Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bios / Dos Acpi Rootkit and really do need some help!


  • This topic is locked This topic is locked
4 replies to this topic

#1 freestylers

freestylers

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 28 September 2015 - 03:25 AM

Hi, I have been having this rootkit problem for a while now and just cant get to the bottom of it, I have been trying to get the disk zero and a clean install for ages now but every time every boot on a few defferent computer its doing the same, loaded up something totally different from the source, and upon looking at it further its loading up this winre.wim from boot and wanting socking connection for stream and same for booing into linux too ond on android phone. And am guessing its some kind of hardware base Dos/bios ACPI rootkit and calling INT13 , INT21 buring boot? well actually i did discover a ext2 filesysystem in dos and This is a fresh window install hours ago and I did know the issue from the start of the install but had no other option but to carry on like how this rootkit planned coz it will just fail the installation everytime i done anything. As far as i know socket stream is bit by bit so am going to have to leave this short. And here are the logs + few more info from the install. Thanks so much for helping and Standing by.

 

also here is the html code i get from my browser loading this page thanks

Attached Files


Edited by freestylers, 28 September 2015 - 03:43 AM.


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,042 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:54 AM

Posted 29 September 2015 - 12:19 PM

Please post all logs directly into the thread rather than attaching them. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 freestylers

freestylers
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:54 PM

Posted 30 September 2015 - 12:00 PM

hi sorry for the delay of posting, it just that i have been try to log in for the pass few days but no matter what i have either been redirected or no access to the site

anyway here are the logs from FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
Ran by SUCKmeBELLEND (administrator) on SUCKMYBELLEND (27-09-2015 05:21:05)
Running from C:\Users\SUCKmeBELLEND\Desktop
Loaded Profiles: SUCKmeBELLEND (Available Profiles: SUCKmeBELLEND)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
() C:\ProgramData\DataCardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
() C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-328995683-1431291510-901328468-1000\...\MountPoints2: {1465a189-feb2-11d5-92de-a8b273bab687} - G:\AutoRun.exe
HKU\S-1-5-21-328995683-1431291510-901328468-1000\...\MountPoints2: {1465a1a3-feb2-11d5-92de-a8b273bab687} - G:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Internet Explorer:
==================
HKU\S-1-5-21-328995683-1431291510-901328468-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-328995683-1431291510-901328468-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [351824 2013-10-27] ()
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [651856 2013-10-26] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys 91CE0D3DC57DD377E690A2D324022B08
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 7230F4CF9F20DCD1DBF4BB3296EEED68
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jubusenum.sys 6196072AB259D45261619FA1230D6E1A
C:\Windows\System32\DRIVERS\ewusbmdm.sys 4216386DA9622C9AD330AA749C1E6517
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys FAF015B07E3A2874A790A39B7D2C579F
C:\Windows\System32\DRIVERS\mrxsmb10.sys 08E2345DF129082BCDFFDC1440F9C00D
C:\Windows\System32\DRIVERS\mrxsmb20.sys 108D87409C5812EF47D81E22843E8C9D
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7D
C:\Windows\system32\drivers\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2098B8556D1CEC2ACA9A29CD479E3692
C:\Windows\System32\DRIVERS\srv2.sys D0F73A42040F21F92FD314B42AC5C9E7
C:\Windows\System32\DRIVERS\srvnet.sys 2BA8F3250828CCDB4204ECF2C6F40B6A
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 05:19 - 2015-09-27 05:19 - 00019593 _____ C:\Users\SUCKmeBELLEND\Desktop\Addition.txt
2015-09-27 05:19 - 2015-09-27 05:19 - 00017328 _____ C:\Users\SUCKmeBELLEND\Desktop\Shortcut.txt
2015-09-27 05:18 - 2015-09-27 05:21 - 00017000 _____ C:\Users\SUCKmeBELLEND\Desktop\FRST.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-27 05:21 - 2002-01-01 06:10 - 00000000 ____D C:\FRST

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device unknown
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {1ca68c9a-6370-11e5-b011-b7d372ecb187}
displayorder {current}
{1ca68c97-6370-11e5-b011-b7d372ecb187}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {1ca68c97-6370-11e5-b011-b7d372ecb187}
device unknown
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {1ca68c98-6370-11e5-b011-b7d372ecb187}
recoveryenabled Yes
osdevice unknown
systemroot \Windows
resumeobject {1ca68c96-6370-11e5-b011-b7d372ecb187}
nx OptIn

Windows Boot Loader
-------------------
identifier {1ca68c98-6370-11e5-b011-b7d372ecb187}

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {1ca68c9c-6370-11e5-b011-b7d372ecb187}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {1ca68c9a-6370-11e5-b011-b7d372ecb187}
nx OptIn

Windows Boot Loader
-------------------
identifier {1ca68c9c-6370-11e5-b011-b7d372ecb187}
device ramdisk=[C:]\Recovery\1ca68c9c-6370-11e5-b011-b7d372ecb187\Winre.wim,{1ca68c9d-6370-11e5-b011-b7d372ecb187}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\1ca68c9c-6370-11e5-b011-b7d372ecb187\Winre.wim,{1ca68c9d-6370-11e5-b011-b7d372ecb187}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {1ca68c96-6370-11e5-b011-b7d372ecb187}
device unknown
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice unknown
filepath \hiberfil.sys
debugoptionenabled No

Resume from Hibernate
---------------------
identifier {1ca68c9a-6370-11e5-b011-b7d372ecb187}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device unknown
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {1ca68c99-6370-11e5-b011-b7d372ecb187}
description Ramdisk Options
ramdisksdidevice unknown
ramdisksdipath \Recovery\1ca68c98-6370-11e5-b011-b7d372ecb187\boot.sdi

Device options
--------------
identifier {1ca68c9d-6370-11e5-b011S-b7d372ecb187}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\1ca68c9c-6370-11e5-b011-b7d372ecb187\boot.sdi



LastRegBack: 2002-01-01 05:16

==================== End of FRST.txt ============================

SHORTCUT.TXT FROM FRST SCAN

Users shortcut scan result (x64) Version:27-09-2015 01

Ran by SUCKmeBELLEND (2015-09-27 05:22:03)

Running from C:\Users\SUCKmeBELLEND\Desktop

Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner\Mobile Partner.lnk -> C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner\Uninstall.lnk -> C:\Program Files (x86)\Mobile Partner\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Mobile Partner.lnk -> C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe ()
Shortcut: C:\Users\SUCKmeBELLEND\Links\Desktop.lnk -> C:\Users\SUCKmeBELLEND\Desktop ()
Shortcut: C:\Users\SUCKmeBELLEND\Links\Downloads.lnk -> C:\Users\SUCKmeBELLEND\Downloads ()
Shortcut: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1


InternetURL: C:\Users\SUCKmeBELLEND\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\SUCKmeBELLEND\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

==================== End of Shortcut.txt =============================


ADDITION.TXT FROM FRST

Type=07 NTFS)


==================== End of Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by SUCKmeBELLEND (2015-09-27 05:21:49)
Running from C:\Users\SUCKmeBELLEND\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2002-01-01 12:24:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-328995683-1431291510-901328468-500 - Administrator - Disabled)
Guest (S-1-5-21-328995683-1431291510-901328468-501 - Limited - Disabled)
SUCKmeBELLEND (S-1-5-21-328995683-1431291510-901328468-1000 - Administrator - Enabled) => C:\Users\SUCKmeBELLEND

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.015.02.00.03 - Huawei Technologies Co.,Ltd)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

01-01-2002 05:29:14 Windows Backup
01-01-2002 05:31:55 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2013-10-27 19:02 - 2013-10-27 19:02 - 00351824 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2002-01-01 05:56 - 2013-10-26 02:45 - 00651856 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2002-01-01 05:58 - 2013-10-28 01:26 - 00515072 _____ () C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
2002-01-01 05:56 - 2013-08-30 22:44 - 02417152 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2002-01-01 05:56 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2002-01-01 05:56 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2002-01-01 05:56 - 2013-08-30 22:46 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00529408 _____ () C:\Program Files (x86)\Mobile Partner\core.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00288768 _____ () C:\Program Files (x86)\Mobile Partner\sdk.dll
2002-01-01 05:58 - 2013-08-30 22:44 - 02417152 _____ () C:\Program Files (x86)\Mobile Partner\QtCore4.dll
2002-01-01 05:58 - 2009-01-10 11:32 - 00011362 _____ () C:\Program Files (x86)\Mobile Partner\mingwm10.dll
2002-01-01 05:58 - 2009-06-22 19:42 - 00043008 _____ () C:\Program Files (x86)\Mobile Partner\libgcc_s_dw2-1.dll
2002-01-01 05:58 - 2013-08-30 22:59 - 09559040 _____ () C:\Program Files (x86)\Mobile Partner\QtGui4.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00407552 _____ () C:\Program Files (x86)\Mobile Partner\Proxy.DLL
2002-01-01 05:58 - 2013-10-28 01:24 - 00628224 _____ () C:\Program Files (x86)\Mobile Partner\Common.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00157696 _____ () C:\Program Files (x86)\Mobile Partner\Trace.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00583168 _____ () C:\Program Files (x86)\Mobile Partner\PluginContainer.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00646144 _____ () C:\Program Files (x86)\Mobile Partner\AtCodec.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00730112 _____ () C:\Program Files (x86)\Mobile Partner\DeviceSrvPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00195584 _____ () C:\Program Files (x86)\Mobile Partner\XCodec.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00253952 _____ () C:\Program Files (x86)\Mobile Partner\NetSrvPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00166912 _____ () C:\Program Files (x86)\Mobile Partner\OSDialup.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00155136 _____ () C:\Program Files (x86)\Mobile Partner\DataServicePlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00177152 _____ () C:\Program Files (x86)\Mobile Partner\CallSrvPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00672768 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookSrvPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00220160 _____ () C:\Program Files (x86)\Mobile Partner\SmsSrvPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00142336 _____ () C:\Program Files (x86)\Mobile Partner\USSDSrvPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00157184 _____ () C:\Program Files (x86)\Mobile Partner\STKSrvPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00731136 _____ () C:\Program Files (x86)\Mobile Partner\DeviceAppPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00065536 _____ () C:\Program Files (x86)\Mobile Partner\OSPowerMgr.dll
2002-01-01 05:58 - 2013-06-07 20:46 - 00155648 _____ () C:\Program Files (x86)\Mobile Partner\Win7Support.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 01124352 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00704000 _____ () C:\Program Files (x86)\Mobile Partner\SmsAppPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00187392 _____ () C:\Program Files (x86)\Mobile Partner\CallAppPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00569344 _____ () C:\Program Files (x86)\Mobile Partner\CallLogSrvPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00158720 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectSrvPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00236032 _____ () C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00102400 _____ () C:\Program Files (x86)\Mobile Partner\OSAdapt.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00201728 _____ () C:\Program Files (x86)\Mobile Partner\NDISPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00131584 _____ () C:\Program Files (x86)\Mobile Partner\OSNDIS.dll
2002-01-01 05:58 - 2013-10-15 05:16 - 01146880 _____ () C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00702464 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoSrvPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00062976 _____ () C:\Program Files (x86)\Mobile Partner\OSCall.dll
2002-01-01 05:58 - 2013-06-07 20:46 - 00224256 _____ () C:\Program Files (x86)\Mobile Partner\tdpcvoice.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00581120 _____ () C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
2002-01-01 05:58 - 2013-08-30 22:44 - 00398336 _____ () C:\Program Files (x86)\Mobile Partner\QtXml4.dll
2002-01-01 05:58 - 2013-10-28 01:24 - 00168960 _____ () C:\Program Files (x86)\Mobile Partner\ATR2SMgr.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00270848 _____ () C:\Program Files (x86)\Mobile Partner\XFramePlugin.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00323072 _____ () C:\Program Files (x86)\Mobile Partner\StatusBarMgrPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00394240 _____ () C:\Program Files (x86)\Mobile Partner\NetConnectPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00097792 _____ () C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00599040 _____ () C:\Program Files (x86)\Mobile Partner\DialupUIPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00117248 _____ () C:\Program Files (x86)\Mobile Partner\LayoutPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:26 - 00119296 _____ () C:\Program Files (x86)\Mobile Partner\ConnectMgrUIPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00338944 _____ () C:\Program Files (x86)\Mobile Partner\MenuMgrPlugin.dll
2002-01-01 05:58 - 2013-08-30 22:46 - 01148416 _____ () C:\Program Files (x86)\Mobile Partner\QtNetwork4.dll
2002-01-01 05:58 - 2013-10-28 01:26 - 00303616 _____ () C:\Program Files (x86)\Mobile Partner\DiagnosisPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:26 - 00493568 _____ () C:\Program Files (x86)\Mobile Partner\NetInfoUIExPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00855552 _____ () C:\Program Files (x86)\Mobile Partner\SMSUIPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00819712 _____ () C:\Program Files (x86)\Mobile Partner\AddrBookUIPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00219648 _____ () C:\Program Files (x86)\Mobile Partner\ToolBarMgrPlugin.dll
2002-01-01 05:58 - 2013-10-26 02:08 - 00692224 _____ () C:\Program Files (x86)\Mobile Partner\LiveUpdateInterface.DLL
2002-01-01 05:58 - 2013-06-07 20:45 - 00082944 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qgif4.dll
2002-01-01 05:58 - 2013-06-07 20:45 - 00081920 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qico4.dll
2002-01-01 05:58 - 2013-06-07 20:45 - 00192000 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qjpeg4.dll
2002-01-01 05:58 - 2013-06-07 20:45 - 00350720 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qmng4.dll
2002-01-01 05:58 - 2013-06-07 20:45 - 00370176 _____ () C:\Program Files (x86)\Mobile Partner\plugins\imageformats\qtiff4.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00149504 _____ () C:\Program Files (x86)\Mobile Partner\SettingUIPlugin.dll
2002-01-01 05:58 - 2013-10-28 01:25 - 00574976 _____ () C:\Program Files (x86)\Mobile Partner\NetSettingPlugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-328995683-1431291510-901328468-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SUCKmeBELLEND\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Faulty Device Manager Devices =============

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2002 06:07:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/01/2002 06:07:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/01/2002 06:07:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/01/2002 06:07:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/01/2002 06:07:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/01/2002 06:07:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/01/2002 06:07:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/01/2002 06:07:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/01/2002 06:07:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/01/2002 06:07:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (01/01/2002 05:59:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error:
%%1053

Error: (01/01/2002 05:59:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.

Error: (01/01/2002 05:59:12 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Mobile Partner. OUC service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/01/2002 05:58:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The HWDeviceService64.exe service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/01/2002 05:56:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Partner. OUC service failed to start due to the following error:
%%1053

Error: (01/01/2002 05:56:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Mobile Partner. OUC service to connect.

Error: (01/01/2002 05:56:42 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Mobile Partner. OUC service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/01/2002 05:56:27 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The HWDeviceService64.exe service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/01/2002 05:19:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%-2147024882


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 82%
Total physical RAM: 759.12 MB
Available physical RAM: 134.09 MB
Total Virtual: 1783.12 MB
Available Virtual: 939.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:223.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2F2845AE)
Partition 1: (Not Active) - (Size=232.9 GB) - ( .txt ===========================


i also found this on the disk somewhere aftre the install and i guess this is whats been loaded into windows firewall?


Name Group Profile Enabled Action Override Program Local Address Remote Address Protocol Local Port Remote Port Allowed Users Allowed Computers

Connect to a Network Projector (TCP-In) Connect to a Network Projector Private, Public No Allow No %SystemRoot%\system32\netproj.exe Any Local subnet TCP Any Any Any Any
Connect to a Network Projector (TCP-In) Connect to a Network Projector Domain No Allow No %SystemRoot%\system32\netproj.exe Any Any TCP Any Any Any Any
Connect to a Network Projector (WSD Events-In) Connect to a Network Projector Private, Public No Allow No System Any Local subnet TCP 5357 Any Any Any
Connect to a Network Projector (WSD Events-In) Connect to a Network Projector Domain No Allow No System Any Any TCP 5357 Any Any Any
Connect to a Network Projector (WSD EventsSecure-In) Connect to a Network Projector Private, Public No Allow No System Any Local subnet TCP 5358 Any Any Any
Connect to a Network Projector (WSD EventsSecure-In) Connect to a Network Projector Domain No Allow No System Any Any TCP 5358 Any Any Any
Connect to a Network Projector (WSD-In) Connect to a Network Projector All No Allow No %SystemRoot%\system32\netproj.exe Any Local subnet UDP 3702 Any Any Any
Core Networking - Destination Unreachable (ICMPv6-In) Core Networking All Yes Block No System Any Any ICMPv6 Any Any Any Any
Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In) Core Networking All Yes Block No System Any Any ICMPv4 Any Any Any Any
Core Networking - Dynamic Host Configuration Protocol (DHCP-In) Core Networking All Yes Block No %SystemRoot%\system32\svchost.exe Any Any UDP 68 67 Any Any
Core Networking - Dynamic Host Configuration Protocol for IPv6(DHCPV6-In) Core Networking All Yes Block No %SystemRoot%\system32\svchost.exe Any Any UDP 546 547 Any Any
Core Networking - Internet Group Management Protocol (IGMP-In) Core Networking All Yes Block No System Any Any IGMP Any Any Any Any
Core Networking - IPHTTPS (TCP-In) Core Networking All Yes Block No System Any Any TCP IPHTTPS Any Any Any
Core Networking - IPv6 (IPv6-In) Core Networking All Yes Block No System Any Any IPv6 Any Any Any Any
Core Networking - Multicast Listener Done (ICMPv6-In) Core Networking All Yes Block No System Any Local subnet ICMPv6 Any Any Any Any
Core Networking - Multicast Listener Query (ICMPv6-In) Core Networking All Yes Block No System Any Local subnet ICMPv6 Any Any Any Any
Core Networking - Multicast Listener Report (ICMPv6-In) Core Networking All Yes Block No System Any Local subnet ICMPv6 Any Any Any Any
Core Networking - Multicast Listener Report v2 (ICMPv6-In) Core Networking All Yes Block No System Any Local subnet ICMPv6 Any Any Any Any
Core Networking - Neighbor Discovery Advertisement (ICMPv6-In) Core Networking All Yes Block No System Any Any ICMPv6 Any Any Any Any
Core Networking - Neighbor Discovery Solicitation (ICMPv6-In) Core Networking All Yes Block No System Any Any ICMPv6 Any Any Any Any
Core Networking - Packet Too Big (ICMPv6-In) Core Networking All Yes Block No System Any Any ICMPv6 Any Any Any Any
Core Networking - Parameter Problem (ICMPv6-In) Core Networking All Yes Block No System Any Any ICMPv6 Any Any Any Any
Core Networking - Router Advertisement (ICMPv6-In) Core Networking All Yes Block No System Any fe80::/64 ICMPv6 Any Any Any Any
Core Networking - Router Solicitation (ICMPv6-In) Core Networking All Yes Allow No System Any Any ICMPv6 Any Any Any Any
Core Networking - Teredo (UDP-In) Core Networking All Yes Allow No %SystemRoot%\system32\svchost.exe Any Any UDP Edge Traversal Any Any Any
Core Networking - Time Exceeded (ICMPv6-In) Core Networking All Yes Allow No System Any Any ICMPv6 Any Any Any Any
Distributed Transaction Coordinator (RPC) Distributed Transaction Coordinator Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP RPC Dynamic Ports Any Any Any
Distributed Transaction Coordinator (RPC) Distributed Transaction Coordinator Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP RPC Dynamic Ports Any Any Any
Distributed Transaction Coordinator (RPC-EPMAP) Distributed Transaction Coordinator Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP RPC Endpoint Mapper Any Any Any
Distributed Transaction Coordinator (RPC-EPMAP) Distributed Transaction Coordinator Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP RPC Endpoint Mapper Any Any Any
Distributed Transaction Coordinator (TCP-In) Distributed Transaction Coordinator Domain No Allow No %SystemRoot%\system32\msdtc.exe Any Any TCP Any Any Any Any
Distributed Transaction Coordinator (TCP-In) Distributed Transaction Coordinator Private, Public No Allow No %SystemRoot%\system32\msdtc.exe Any Local subnet TCP Any Any Any Any
File and Printer Sharing (Echo Request - ICMPv4-In) File and Printer Sharing Private, Public No Allow No Any Any Local subnet ICMPv4 Any Any Any Any
File and Printer Sharing (Echo Request - ICMPv4-In) File and Printer Sharing Domain No Allow No Any Any Any ICMPv4 Any Any Any Any
File and Printer Sharing (Echo Request - ICMPv6-In) File and Printer Sharing Domain No Allow No Any Any Any ICMPv6 Any Any Any Any
File and Printer Sharing (Echo Request - ICMPv6-In) File and Printer Sharing Private, Public No Allow No Any Any Local subnet ICMPv6 Any Any Any Any
File and Printer Sharing (LLMNR-UDP-In) File and Printer Sharing All No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 5355 Any Any Any
File and Printer Sharing (NB-Datagram-In) File and Printer Sharing Private, Public No Allow No System Any Local subnet UDP 138 Any Any Any
File and Printer Sharing (NB-Datagram-In) File and Printer Sharing Domain No Allow No System Any Any UDP 138 Any Any Any
File and Printer Sharing (NB-Name-In) File and Printer Sharing Private, Public No Allow No System Any Local subnet UDP 137 Any Any Any
File and Printer Sharing (NB-Name-In) File and Printer Sharing Domain No Allow No System Any Any UDP 137 Any Any Any
File and Printer Sharing (NB-Session-In) File and Printer Sharing Private, Public No Allow No System Any Local subnet TCP 139 Any Any Any
File and Printer Sharing (NB-Session-In) File and Printer Sharing Domain No Allow No System Any Any TCP 139 Any Any Any
File and Printer Sharing (SMB-In) File and Printer Sharing Private, Public No Allow No System Any Local subnet TCP 445 Any Any Any
File and Printer Sharing (SMB-In) File and Printer Sharing Domain No Allow No System Any Any TCP 445 Any Any Any
File and Printer Sharing (Spooler Service - RPC) File and Printer Sharing Domain No Allow No %SystemRoot%\system32\spoolsv.exe Any Any TCP RPC Dynamic Ports Any Any Any
File and Printer Sharing (Spooler Service - RPC) File and Printer Sharing Private, Public No Allow No %SystemRoot%\system32\spoolsv.exe Any Local subnet TCP RPC Dynamic Ports Any Any Any
File and Printer Sharing (Spooler Service - RPC-EPMAP) File and Printer Sharing Domain No Allow No Any Any Any TCP RPC Endpoint Mapper Any Any Any
File and Printer Sharing (Spooler Service - RPC-EPMAP) File and Printer Sharing Private, Public No Allow No Any Any Local subnet TCP RPC Endpoint Mapper Any Any Any
HomeGroup In HomeGroup Private No Allow No %systemroot%\system32\svchost.exe Any Local subnet TCP 3587 Any Any Any
HomeGroup In (PNRP) HomeGroup Private No Allow No %systemroot%\system32\svchost.exe Any Local subnet UDP 3540 Any Any Any
iSCSI Service (TCP-In) iSCSI Service Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP Any Any Any Any
iSCSI Service (TCP-In) iSCSI Service Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP Any Any Any Any
Media Center Extenders - HTTP Streaming (TCP-In) Media Center Extenders All No Allow No System Any Local subnet TCP 10244 Any Any Any
Media Center Extenders - Media Streaming (TCP-In) Media Center Extenders All No Allow No System Any Local subnet TCP 2869 Any Any Any
Media Center Extenders - qWave (TCP-In) Media Center Extenders All No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP 2177 Any Any Any
Media Center Extenders - qWave (UDP-In) Media Center Extenders All No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 2177 Any Any Any
Media Center Extenders - RTSP (TCP-In) Media Center Extenders All No Allow No %SystemRoot%\ehome\ehshell.exe Any Local subnet TCP 554, 8554, 8555, 8556, 8557, 8558 Any Any Any
Media Center Extenders - SSDP (UDP-In) Media Center Extenders All No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 1900 Any Any Any
Media Center Extenders - WMDRM-ND/RTP/RTCP (UDP-In) Media Center Extenders All No Allow No %SystemRoot%\ehome\ehshell.exe Any Local subnet UDP 7777, 7778, 7779, 7780, 7781, 5004, 5005, 50004, 50005, 50006, 50007, 50008, 50009, 50010, 50011, 50012, 50013 Any Any Any
Media Center Extenders - XSP (TCP-In) Media Center Extenders All No Allow No System Any Local subnet TCP 3390 Any Any Any
Netlogon Service (NP-In) Netlogon Service All No Allow No System Any Any TCP 445 Any Any Any
Network Discovery (LLMNR-UDP-In) Network Discovery Private Yes Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 5355 Any Any Any
Network Discovery (LLMNR-UDP-In) Network Discovery Domain, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 5355 Any Any Any
Network Discovery (NB-Datagram-In) Network Discovery Public No Allow No System Any Local subnet UDP 138 Any Any Any
Network Discovery (NB-Datagram-In) Network Discovery Domain No Allow No System Any Any UDP 138 Any Any Any
Network Discovery (NB-Datagram-In) Network Discovery Private Yes Allow No System Any Local subnet UDP 138 Any Any Any
Network Discovery (NB-Name-In) Network Discovery Public No Allow No System Any Local subnet UDP 137 Any Any Any
Network Discovery (NB-Name-In) Network Discovery Private Yes Allow No System Any Local subnet UDP 137 Any Any Any
Network Discovery (NB-Name-In) Network Discovery Domain No Allow No System Any Any UDP 137 Any Any Any
Network Discovery (Pub-WSD-In) Network Discovery Private Yes Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 3702 Any Any Any
Network Discovery (Pub-WSD-In) Network Discovery Domain, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 3702 Any Any Any
Network Discovery (SSDP-In) Network Discovery Private Yes Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 1900 Any Any Any
Network Discovery (SSDP-In) Network Discovery Domain, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 1900 Any Any Any
Network Discovery (UPnP-In) Network Discovery Domain No Allow No System Any Any TCP 2869 Any Any Any
Network Discovery (UPnP-In) Network Discovery Public No Allow No System Any Local subnet TCP 2869 Any Any Any
Network Discovery (UPnP-In) Network Discovery Private Yes Allow No System Any Local subnet TCP 2869 Any Any Any
Network Discovery (WSD Events-In) Network Discovery Domain No Allow No System Any Any TCP 5357 Any Any Any
Network Discovery (WSD Events-In) Network Discovery Private Yes Allow No System Any Local subnet TCP 5357 Any Any Any
Network Discovery (WSD Events-In) Network Discovery Public No Allow No System Any Local subnet TCP 5357 Any Any Any
Network Discovery (WSD EventsSecure-In) Network Discovery Domain No Allow No System Any Any TCP 5358 Any Any Any
Network Discovery (WSD EventsSecure-In) Network Discovery Private Yes Allow No System Any Local subnet TCP 5358 Any Any Any
Network Discovery (WSD EventsSecure-In) Network Discovery Public No Allow No System Any Local subnet TCP 5358 Any Any Any
Network Discovery (WSD-In) Network Discovery Private Yes Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 3702 Any Any Any
Network Discovery (WSD-In) Network Discovery Domain, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 3702 Any Any Any
Performance Logs and Alerts (DCOM-In) Performance Logs and Alerts Domain No Allow No %systemroot%\system32\svchost.exe Any Any TCP 135 Any Any Any
Performance Logs and Alerts (DCOM-In) Performance Logs and Alerts Private, Public No Allow No %systemroot%\system32\svchost.exe Any Local subnet TCP 135 Any Any Any
Performance Logs and Alerts (TCP-In) Performance Logs and Alerts Domain No Allow No %systemroot%\system32\plasrv.exe Any Any TCP Any Any Any Any
Performance Logs and Alerts (TCP-In) Performance Logs and Alerts Private, Public No Allow No %systemroot%\system32\plasrv.exe Any Local subnet TCP Any Any Any Any
Remote Assistance (DCOM-In) Remote Assistance Domain Yes Allow No %SystemRoot%\system32\svchost.exe Any Any TCP 135 Any Any Any
Remote Assistance (PNRP-In) Remote Assistance Public No Allow No %systemroot%\system32\svchost.exe Any Any UDP 3540 Any Any Any
Remote Assistance (PNRP-In) Remote Assistance Domain, Private Yes Allow No %systemroot%\system32\svchost.exe Any Any UDP 3540 Any Any Any
Remote Assistance (RA Server TCP-In) Remote Assistance Domain Yes Allow No %SystemRoot%\system32\raserver.exe Any Any TCP Any Any Any Any
Remote Assistance (SSDP TCP-In) Remote Assistance Domain, Private Yes Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP 2869 Any Any Any
Remote Assistance (SSDP UDP-In) Remote Assistance Domain, Private Yes Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 1900 Any Any Any
Remote Assistance (TCP-In) Remote Assistance Domain, Private Yes Allow No %SystemRoot%\system32\msra.exe Any Any TCP Any Any Any Any
Remote Assistance (TCP-In) Remote Assistance Public No Allow No %SystemRoot%\system32\msra.exe Any Any TCP Any Any Any Any
Remote Event Log Management (NP-In) Remote Event Log Management Domain No Allow No System Any Any TCP 445 Any Any Any
Remote Event Log Management (NP-In) Remote Event Log Management Private, Public No Allow No System Any Local subnet TCP 445 Any Any Any
Remote Event Log Management (RPC) Remote Event Log Management Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP RPC Dynamic Ports Any Any Any
Remote Event Log Management (RPC) Remote Event Log Management Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP RPC Dynamic Ports Any Any Any
Remote Event Log Management (RPC-EPMAP) Remote Event Log Management Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP RPC Endpoint Mapper Any Any Any
Remote Event Log Management (RPC-EPMAP) Remote Event Log Management Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP RPC Endpoint Mapper Any Any Any
Remote Scheduled Tasks Management (RPC) Remote Scheduled Tasks Management Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP RPC Dynamic Ports Any Any Any
Remote Scheduled Tasks Management (RPC) Remote Scheduled Tasks Management Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP RPC Dynamic Ports Any Any Any
Remote Scheduled Tasks Management (RPC-EPMAP) Remote Scheduled Tasks Management Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP RPC Endpoint Mapper Any Any Any
Remote Scheduled Tasks Management (RPC-EPMAP) Remote Scheduled Tasks Management Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP RPC Endpoint Mapper Any Any Any
Remote Service Management (NP-In) Remote Service Management Private, Public No Allow No System Any Local subnet TCP 445 Any Any Any
Remote Service Management (NP-In) Remote Service Management Domain No Allow No System Any Any TCP 445 Any Any Any
Remote Service Management (RPC) Remote Service Management Private, Public No Allow No %SystemRoot%\system32\services.exe Any Local subnet TCP RPC Dynamic Ports Any Any Any
Remote Service Management (RPC) Remote Service Management Domain No Allow No %SystemRoot%\system32\services.exe Any Any TCP RPC Dynamic Ports Any Any Any
Remote Service Management (RPC-EPMAP) Remote Service Management Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP RPC Endpoint Mapper Any Any Any
Remote Service Management (RPC-EPMAP) Remote Service Management Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP RPC Endpoint Mapper Any Any Any
Remote Volume Management - Virtual Disk Service (RPC) Remote Volume Management Domain No Allow No %SystemRoot%\system32\vds.exe Any Any TCP RPC Dynamic Ports Any Any Any
Remote Volume Management - Virtual Disk Service (RPC) Remote Volume Management Private, Public No Allow No %SystemRoot%\system32\vds.exe Any Local subnet TCP RPC Dynamic Ports Any Any Any
Remote Volume Management - Virtual Disk Service Loader (RPC) Remote Volume Management Domain No Allow No %SystemRoot%\system32\vdsldr.exe Any Any TCP RPC Dynamic Ports Any Any Any
Remote Volume Management - Virtual Disk Service Loader (RPC) Remote Volume Management Private, Public No Allow No %SystemRoot%\system32\vdsldr.exe Any Local subnet TCP RPC Dynamic Ports Any Any Any
Remote Volume Management (RPC-EPMAP) Remote Volume Management Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP RPC Endpoint Mapper Any Any Any
Remote Volume Management (RPC-EPMAP) Remote Volume Management Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP RPC Endpoint Mapper Any Any Any
Routing and Remote Access (GRE-In) Routing and Remote Access All No Allow No System Any Any GRE Any Any Any Any
Routing and Remote Access (L2TP-In) Routing and Remote Access All No Allow No System Any Any UDP 1701 Any Any Any
Routing and Remote Access (PPTP-In) Routing and Remote Access All No Allow No System Any Any TCP 1723 Any Any Any
Secure Socket Tunneling Protocol (SSTP-In) Secure Socket Tunneling Protocol All No Allow No System Any Any TCP 443 Any Any Any
SNMP Trap Service (UDP In) SNMP Trap Private, Public No Allow No %SystemRoot%\system32\snmptrap.exe Any Local subnet UDP 162 Any Any Any
SNMP Trap Service (UDP In) SNMP Trap Domain No Allow No %SystemRoot%\system32\snmptrap.exe Any Any UDP 162 Any Any Any
Windows Collaboration Computer Name Registration Service (PNRP-In) Windows Collaboration Computer Name Registration Service All No Allow No %SystemRoot%\system32\svchost.exe Any Any UDP 3540 Any Any Any
Windows Collaboration Computer Name Registration Service (SSDP-In) Windows Collaboration Computer Name Registration Service All No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 1900 Any Any Any
Windows Firewall Remote Management (RPC) Windows Firewall Remote Management Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP RPC Dynamic Ports Any Any Any
Windows Firewall Remote Management (RPC) Windows Firewall Remote Management Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP RPC Dynamic Ports Any Any Any
Windows Firewall Remote Management (RPC-EPMAP) Windows Firewall Remote Management Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP RPC Endpoint Mapper Any Any Any
Windows Firewall Remote Management (RPC-EPMAP) Windows Firewall Remote Management Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP RPC Endpoint Mapper Any Any Any
Windows Management Instrumentation (ASync-In) Windows Management Instrumentation (WMI) Domain No Allow No %systemroot%\system32\wbem\unsecapp.exe Any Any TCP Any Any Any Any
Windows Management Instrumentation (ASync-In) Windows Management Instrumentation (WMI) Private, Public No Allow No %systemroot%\system32\wbem\unsecapp.exe Any Local subnet TCP Any Any Any Any
Windows Management Instrumentation (DCOM-In) Windows Management Instrumentation (WMI) Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP 135 Any Any Any
Windows Management Instrumentation (DCOM-In) Windows Management Instrumentation (WMI) Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP 135 Any Any Any
Windows Management Instrumentation (WMI-In) Windows Management Instrumentation (WMI) Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP Any Any Any Any
Windows Management Instrumentation (WMI-In) Windows Management Instrumentation (WMI) Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP Any Any Any Any
Windows Media Player (UDP-In) Windows Media Player All No Allow No %ProgramFiles%\Windows Media Player\wmplayer.exe Any Any UDP Any Any Any Any
Windows Media Player x86 (UDP-In) Windows Media Player All No Allow No %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe Any Any UDP Any Any Any Any
Windows Media Player Network Sharing Service (HTTP-Streaming-In) Windows Media Player Network Sharing Service Domain No Allow No System Any Any TCP 10243 Any Any Any
Windows Media Player Network Sharing Service (HTTP-Streaming-In) Windows Media Player Network Sharing Service Private, Public No Allow No System Any Local subnet TCP 10243 Any Any Any
Windows Media Player Network Sharing Service (qWave-TCP-In) Windows Media Player Network Sharing Service Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet TCP 2177 Any Any Any
Windows Media Player Network Sharing Service (qWave-TCP-In) Windows Media Player Network Sharing Service Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any TCP 2177 Any Any Any
Windows Media Player Network Sharing Service (qWave-UDP-In) Windows Media Player Network Sharing Service Private, Public No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 2177 Any Any Any
Windows Media Player Network Sharing Service (qWave-UDP-In) Windows Media Player Network Sharing Service Domain No Allow No %SystemRoot%\system32\svchost.exe Any Any UDP 2177 Any Any Any
Windows Media Player Network Sharing Service (SSDP-In) Windows Media Player Network Sharing Service All No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 1900 Any Any Any
Windows Media Player Network Sharing Service (Streaming-UDP-In) Windows Media Player Network Sharing Service Private, Public No Allow No %PROGRAMFILES%\Windows Media Player\wmplayer.exe Any Local subnet UDP Any Any Any Any
Windows Media Player Network Sharing Service (Streaming-UDP-In) Windows Media Player Network Sharing Service Domain No Allow No %PROGRAMFILES%\Windows Media Player\wmplayer.exe Any Any UDP Any Any Any Any
Windows Media Player Network Sharing Service (TCP-In) Windows Media Player Network Sharing Service Private, Public No Allow No %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe Any Local subnet TCP Any Any Any Any
Windows Media Player Network Sharing Service (TCP-In) Windows Media Player Network Sharing Service Domain No Allow No %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe Any Any TCP Any Any Any Any
Windows Media Player Network Sharing Service (UDP-In) Windows Media Player Network Sharing Service Domain No Allow No %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe Any Any UDP Any Any Any Any
Windows Media Player Network Sharing Service (UDP-In) Windows Media Player Network Sharing Service Private, Public No Allow No %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe Any Local subnet UDP Any Any Any Any
Windows Media Player Network Sharing Service (UPnP-In) Windows Media Player Network Sharing Service All No Allow No System Any Local subnet TCP 2869 Any Any Any
Windows Media Player Network Sharing Service (HTTP-Streaming-In) Windows Media Player Network Sharing Service (Internet) Domain, Private No Allow No System Any Any TCP 10245 Any Any Any
Windows Peer to Peer Collaboration Foundation (PNRP-In) Windows Peer to Peer Collaboration Foundation All No Allow No %SystemRoot%\system32\svchost.exe Any Any UDP 3540 Any Any Any
Windows Peer to Peer Collaboration Foundation (SSDP-In) Windows Peer to Peer Collaboration Foundation All No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 1900 Any Any Any
Windows Peer to Peer Collaboration Foundation (TCP-In) Windows Peer to Peer Collaboration Foundation All No Allow No %SystemRoot%\system32\p2phost.exe Any Any TCP Any Any Any Any
Windows Peer to Peer Collaboration Foundation (WSD-In) Windows Peer to Peer Collaboration Foundation All No Allow No %SystemRoot%\system32\p2phost.exe Any Local subnet UDP 3702 Any Any Any
Windows Remote Management - Compatibility Mode (HTTP-In) Windows Remote Management Private, Public No Allow No System Any Local subnet TCP 80 Any Any Any
Windows Remote Management - Compatibility Mode (HTTP-In) Windows Remote Management Domain No Allow No System Any Any TCP 80 Any Any Any
Windows Remote Management (HTTP-In) Windows Remote Management Private, Public No Allow No System Any Local subnet TCP 5985 Any Any Any
Windows Remote Management (HTTP-In) Windows Remote Management Domain No Allow No System Any Any TCP 5985 Any Any Any
Wireless Portable Devices (SSDP-In) Wireless Portable Devices All No Allow No %SystemRoot%\system32\svchost.exe Any Local subnet UDP 1900 Any Any Any
Wireless Portable Devices (UPnP-In) Wireless Portable Devices All No Allow No System Any Local subnet TCP 2869 Any Any Any


AND THE DISM LOG FROM THE INSTALL, THE MEDIUM USE WAS A 64 BIT WIN7SP1 PROVIDED BY DELL NOT FROM WINRE As STATED BY DISM. THE LOG DO SAY DRIVERS CHECKSUM ARE OK BUT IN THE MEANWILE WINDOWS SAYING NOT GENIUN COPY OF WINDOWS



2002-01-01 04:14:48, Info DISM PID=1812 Scratch directory set to 'X:\windows\TEMP\'. - CDISMManager::put_ScratchDir
2002-01-01 04:14:48, Info DISM PID=1812 Scratch directory set to 'C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae'. - CDISMManager::put_ScratchDir
2002-01-01 04:14:48, Info DISM PID=1812 Successfully loaded the ImageSession at "X:\Sources" - CDISMManager::LoadImageSession
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Found and Initialized the DISM Logger. - CDISMProviderStore::Internal_InitializeLogger
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Failed to get and initialize the PE Provider. Continuing by assuming that it is not a WinPE image. - CDISMProviderStore::Final_OnConnect
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Finished initializing the Provider Map. - CDISMProviderStore::Final_OnConnect
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:48, Info DISM DISM Manager: PID=1812 Successfully created the local image session and provider store. - CDISMManager::CreateLocalImageSession
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:48, Info DISM DISM.EXE:
2002-01-01 04:14:48, Info DISM DISM.EXE: <----- Starting Dism.exe session ----->
2002-01-01 04:14:48, Info DISM DISM.EXE:
2002-01-01 04:14:48, Info DISM DISM.EXE: Host machine information: OS Version=6.1.7601, Running architecture=amd64, Number of processors=4
2002-01-01 04:14:48, Info DISM DISM.EXE: Executing command line: X:\Sources\dism.exe /logpath:C:\$WINDOWS.~BT\Sources\Panther\cbs.log /scratchdir:C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae /image:C:\ /is-serviceable
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Getting the collection of providers from a local provider store type. - CDISMProviderStore::GetProviderCollection
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Loading Provider from location X:\Sources\WimProvider.dll - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:48, Warning DISM DISM Provider Store: PID=1812 Failed to Load the provider: X:\Sources\WimProvider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x8007007e)
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Loading Provider from location X:\Sources\FolderProvider.dll - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Connecting to the provider located at X:\Sources\FolderProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Loading Provider from location X:\Sources\CompatProvider.dll - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Connecting to the provider located at X:\Sources\CompatProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:48, Info DISM DISM.EXE: Got the collection of providers. Now enumerating them to build the command table.
2002-01-01 04:14:48, Info DISM DISM.EXE: Attempting to add the commands from provider: FolderManager
2002-01-01 04:14:48, Info DISM DISM.EXE: Attempting to add the commands from provider: DISM Log Provider
2002-01-01 04:14:48, Info DISM DISM.EXE: Attempting to add the commands from provider: Compatibility Manager
2002-01-01 04:14:48, Info DISM DISM.EXE: Succesfully registered commands for the provider: Compatibility Manager.
2002-01-01 04:14:48, Warning DISM DISM.EXE: Failed to load WimManager. Try running from the Deployment Tools Command Prompt. If the issue persists, ensure that wimgapi.dll and wimserv.exe are up to date.
2002-01-01 04:14:48, Warning DISM DISM.EXE: Failed to add any commands.
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Getting the collection of providers from a local provider store type. - CDISMProviderStore::GetProviderCollection
2002-01-01 04:14:48, Info DISM DISM Provider Store: PID=1812 Getting the collection of providers from a local provider store type. - CDISMProviderStore::GetProviderCollection
2002-01-01 04:14:49, Info DISM DISM Manager: PID=1812 Successfully loaded the ImageSession at "C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E" - CDISMManager::LoadImageSession
2002-01-01 04:14:49, Info DISM DISM Image Session: PID=1860 Instantiating the Provider Store. - CDISMImageSession::get_ProviderStore
2002-01-01 04:14:49, Info DISM DISM Provider Store: PID=1860 Initializing a provider store for the IMAGE session type. - CDISMProviderStore::Final_OnConnect
2002-01-01 04:14:49, Info DISM DISM Provider Store: PID=1860 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:49, Info DISM DISM Provider Store: PID=1860 Loading Provider from location C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\OSProvider.dll - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:49, Info DISM DISM Provider Store: PID=1860 Connecting to the provider located at C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\OSProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:49, Info DISM DISM OS Provider: PID=1860 Defaulting SystemPath to C:\ - CDISMOSServiceManager::Final_OnConnect
2002-01-01 04:14:49, Info DISM DISM OS Provider: PID=1860 msxml6.dll was successfully copied to C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\msxml6.dll - CDISMOSServiceManager::RunASICompatibilityShim
2002-01-01 04:14:49, Info DISM DISM OS Provider: PID=1860 msxml6r.dll was successfully copied to C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\msxml6r.dll - CDISMOSServiceManager::RunASICompatibilityShim
2002-01-01 04:14:49, Info DISM DISM OS Provider: PID=1860 Defaulting Windows folder to C:\Windows - CDISMOSServiceManager::Final_OnConnect
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Attempting to initialize the logger from the Image Session. - CDISMProviderStore::Final_OnConnect
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Loading Provider from location C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\LogProvider.dll - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Connecting to the provider located at C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\LogProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Getting Provider OSServices - CDISMProviderStore::GetProvider
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Found and Initialized the DISM Logger. - CDISMProviderStore::Internal_InitializeLogger
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Loading Provider from location C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\PEProvider.dll - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:51, Warning DISM DISM Provider Store: PID=1860 Failed to Load the provider: C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\PEProvider.dll. - CDISMProviderStore::Internal_GetProvider(hr:0x8007007e)
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Failed to get and initialize the PE Provider. Continuing by assuming that it is not a WinPE image. - CDISMProviderStore::Final_OnConnect
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Finished initializing the Provider Map. - CDISMProviderStore::Final_OnConnect
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Getting Provider DISMLogger - CDISMProviderStore::GetProvider
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:51, Info DISM DISM Manager: PID=1812 Image session successfully loaded from the temporary location: C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E - CDISMManager::CreateImageSession
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Getting Provider OSServices - CDISMProviderStore::GetProvider
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:51, Info DISM DISM OS Provider: PID=1860 Setting SystemPath to C:\ - CDISMOSServiceManager::SetSystemPath
2002-01-01 04:14:51, Info CSI 00000001 Shim considered [l:256{128}]"\??\C:\Windows\Servicing\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\pkgmgr.exe" : got STATUS_OBJECT_PATH_NOT_FOUND
2002-01-01 04:14:51, Info CSI 00000002 Shim considered [l:250{125}]"\??\C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\pkgmgr.exe" : got STATUS_SUCCESS
2002-01-01 04:14:51, Info DISM DISM.EXE: Target image information: OS Version=6.1.7601.17514, Image architecture=amd64
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Getting the collection of providers from an image provider store type. - CDISMProviderStore::GetProviderCollection
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Loading Provider from location C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\CbsProvider.dll - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Connecting to the provider located at C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\CbsProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:51, Info DISM DISM Provider Store: PID=1860 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:51, Info CSI 00000001 Shim considered [l:256{128}]"\??\C:\Windows\Servicing\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\pkgmgr.exe" : got STATUS_OBJECT_PATH_NOT_FOUND
2002-01-01 04:14:51, Info CSI 00000002 Shim considered [l:250{125}]"\??\C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\pkgmgr.exe" : got STATUS_SUCCESS
2002-01-01 04:14:51, Info DISM DISM Package Manager: PID=1860 Finished initializing the CbsConUI Handler. - CCbsConUIHandler::Initialize
2002-01-01 04:14:51, Info CSI 00000001 Shim considered [l:256{128}]"\??\C:\Windows\Servicing\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\pkgmgr.exe" : got STATUS_OBJECT_PATH_NOT_FOUND
2002-01-01 04:14:51, Info CSI 00000002 Shim considered [l:250{125}]"\??\C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\pkgmgr.exe" : got STATUS_SUCCESS
2002-01-01 04:14:51, Info CBS Transactions disabled in registry, continuing without transaction support.
2002-01-01 04:14:51, Info CBS Kernel transactions are disabled, continuing without transaction support.
2002-01-01 04:14:51, Info CBS Failed to find a matching version for servicing stack: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\ [HRESULT = 0x80070490 - ERROR_NOT_FOUND]
2002-01-01 04:14:51, Info CBS Failed to find servicing stack directory in online store. [HRESULT = 0x80070490 - ERROR_NOT_FOUND]
2002-01-01 04:14:51, Info CBS Must be doing offline servicing, using stack version from: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\cbscore.dll
2002-01-01 04:14:51, Info CBS Loaded Servicing Stack v6.1.7601.17514 with Core: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\cbscore.dll
2002-01-01 04:14:51, Info CSI 00000001@2002/1/1:12:14:51.874 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fef9b2e94d @0x7fef9e59839 @0x7fef9e234d3 @0x7fef9f370b9 @0x7fef9f372a7 @0x7fef9f08843)
2002-01-01 04:14:51, Info CSI 00000002@2002/1/1:12:14:51.983 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fef9b2e94d @0x7fef9ea6806 @0x7fef9e72a9c @0x7fef9e235a9 @0x7fef9f370b9 @0x7fef9f372a7)
2002-01-01 04:14:52, Info DISM DISM Package Manager: PID=1860 Loaded servicing stack for offline use only. - CDISMPackageManager::RefreshInstanceAndLock
2002-01-01 04:14:52, Info CBS Loading offline registry hive: SOFTWARE, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/SOFTWARE' from path '\\?\C:\Windows\System32\config\SOFTWARE'.
2002-01-01 04:14:52, Info CBS Loading offline registry hive: SYSTEM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/SYSTEM' from path '\\?\C:\Windows\System32\config\SYSTEM'.
2002-01-01 04:14:52, Info CBS Loading offline registry hive: SECURITY, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/SECURITY' from path '\\?\C:\Windows\System32\config\SECURITY'.
2002-01-01 04:14:52, Info CBS Loading offline registry hive: SAM, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/SAM' from path '\\?\C:\Windows\System32\config\SAM'.
2002-01-01 04:14:52, Info CBS Loading offline registry hive: COMPONENTS, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/COMPONENTS' from path '\\?\C:\Windows\System32\config\COMPONENTS'.
2002-01-01 04:14:52, Info CBS Loading offline registry hive: DEFAULT, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/DEFAULT' from path '\\?\C:\Windows\System32\config\DEFAULT'.
2002-01-01 04:14:52, Info CBS Loading offline registry hive: ntuser.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Users/default/ntuser.dat' from path '\\?\C:\Users\default\ntuser.dat'.
2002-01-01 04:14:52, Info CBS Loading offline registry hive: schema.dat, into registry key '{bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/system32/smi/store/Machine/schema.dat' from path '\\?\C:\Windows\system32\smi\store\Machine\schema.dat'.
2002-01-01 04:14:52, Info CBS Offline image is: writeable
2002-01-01 04:14:52, Info CSI 00000003 CSI Store 3360912 (0x0000000000334890) initialized
2002-01-01 04:14:52, Info CBS Session: 1860_3232605 initialized by client DISM Package Manager Provider.
2002-01-01 04:14:52, Info DISM DISM Package Manager: PID=1860 Loaded servicing stack for offline use only. - CDISMPackageManager::RefreshInstanceAndLock
2002-01-01 04:14:52, Info DISM DISM Package Manager: PID=1860 Loaded servicing stack for online use only. - CDISMPackageManager::RefreshInstanceAndLock
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Loading Provider from location C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\MsiProvider.dll - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Connecting to the provider located at C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\MsiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Loading Provider from location C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\IntlProvider.dll - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Connecting to the provider located at C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\IntlProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Loading Provider from location C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\DmiProvider.dll - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Connecting to the provider located at C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\DmiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:52, Info CSI 00000001 Shim considered [l:256{128}]"\??\C:\Windows\Servicing\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\pkgmgr.exe" : got STATUS_OBJECT_PATH_NOT_FOUND
2002-01-01 04:14:52, Info CSI 00000002 Shim considered [l:250{125}]"\??\C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\pkgmgr.exe" : got STATUS_SUCCESS
2002-01-01 04:14:52, Info DISM DISM OS Provider: PID=1860 Get the registry path to the SOFTWARE hive located at C:\Windows\system32\config\SOFTWARE and determine if it is loaded. - CDISMOSServiceManager::DetermineBootDrive
2002-01-01 04:14:52, Info DISM DISM Driver Manager: PID=1860 Further logs for driver related operations can be found in the target operating system at %WINDIR%\inf\setupapi.offline.log - CDriverManager::Initialize
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Loading Provider from location C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\UnattendProvider.dll - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Connecting to the provider located at C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\UnattendProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Loading Provider from location C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\SmiProvider.dll - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Connecting to the provider located at C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\SmiProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Loading Provider from location C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\TransmogProvider.dll - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Connecting to the provider located at C:\$WINDOWS.~LS\PackageTemp\cbdff1d7-da22-4702-962e-e62386831dae\BA9DE3DC-2311-478F-9112-89948C17A21E\TransmogProvider.dll. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Encountered a servicing provider, performing additional servicing initializations. - CDISMProviderStore::Internal_LoadProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Getting Provider DISM Package Manager - CDISMProviderStore::GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Getting Provider DISM Unattend Manager - CDISMProviderStore::GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM.EXE: Got the collection of providers. Now enumerating them to build the command table.
2002-01-01 04:14:52, Info DISM DISM.EXE: Attempting to add the commands from provider: DISM Package Manager
2002-01-01 04:14:52, Info DISM DISM.EXE: Succesfully registered commands for the provider: DISM Package Manager.
2002-01-01 04:14:52, Info DISM DISM.EXE: Attempting to add the commands from provider: OSServices
2002-01-01 04:14:52, Info DISM DISM.EXE: Attempting to add the commands from provider: MsiManager
2002-01-01 04:14:52, Info DISM DISM.EXE: Succesfully registered commands for the provider: MsiManager.
2002-01-01 04:14:52, Info DISM DISM.EXE: Attempting to add the commands from provider: IntlManager
2002-01-01 04:14:52, Info DISM DISM.EXE: Succesfully registered commands for the provider: IntlManager.
2002-01-01 04:14:52, Info DISM DISM.EXE: Attempting to add the commands from provider: DriverManager
2002-01-01 04:14:52, Info DISM DISM.EXE: Succesfully registered commands for the provider: DriverManager.
2002-01-01 04:14:52, Info DISM DISM.EXE: Attempting to add the commands from provider: DISM Unattend Manager
2002-01-01 04:14:52, Info DISM DISM.EXE: Succesfully registered commands for the provider: DISM Unattend Manager.
2002-01-01 04:14:52, Info DISM DISM.EXE: Attempting to add the commands from provider: DISM Log Provider
2002-01-01 04:14:52, Info DISM DISM.EXE: Attempting to add the commands from provider: SmiManager
2002-01-01 04:14:52, Info DISM DISM.EXE: Attempting to add the commands from provider: Edition Manager
2002-01-01 04:14:52, Info DISM DISM Transmog Provider: PID=1860 Current image session is [OFFLINE] - CTransmogManager::GetMode
2002-01-01 04:14:52, Info DISM DISM.EXE: Succesfully registered commands for the provider: Edition Manager.
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Getting Provider DISM Package Manager - CDISMProviderStore::GetProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Provider has previously been initialized. Returning the existing instance. - CDISMProviderStore::Internal_GetProvider
2002-01-01 04:14:52, Info DISM DISM Package Manager: PID=1860 Processing the top level command token(is-serviceable). - CPackageManagerCLIHandler::Private_ValidateCmdLine
2002-01-01 04:14:52, Info DISM DISM Package Manager: PID=1860 Attempting to route to appropriate command handler. - CPackageManagerCLIHandler::ExecuteCmdLine
2002-01-01 04:14:52, Info DISM DISM Package Manager: PID=1860 Routing the command... - CPackageManagerCLIHandler::ExecuteCmdLine
2002-01-01 04:14:52, Info DISM DISM Image Session: PID=1860 Disconnecting the provider store - CDISMImageSession::Final_OnDisconnect
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Finalizing the servicing provider(DISM Package Manager) - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/SOFTWARE
2002-01-01 04:14:52, Info CBS Failed to unload offline registry: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/SOFTWARE, the client may still need it open. [HRESULT = 0x80070005 - E_ACCESSDENIED]
2002-01-01 04:14:52, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/SYSTEM
2002-01-01 04:14:52, Info CBS Failed to unload offline registry: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/SYSTEM, the client may still need it open. [HRESULT = 0x80070005 - E_ACCESSDENIED]
2002-01-01 04:14:52, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/SECURITY
2002-01-01 04:14:52, Info CBS Failed to unload offline registry: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/SECURITY, the client may still need it open. [HRESULT = 0x80070005 - E_ACCESSDENIED]
2002-01-01 04:14:52, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/SAM
2002-01-01 04:14:52, Info CBS Failed to unload offline registry: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/SAM, the client may still need it open. [HRESULT = 0x80070005 - E_ACCESSDENIED]
2002-01-01 04:14:52, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/COMPONENTS
2002-01-01 04:14:52, Info CBS Failed to unload offline registry: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/COMPONENTS, the client may still need it open. [HRESULT = 0x80070005 - E_ACCESSDENIED]
2002-01-01 04:14:52, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/DEFAULT
2002-01-01 04:14:52, Info CBS Failed to unload offline registry: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/System32/config/DEFAULT, the client may still need it open. [HRESULT = 0x80070005 - E_ACCESSDENIED]
2002-01-01 04:14:52, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Users/default/ntuser.dat
2002-01-01 04:14:52, Info CBS Failed to unload offline registry: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Users/default/ntuser.dat, the client may still need it open. [HRESULT = 0x80070005 - E_ACCESSDENIED]
2002-01-01 04:14:52, Info CBS Unloading offline registry hive: {bf1a281b-ad7b-4476-ac95-f47682990ce7}C:/Windows/system32/smi/store/Machine/schema.dat
2002-01-01 04:14:52, Info DISM DISM Package Manager: PID=1860 Finalizing CBS core. - CDISMPackageManager::Finalize
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Disconnecting Provider: DISM Package Manager - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Found the OSServices. Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Finalizing the servicing provider(MsiManager) - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Disconnecting Provider: MsiManager - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Finalizing the servicing provider(IntlManager) - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Disconnecting Provider: IntlManager - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Found the PE Provider. Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Finalizing the servicing provider(DriverManager) - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Disconnecting Provider: DriverManager - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Finalizing the servicing provider(DISM Unattend Manager) - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Disconnecting Provider: DISM Unattend Manager - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Found the OSServices. Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Finalizing the servicing provider(SmiManager) - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Disconnecting Provider: SmiManager - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Finalizing the servicing provider(Edition Manager) - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Disconnecting Provider: Edition Manager - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Releasing the local reference to OSServices. - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:52, Info DISM DISM Provider Store: PID=1860 Disconnecting Provider: OSServices - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:53, Info DISM DISM OS Provider: PID=1860 Successfully unloaded all registry hives. - CDISMOSServiceManager::Final_OnDisconnect
2002-01-01 04:14:53, Info DISM DISM Provider Store: PID=1860 Releasing the local reference to DISMLogger. Stop logging. - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:53, Info DISM DISM.EXE: Image session has been closed. Reboot required=no.
2002-01-01 04:14:53, Info DISM DISM.EXE:
2002-01-01 04:14:53, Info DISM DISM.EXE: <----- Ending Dism.exe session ----->
2002-01-01 04:14:53, Info DISM DISM.EXE:
2002-01-01 04:14:53, Info DISM DISM Image Session: PID=1812 Disconnecting the provider store - CDISMImageSession::Final_OnDisconnect
2002-01-01 04:14:53, Info DISM DISM Provider Store: PID=1812 Disconnecting Provider: FolderManager - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:53, Info DISM DISM Provider Store: PID=1812 Found the OSServices. Waiting to finalize it until all other providers are unloaded. - CDISMProviderStore::Final_OnDisconnect
2002-01-01 04:14:53, Info DISM DISM Provider Store: PID=1812 Disconnecting Provider: Compatibility Manager - CDISMProviderStore::Internal_DisconnectProvider
2002-01-01 04:14:53, Info DISM DISM Provider Store: PID=1812 Releasing the local reference to DISMLogger. Stop logging. - CDISMProviderStore::Internal_DisconnectProvider


Thanks so much for your time and the help

#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,042 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:54 AM

Posted 30 September 2015 - 12:34 PM

Hey :)

 

STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
  •  

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3

BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.

 
======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM log
  • JRT.txt
  • AdwCleaner[C1].txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,042 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:54 AM

Posted 05 October 2015 - 08:43 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users