GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-04-20 16:49:13 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e WDC_WD10JPVX-22JC3T0 rev.01.01A01 931,51GB Running: x4zdi5p8.exe; Driver: C:\Users\Marek\AppData\Local\Temp\ugldypow.sys ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [588:612] fffff960009412d0 Thread C:\Windows\system32\svchost.exe [916:5408] 00007ffa19541050 Thread C:\Windows\system32\svchost.exe [916:6584] 00007ffa1e6139b0 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions NOEXECUTE=OPTIN NOVGA SAFEBOOT:NETWORK BOOTLOG NOGUIBOOT BOOTLOGO Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x7E 0x7A 0x1A 0x28 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x7E 0x7A 0x1A 0x28 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xE0 0xD3 0x6E 0x7A ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0xE0 0xD3 0x6E 0x7A ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@en-US 50 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LGD04300_00_07DD_EA^E75FB64C9936A079130011C6227F6613@Timestamp 0xA7 0xFA 0x02 0x7E ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 576 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment@SAFEBOOT_OPTION NETWORK Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900032 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1408611045 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 53 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 471533627 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 1826 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 1822 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 3c7f8559-3e02-4b61-b083-40e7305 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\28e3476b9a87 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\b8ee65e1a1c5 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{49db602d-5375-43a2-9dfa-2445c05db6ce}@LastProbeTime 1461163311 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ImagePath \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@DisplayName MBAMSwissArmy Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances@DefaultInstance MBAMSwissArmy Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances\MBAMSwissArmy Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy\Instances\MBAMSwissArmy Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ??r?, ?kwi ?20 ?16, 12:19:21??????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 10580 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 6066 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Collab-P2PHost-In-TCP v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\system32\p2phost.exe|Name=@FirewallAPI.dll,-32003|Desc=@FirewallAPI.dll,-32006|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|Defer=App| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Collab-P2PHost-Out-TCP v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\p2phost.exe|Name=@FirewallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Collab-P2PHost-WSD-In-UDP v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|Name=@FirewallAPI.dll,-32011|Desc=@FirewallAPI.dll,-32014|EmbedCtxt=@FirewallAPI.dll,-32002| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Collab-P2PHost-WSD-Out-UDP v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\p2phost.exe|Name=@FirewallAPI.dll,-32015|Desc=@FirewallAPI.dll,-32018|EmbedCtxt=@FirewallAPI.dll,-32002| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@NetPres-In-TCP-NoScope v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|Name=@FirewallAPI.dll,-31761|Desc=@FirewallAPI.dll,-31764|EmbedCtxt=@FirewallAPI.dll,-31752| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@NetPres-Out-TCP-NoScope v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\netproj.exe|Name=@FirewallAPI.dll,-31765|Desc=@FirewallAPI.dll,-31768|EmbedCtxt=@FirewallAPI.dll,-31752| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@NetPres-WSD-In-UDP v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|Name=@FirewallAPI.dll,-31753|Desc=@FirewallAPI.dll,-31756|EmbedCtxt=@FirewallAPI.dll,-31752| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@NetPres-WSD-Out-UDP v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|Name=@FirewallAPI.dll,-31757|Desc=@FirewallAPI.dll,-31760|EmbedCtxt=@FirewallAPI.dll,-31752| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@NetPres-In-TCP v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|Name=@FirewallAPI.dll,-31761|Desc=@FirewallAPI.dll,-31764|EmbedCtxt=@FirewallAPI.dll,-31752| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@NetPres-Out-TCP v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\netproj.exe|Name=@FirewallAPI.dll,-31765|Desc=@FirewallAPI.dll,-31768|EmbedCtxt=@FirewallAPI.dll,-31752| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@MCX-In-TCP v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=554|LPort=8554|LPort=8555|LPort=8556|LPort=8557|LPort=8558|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|Name=@FirewallAPI.dll,-30761|Desc=@FirewallAPI.dll,-30764|EmbedCtxt=@FirewallAPI.dll,-30752| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@MCX-Out-TCP v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|Name=@FirewallAPI.dll,-30765|Desc=@FirewallAPI.dll,-30768|EmbedCtxt=@FirewallAPI.dll,-30752| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@MCX-In-UDP v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=7777|LPort=7778|LPort=7779|LPort=7780|LPort=7781|LPort=5004|LPort=5005|LPort=50004|LPort=50005|LPort=50006|LPort=50007|LPort=50008|LPort=50009|LPort=50010|LPort=50011|LPort=50012|LPort=50013|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|Name=@FirewallAPI.dll,-30801|Desc=@FirewallAPI.dll,-30804|EmbedCtxt=@FirewallAPI.dll,-30752| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@MCX-Out-UDP v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\ehome\ehshell.exe|Name=@FirewallAPI.dll,-30805|Desc=@FirewallAPI.dll,-30808|EmbedCtxt=@FirewallAPI.dll,-30752| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@MCX-Prov-Out-TCP v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\ehome\mcx2prov.exe|Name=@FirewallAPI.dll,-30812|Desc=@FirewallAPI.dll,-30813|EmbedCtxt=@FirewallAPI.dll,-30752| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@MCX-McrMgr-Out-TCP v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\ehome\mcrmgr.exe|Name=@FirewallAPI.dll,-30818|Desc=@FirewallAPI.dll,-30819|EmbedCtxt=@FirewallAPI.dll,-30752| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{FD7034DD-2C46-4F36-84FF-FF39AB181E40} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{02AE308F-F380-4507-90EC-5941FB164C0E} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{B1CBD0C6-BFE6-4C83-AC24-5A405A727A3A} v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Public|App=C:\Program Files\Soluto\SolutoRemoteDirect.exe|Name=Soluto Direct Remote Access| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{F525020D-8799-4B0E-AB64-CE8DFCE7FD4A} v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Public|App=C:\Program Files\Soluto\Soluto.exe|Name=Soluto Tray| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{D608AA71-057E-4019-A4EE-A493E7A7F5CA} v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Public|App=C:\Program Files\Soluto\SolutoCleanup.exe|Name=Soluto Cleanup| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{DBC28A29-1979-41F7-97E1-515E04EA244B} v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Public|App=C:\Program Files\Soluto\SolutoConsole.exe|Name=Soluto Console| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{59B7C93F-B57D-4BDA-84E9-064914F6368E} v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Public|App=C:\Program Files\Soluto\SolutoUpdateService.exe|Name=Soluto Update Service| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{8C999779-3CA7-41EE-8785-00D687BACC9A} v2.22|Action=Allow|Active=TRUE|Dir=In|Profile=Public|App=C:\Program Files\Soluto\SolutoService.exe|Name=Soluto Service| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{C6963C3B-C9E7-4E4D-BB7C-2D8F05F45090} v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe|Name=CyberLink PowerDVD 12 DMREngine|Desc=CyberLink PowerDVD 12 DMREngine| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{5E7405F1-CC85-41C5-AD70-2012FF4A1198} v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe|Name=CyberLink PowerDVD 12 Media Server Service|Desc=CyberLink Media Server| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{A80ACF0C-3DA6-4945-AA82-E2D6E1D64183} v2.22|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe|Name=CyberLink PowerDVD12 Agent|Desc=CyberLink PowerDVD12 Agent| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{D44225D9-86CC-4822-A749-5300366D1A87} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe|Name=MediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{9C81015E-F9AA-47BE-87DB-8AEDC509C39A} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe|Name=MediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{95072704-8C3B-4097-AF0F-DB51775B3A2A} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe|Name=MediaWindowsUpnpMV| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{BFEA577A-364F-4169-A050-1010CC6055B9} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe|Name=MediaWindowsUpnpMV| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{D8DA3B75-E252-4DFF-B561-355E07899C41} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe|Name=AcerMediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{64DD5399-9614-4A7D-96C8-578B9B9E86AF} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\Acer Media\DMCDaemon.exe|Name=AcerMediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{95356622-9897-456E-87D3-CC035A68673F} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe|Name=AcerMediaWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{1233DB54-82AD-41BA-89F1-0C080D264941} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\Acer Media\WindowsUpnpMV.exe|Name=AcerMediaWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{3D45414F-EBD1-44A9-AB62-B3FFC9A68C94} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe|Name=PhotoDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{BA4D446F-EAB6-4597-9706-13F306899F0D} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe|Name=PhotoDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{A3AF3D55-7908-47E0-9ED2-3B47E67C05E3} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe|Name=PhotoWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{C49A6EF1-0D8E-4E4B-A66B-3D150857F59F} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe|Name=PhotoWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{158682B3-AE89-43D0-AC1F-0EA1F5AEC615} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe|Name=AcerPhotoDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{93FDB3F4-664B-4851-AC60-7AB76E83550C} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\Acer Photo\DMCDaemon.exe|Name=AcerPhotoDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{67EBAE87-0692-41A3-93A5-73A99B4F4E1E} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe|Name=AcerPhotoWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{F8CD4FB9-C205-449D-A31E-93D479DB8347} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\Acer Photo\WindowsUpnp.exe|Name=AcerPhotoWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{60B7D33E-7FBA-4EFF-8E6B-413E28685A91} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\Acer Portal\ccd.exe|Name=AcerPortalccd| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{8BF9C8BF-135C-41E0-BF4F-061C5CCB0137} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\Acer Portal\ccd.exe|Name=AcerPortalccd| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{AC24632B-3E12-47BC-A394-C4611A03BCF4} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe|Name=AcerPortalsdd| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{A4BDC268-8EDB-4FFE-BA72-12D20D72E2F2} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\Acer Portal\Sdd.exe|Name=AcerPortalsdd| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{1257B7FF-5FB8-4E0A-ABE5-14D5A4C129CD} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe|Name=AcerPortalvirtualdrive| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{C4B6C4AB-7C4F-4380-A808-412A81D36C07} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\Acer Portal\virtualdrive.exe|Name=AcerPortalvirtualdrive| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{6453540F-3946-4668-9802-36BE1E38E580} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe|Name=abPhotoDMCDaemon2| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{4BBCC4BA-CEFB-4CFC-9B71-AB57D0D91474} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abPhoto_\DMCDaemon.exe|Name=abPhotoDMCDaemon2| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{D1FC5904-D183-4D91-A033-FEC060F7E6CE} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe|Name=abPhotoWindowsUpnp2| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{78C0002A-2C7B-418A-90F7-A971DE857AF4} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abPhoto_\WindowsUpnp.exe|Name=abPhotoWindowsUpnp2| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{351EDC3C-1B92-4175-8EDC-17A65229890B} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe|Name=MediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{6C3396A8-EE1A-415A-AFD2-3C0B39F01D9F} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe|Name=MediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{E0CF061F-31CC-40D7-A152-E6557BB31D08} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe|Name=MediaWindowsUpnpMV| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{40D9961A-6C7D-4BEC-B4BF-DACA5319E21E} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe|Name=MediaWindowsUpnpMV| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{2D59E1EA-C75F-4EAE-B345-E04FE153E044} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe|Name=abMediaDMCDaemon2| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{863780F5-BEFB-4182-8E3F-D52AD27C972F} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe|Name=abMediaDMCDaemon2| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{73C431B9-524E-4A7C-929B-67C3994B0365} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe|Name=abMediaWindowsUpnp2| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{EEF6F376-77C3-4DEC-9580-29199E2EEFE8} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe|Name=abMediaWindowsUpnp2| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{C5856DD0-1456-4ED3-A989-626CC1C6430A} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=MediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{FA7CDE11-D254-4A19-8977-865E10678596} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=MediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{BB048FE5-FFFF-400D-9742-2657EC4317F1} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=MediaWindowsUpnpMV| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{FC1CD0C7-718C-4DA6-858F-E0ABB2874759} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=MediaWindowsUpnpMV| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{57B5053E-75E3-4500-BCC0-3BF76AA3729A} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=abMediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{8E48B75E-6E59-4097-90DD-FB955ECA6E83} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=abMediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{506BEC63-9383-4150-95F7-3613B02568A0} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=abMediaWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{AAF57551-3BD7-4225-99FB-518D34DAD8E0} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=abMediaWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{E031BE8A-E06B-4770-ABBC-B37BDFCFB740} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{90D536E2-A379-4B9E-A961-F66E7DEE831C} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=MediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{4ABE393F-4246-4566-84E0-996592110143} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=MediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{9608A2EF-C9C7-4394-9ED8-76920DBD0CED} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=MediaWindowsUpnpMV| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{CCB7824C-E4A0-417E-B6CA-49E3F653C4A1} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=MediaWindowsUpnpMV| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{D1CA13A7-7043-49EE-A232-7C5C66E65D75} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=abMediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{96B186E9-9BB0-45D6-8D0F-B2BF74CB4427} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=abMediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{FDF49FAA-6C80-4990-9D67-BB6125BC8E40} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=abMediaWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{5628E78F-92A2-4973-99CC-3289BB10A844} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=abMediaWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{75EDDCB9-4C72-452E-A4DB-3FB1998A725B} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=MediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{7D678E2A-83DE-4337-94AE-F34C45274CDE} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=MediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{9896AF7B-8D0A-40E1-A194-2641147CA5E6} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=MediaWindowsUpnpMV| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{A358DD29-82C9-4C3E-87FD-59D50A569FEE} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=MediaWindowsUpnpMV| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{0669D26B-8AF5-46A9-B53E-5C394F206E2F} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=abMediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{E01FD7C0-C423-4B09-A084-434FF48B6245} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=abMediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{37F7C59E-22ED-4CB4-BFA7-48890DC9859B} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=abMediaWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{F645874C-2A0A-4D29-B0D2-30164C3A52DB} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=abMediaWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{698058C9-C09C-4A50-BD23-8AAB6F447048} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=MediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{0E44ADA0-D40F-4C8B-813B-0EF9A6A7E777} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=MediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{328C23B8-3D58-40F7-AFA1-8DD43AD3673B} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=MediaWindowsUpnpMV| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{56B7BA16-A0CF-4804-8EC3-369ADD249C7F} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=MediaWindowsUpnpMV| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@TCP Query User{019B1D75-2192-402E-88F7-0C2BEBFDC83C}C:\program files (x86)\java\jre6\bin\javaw.exe v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\java\jre6\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@UDP Query User{EA7AA5A2-7953-4355-AAFE-ECCFBA02CE50}C:\program files (x86)\java\jre6\bin\javaw.exe v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\java\jre6\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{3F9A499B-8424-4493-8FD4-147B967D7734} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=abMediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{E9F30BEE-251E-465E-B7D4-62972671ABF1} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe|Name=abMediaDMCDaemon| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{8586ACCA-B70D-4166-96E5-2DFDD353C919} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=abMediaWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{15B8977B-88FF-4203-B56A-848A10BD9930} v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe|Name=abMediaWindowsUpnp| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@TCP Query User{1C39341C-4794-4919-AA3B-911B8F2C9E77}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@UDP Query User{4E1ADCB1-5632-44B3-AAB3-F88E39F45139}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe|Name=Java(TM) Platform SE binary|Desc=Java(TM) Platform SE binary|Defer=User| Reg HKLM\SYSTEM\CurrentControlSet\Services\Soluto\Parameters@EmergencyState 13 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 49 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE206719-A197-41A1-BA98-DFD12485DD7A}@LeaseObtainedTime 1461156105 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE206719-A197-41A1-BA98-DFD12485DD7A}@T1 1461199305 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE206719-A197-41A1-BA98-DFD12485DD7A}@T2 1461213705 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE206719-A197-41A1-BA98-DFD12485DD7A}@LeaseTerminatesTime 1461242505 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 7970 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 7971 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 7804 7810 7820 7830 7850 7894 7904 7942 7948 7964 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\. Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.\OpenWithList Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\OpenWithList Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ccf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dlc Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hst Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hst\OpenWithList Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm# Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm#\OpenWithList Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jdc Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.metalink Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt# Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.odt#\OpenWithList Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsdf Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore@Count 51 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\iexplore@Count 51 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\iexplore@Blocked 51 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count 28 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore@Count 51 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0xCC 0x10 0x60 0x02 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsBandwidthBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xB8 0x23 0xF1 0x29 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xB8 0x23 0xF1 0x29 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter 15646 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherRequestBucketCounter 439 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xB8 0x23 0xF1 0x29 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 70898 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 439 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xB8 0x23 0xF1 0x29 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0x09 0x58 0xDE 0x26 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63596754258330%3bID%3dC109F28B470037B!837%3bLR%3d63596753941297%3bEP%3d5%3bSI%3d0%3bTD%3dTrue%3bSO%3d0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 17 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh 0x66 0xFA 0xA8 0x73 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified 0x00 0x9F 0xB7 0xC4 ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\ProgramData\MobileBrServ\Temp\MobileBrServ\mbbServiceSetup.exe 1 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----