0x6e8 Faulting application start time: 0x01cd567249863d1c

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Report

Id: d2baf866-c265-11e1-a510-14dae9d3d784

Error - 1/07/2012 5:07:02 AM | Computer Name = pneuma | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 13.0.1.4548 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: b8c Start

Time: 01cd572e1d249743 Termination Time: 70 Application Path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Report Id: 1ddab18c-c35c-11e1-a510-14dae9d3d784

Error - 1/07/2012 5:13:50 AM | Computer Name = pneuma | Source = Application Error | ID = 1000

Description = Faulting application name: FlashPlayerPlugin_11_3_300_257.exe, version:

11.3.300.257, time stamp: 0x4fc82063 Faulting module name: NPSWF32_11_3_300_257.dll,

version: 11.3.300.257, time stamp: 0x4fc821fc Exception code: 0xc0000005 Fault offset:

0x000ccb60 Faulting process id: 0xae4 Faulting application start time: 0x01cd5768e2abd43d

Faulting

application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

Faulting

module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll Report

Id: 1203326a-c35d-11e1-a510-14dae9d3d784

Error - 22/07/2012 2:06:17 AM | Computer Name = pneuma | Source = Application Hang | ID = 1002

Description = The program iTunes.exe version 10.5.2.11 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: b40 Start

Time: 01cd678a7d3692a1 Termination Time: 39 Application Path: C:\Program Files (x86)\iTunes\iTunes.exe

Report

Id:

[ System Events ]

Error - 22/06/2012 4:55:10 AM | Computer Name = pneuma | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

Error - 22/06/2012 4:55:40 AM | Computer Name = pneuma | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Windows Media Player Network

Sharing Service service, but this action failed with the following error: %%1056

Error - 22/06/2012 4:59:52 AM | Computer Name = pneuma | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 2 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

Error - 22/06/2012 5:00:22 AM | Computer Name = pneuma | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Windows Media Player Network

Sharing Service service, but this action failed with the following error: %%1056

Error - 22/06/2012 3:50:13 PM | Computer Name = pneuma | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 23/06/2012 3:14:53 PM | Computer Name = pneuma | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 25/06/2012 2:36:31 AM | Computer Name = pneuma | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 27/06/2012 9:37:21 PM | Computer Name = pneuma | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 28/06/2012 4:07:03 PM | Computer Name = pneuma | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 29/06/2012 5:54:58 PM | Computer Name = pneuma | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

< End of report >

OTL logfile created on: 30/07/2012 9:47:05 PM - Run 1