What happened here?

Cazoob · June 26, 2012

While I was watching a netflix video, my computer suddenly shut off with no warning. Upon restarting it, a message came up that several bluetooth items had been installed (I wish I had written down the exact wording of the installation message). I don't want and didn't give permission for this to happen. I looked at system restore points, but it claimed that nothing was there to uninstall since the last windows update. I also don't see anything with bluetooth in the name in devices or installed programs.

So far my system is operating normally as far as I can tell, and I updated and ran Malwarebytes. It found nothing.

Larusso · June 27, 2012

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Download OTL to your Desktop.

Double click on the icon to run it.
Under the box paste this in


activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT

Make sure all other windows are closed to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

Larusso · July 2, 2012

Hy there

If I don't hear from you within 24 hours, this topic will be closed.

Cazoob · July 3, 2012

Hy there
If I don't hear from you within 24 hours, this topic will be closed.

Hi, I am hesitant to download an executable file.

Cazoob · July 3, 2012

Hy
my name is Daniel and I will be assisting you with your Malware related problems.
Before we move on, please read the following points carefully.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Download OTL to your Desktop.
Double click on the icon to run it.
Under the box paste this in
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT
Make sure all other windows are closed to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please post both logfiles in your next reply.

Alright:

OTL Extras logfile created on: 7/3/2012 2:07:23 AM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\parrotperson\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 36.82% Memory free

5.86 Gb Paging File | 1.47 Gb Available in Paging File | 25.18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288.75 Gb Total Space | 219.48 Gb Free Space | 76.01% Space Free | Partition Type: NTFS

Computer Name: NESTFEATHER | User Name: parrotperson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0C6F0205-DDA8-4119-AF64-0DCB7504F1BE}" = rport=137 | protocol=17 | dir=out | app=system |

"{19A7A348-0772-47CD-AD24-61CC675FF74B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1EE54D37-4F8C-4EEC-85FA-FAD264F91D86}" = lport=10243 | protocol=6 | dir=in | app=system |

"{2926ABFE-4A98-4978-9E14-1E25C6F6110F}" = rport=139 | protocol=6 | dir=out | app=system |

"{3CE393CF-859F-47EB-8130-5C7DA686541A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{3D9FFEB9-96A2-4452-821C-F1088EC35243}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4450B6D5-F3FE-440C-BE28-6F48D25F01C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{45A99007-DDDA-40FC-A2A7-5FF91F06D814}" = lport=138 | protocol=17 | dir=in | app=system |

"{493A9A17-89CE-4246-90BA-00E1C4FC01BA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5493B917-1680-4428-B0D9-456DAC7538F7}" = rport=445 | protocol=6 | dir=out | app=system |

"{79714CA2-983B-4379-864D-948290C03D47}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{903C8D63-35E7-42A8-9C15-6E6849DE5BB8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{986CC0F2-B2F5-4FE9-8537-BD3565115145}" = lport=445 | protocol=6 | dir=in | app=system |

"{A9213B55-AD9E-475E-810C-FC5AF3257B42}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{AB957667-9A99-4260-9700-D63FB6CE6D41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B4184436-7710-418F-B488-D82927836741}" = rport=138 | protocol=17 | dir=out | app=system |

"{BB6F247F-1FDC-40F8-AF3A-E10B6CCAC48F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C3E3E882-D18E-457A-8FC0-304FD9FA6AB9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C6CE0739-7DF1-474E-8B30-92F65C45323E}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C6E4F5F4-B4A2-4A83-8202-C46144C723C4}" = lport=139 | protocol=6 | dir=in | app=system |

"{D390CEE7-B9FA-418B-BCF1-FD57129ABE37}" = lport=137 | protocol=17 | dir=in | app=system |

"{D8E6E611-CB02-431A-9F33-F2A8DD95CE37}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{DCC93749-3126-45E3-B6A6-CB723A5BB20D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E01C4DC9-5ADC-49B8-AAEA-122565F8C0B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{E4D917F1-4352-41B8-B56B-9C1FB4E12C8C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{F3922C3A-6603-4D3A-BB83-58D41F8423F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{118CD87E-8DAB-44CD-A6F2-AF8F2C1537B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{12990BEF-4455-4E0A-8629-68D175A55B9C}" = protocol=6 | dir=out | app=system |

"{18A5B61F-1D47-4F57-B3A4-62174743B554}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{1E34253A-67DA-44C8-81EE-B6D223ACC2C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{2C6B91D8-16DA-449C-B74E-6BF93A8D768D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{398B0C95-BB2D-453F-8B62-6196E07254C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4F1158C2-5838-4D58-B9E7-6A782F5BF8F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4F4BBDA7-EAE9-4CFC-B851-F1B2E4D9D814}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{50074691-0911-493A-8733-6DF3F2F1A6FA}" = protocol=17 | dir=in | app=c:\program files\crashplan\crashplanservice.exe |

"{51A08C84-76F5-4B34-89E9-BCDEB095CDD5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{52EB4267-74D5-4B6A-B15D-DAF5C385D9CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{561CF48F-47F8-463E-A975-FBDC211430D2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{59048D4F-6071-4084-AE1F-B22F3A8A21BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{643E155C-AC85-447D-B0DE-4D4017039DC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6625FD9F-0C88-4D9B-8C8E-446A62696D39}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{72079C49-16CC-45E0-9100-71FAB2B590C1}" = protocol=6 | dir=in | app=c:\program files\crashplan\crashplanservice.exe |

"{873EC42D-14DB-44E9-8606-A4611C66FF97}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{889E401B-D909-4084-ACAA-0E2D613A4C31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{92A70C50-835F-46DE-A3CF-A8E3BAF810B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9BE54E86-8C34-469B-9E10-E7AC7ABFAC09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A4AC4307-963F-49FF-AD09-119DC40D647A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D0B293AE-78E4-49ED-9ABB-A578F506B840}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{E6FE09E4-2229-458B-AF55-D01C953EE850}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{EFE65212-FB4C-4D1A-8EA7-ADC93871F98A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"TCP Query User{11E66548-DD74-4E35-A85C-0DD3FD3B4E55}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{539F3901-D031-4167-8A3C-0E40916E0BCF}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{C28C8447-0D79-4F15-B7DE-1114695C9E82}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

"UDP Query User{13889A1C-B5C3-4AA6-9F99-A5D49C8EA57C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{5644D422-FD4B-4AB7-8561-403EA7AE3B8C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{775D6F62-4CE7-47F9-9B75-5A7217C8B512}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers

"{16AAFF18-00FC-4D78-AF21-E97B6DF15422}" = Xtranormal State - Voicepack-British-Lucy22k

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2149FA24-7AD5-4412-89A5-034C9A9710BB}" = CrashPlan

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 5

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3622C71B-6FD9-4ED8-A07B-99B50AA5C0DE}" = Xtranormal State - Showpak-FM

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E286237-C618-4DE6-98B2-0E96DBF01250}" = Xtranormal State - Voicepack-USEnglish-Ryan22k

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007

"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{99718668-A364-4BD6-B7C6-F1A30D5F2D8C}" = Xtranormal State - Voicepack-USEnglish-Heather22k

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{A0BA5AAC-CA61-4C71-9A29-FDF521296225}" = Xtranormal State - SoundPack-Starter Kit

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A54BF015-5D88-458D-9ECE-4DDA82A589EC}" = Xtranormal State - Voicepack-British-Graham22k

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A95168B6-7BAA-471C-937B-3BAE8DC3D9F2}" = Xtranormal State

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5A32BDB-81BC-4D25-89DF-65C5A0DD8FE0}" = Xtranormal State - Showpak-SUT

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"CameraUserGuide-PSSD1400IS_IXUS130" = Canon PowerShot SD1400 IS_IXUS 130 Camera User Guide

"CameraWindowDC8" = Canon Utilities CameraWindow DC 8

"CameraWindowLauncher" = Canon Utilities CameraWindow

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"Dell Webcam Central" = Dell Webcam Central

"DW WLAN Card Utility" = DW WLAN Card Utility

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"FileZilla Client" = FileZilla Client 3.5.3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1

"MyCamera" = Canon Utilities MyCamera

"Personal Printing Guide" = Canon Personal Printing Guide

"PhotoStitch" = Canon Utilities PhotoStitch

"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide

"ST6UNST #1" = WinCity Massage Soap Notes (60-day Trial)

"STANDARDR" = Microsoft Office Standard 2007

"SynTPDeinstKey" = Dell Touchpad

"Winamp" = Winamp

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Google Chrome SxS" = Google Chrome Canary

"Winamp Detect" = Winamp Detector Plug-in

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/17/2012 1:53:29 PM | Computer Name = NestFeather | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

of binary Symantec Network Security WFP Driver. System Error: The system cannot find

the file specified. .

Error - 1/17/2012 4:00:33 PM | Computer Name = NestFeather | Source = .NET Runtime | ID = 1023

Description =

Error - 1/17/2012 4:00:35 PM | Computer Name = NestFeather | Source = Application Error | ID = 1000

Description = Faulting application name: plugin-container.exe, version: 1.9.2.4232,

time stamp: 0x4e39c2c8 Faulting module name: coreclr.dll, version: 4.0.60831.0,

time stamp: 0x4e5d6c64 Exception code: 0x8013150a Fault offset: 0x0013d2a6 Faulting

process id: 0xecc Faulting application start time: 0x01ccd3544a83c15b Faulting application

path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:

c:\Program Files\Microsoft Silverlight\4.0.60831.0\coreclr.dll Report Id: eaac0435-4145-11e1-91f6-c0cb38cb4c76

Error - 1/21/2012 2:41:12 AM | Computer Name = NestFeather | Source = VSS | ID = 12294

Description =

Error - 2/2/2012 3:53:14 AM | Computer Name = NestFeather | Source = .NET Runtime | ID = 1023

Description =

Error - 2/2/2012 3:53:16 AM | Computer Name = NestFeather | Source = Application Error | ID = 1000

Description = Faulting application name: plugin-container.exe, version: 9.0.1.4371,

time stamp: 0x4ef15e07 Faulting module name: coreclr.dll, version: 4.0.60831.0,

time stamp: 0x4e5d6c64 Exception code: 0x8013150a Fault offset: 0x0013d2a6 Faulting

process id: 0x2c68 Faulting application start time: 0x01cce15cd40b9a20 Faulting application

path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:

c:\Program Files\Microsoft Silverlight\4.0.60831.0\coreclr.dll Report Id: f6c755bd-4d72-11e1-8552-f04da2cc08b2

Error - 2/2/2012 7:00:21 AM | Computer Name = NestFeather | Source = VSS | ID = 12294

Description =

Error - 2/6/2012 6:33:37 PM | Computer Name = NestFeather | Source = VSS | ID = 12294

Description =

Error - 4/14/2012 2:20:46 AM | Computer Name = NestFeather | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 418 Start

Time: 01cd1a06a72a2ec7 Termination Time: 23 Application Path: C:\Program Files\Internet

Explorer\iexplore.exe Report Id:

Error - 5/2/2012 7:02:46 PM | Computer Name = NestFeather | Source = Application Error | ID = 1000

Description = Faulting application name: winamp.exe, version: 5.6.1.3133, time stamp:

0x4d88ec8b Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp:

0x4dace5b9 Exception code: 0xc0000417 Fault offset: 0x0002fc96 Faulting process id:

0x3a34 Faulting application start time: 0x01cd28b313ef82d5 Faulting application path:

C:\Program Files\Winamp\winamp.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

Report

Id: edc6f499-94aa-11e1-acec-f04da2cc08b2

[ System Events ]

Error - 2/16/2012 5:08:46 PM | Computer Name = NestFeather | Source = BTHUSB | ID = 327697

Description = The local Bluetooth adapter has failed in an undetermined manner and