GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-23 21:07:31 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000031 WDC_WD5000LPVT-24G33T1 rev.02.01A02 465,76GB Running: c8umlkeb.exe; Driver: C:\Users\damci\AppData\Local\Temp\uwndypow.sys ---- User code sections - GMER 2.2 ---- ? C:\Windows\system32\apphelp.dll [5584] entry point in ".rdata" section 000000007407f7c0 ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\svchost.exe [664:6048] 000001fa04f87374 Thread C:\Windows\system32\svchost.exe [664:3424] 000001fa04f87374 Thread C:\Windows\system32\svchost.exe [664:2820] 000001fa04f90bdc Thread C:\Windows\system32\svchost.exe [664:2816] 000001fa04f90bdc Thread C:\Windows\system32\svchost.exe [664:2808] 000001fa04f90bdc Thread C:\Windows\System32\RuntimeBroker.exe [3996:2656] 00007ffad38e20e0 ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffae3dd4fe0 16 bytes {MOV RAX, 0x7ff65bca0d60; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00007ffae3dd4fe0 16 bytes {MOV RAX, 0x7ff65bca0d60; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffae3dd52c0 16 bytes {MOV RAX, 0x7ff65bca0de0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00007ffae3dd52c0 16 bytes {MOV RAX, 0x7ff65bca0de0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffae3dd5300 16 bytes {MOV RAX, 0x7ff65bca11d0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00007ffae3dd5300 16 bytes {MOV RAX, 0x7ff65bca11d0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffae3dd5320 16 bytes {MOV RAX, 0x7ff65bca0fc0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 00007ffae3dd5320 16 bytes {MOV RAX, 0x7ff65bca0fc0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffae3dd5340 16 bytes {MOV RAX, 0x7ff65bca0c40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffae3dd5340 16 bytes {MOV RAX, 0x7ff65bca0c40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6988] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00007ffae3dd5340 16 bytes {MOV RAX, 0x7fface5c64e0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffae3dd5380 16 bytes {MOV RAX, 0x7ff65bca0cb0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00007ffae3dd5380 16 bytes {MOV RAX, 0x7ff65bca0cb0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffae3dd5420 16 bytes {MOV RAX, 0x7ff65bca0e50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00007ffae3dd5420 16 bytes {MOV RAX, 0x7ff65bca0e50; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffae3dd5440 16 bytes {MOV RAX, 0x7ff65bca1220; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessTokenEx 00007ffae3dd5440 16 bytes {MOV RAX, 0x7ff65bca1220; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffae3dd54a0 16 bytes {MOV RAX, 0x7ff65bca0f40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00007ffae3dd54a0 16 bytes {MOV RAX, 0x7ff65bca0f40; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffae3dd55e0 16 bytes {MOV RAX, 0x7ff65bca0f80; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00007ffae3dd55e0 16 bytes {MOV RAX, 0x7ff65bca0f80; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffae3dd58e0 16 bytes {MOV RAX, 0x7ff65bca0ec0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00007ffae3dd58e0 16 bytes {MOV RAX, 0x7ff65bca0ec0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffae3dd7150 16 bytes {MOV RAX, 0x7ff65bca1200; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00007ffae3dd7150 16 bytes {MOV RAX, 0x7ff65bca1200; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffae3dd7210 16 bytes {MOV RAX, 0x7ff65bca11a0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00007ffae3dd7210 16 bytes {MOV RAX, 0x7ff65bca11a0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffae3dd74b0 16 bytes {MOV RAX, 0x7ff65bca0fa0; JMP RAX} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00007ffae3dd74b0 16 bytes {MOV RAX, 0x7ff65bca0fa0; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [1bf31d6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [1bf31d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [1bf31d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [1bf31d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [1bf31d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [1bf31d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[GDI32.dll!GetStockObject] [1bf31d6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [1ee67f2002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [1ee67f2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [1ee67f2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [1ee67f2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [1ee67f2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [1ee67f2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[GDI32.dll!GetStockObject] [1ee67f2006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\USER32.dll[GDI32.dll!GdiDllInitialize] [24756d1002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\SHLWAPI.dll[GDI32.dll!GetStockObject] [24756d1006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\USER32.dll[GDI32.dll!GetStockObject] [24756d1006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\ole32.dll[GDI32.dll!GetStockObject] [24756d1006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\SHELL32.dll[GDI32.dll!GetStockObject] [24756d1006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\COMDLG32.dll[GDI32.dll!GetStockObject] [24756d1006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[GDI32.dll!GetStockObject] [24756d1006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.0_none_acd6c01ad1498de0\gdiplus.dll[GDI32.dll!GetStockObject] [24756d1006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffab2ed25e8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffab2ed25e8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7ffab2ed25e8] C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffae3b6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffae3b6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffae3b6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6300] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffae3b6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffae3b6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffae3b6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffae3b6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4032] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffae3b6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\ole32.dll[USER32.dll!RegisterClassW] [7ffae3b6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\SHELL32.dll[USER32.dll!RegisterClassW] [7ffae3b6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!RegisterClassW] [7ffae3b6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[USER32.dll!RegisterClassW] [7ffae3b6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\SHELL32.dll[USER32.dll!EnumDisplayMonitors] [7ffae3b6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!EnumDisplayMonitors] [7ffae3b6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[USER32.dll!EnumDisplayMonitors] [7ffae3b6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\AppPatch\AppPatch64\AcGenral.dll[USER32.dll!GetMonitorInfoW] [7ffae3b6012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\SHELL32.dll[USER32.dll!GetMonitorInfoW] [7ffae3b6012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\IMM32.DLL[USER32.dll!GetMonitorInfoW] [7ffae3b6012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\System32\COMDLG32.dll[USER32.dll!GetMonitorInfoW] [7ffae3b6012c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1632] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.0_none_2d0f50fcbdb171b8\COMCTL32.dll[USER32.dll!GetMonitorInfoW] [7ffae3b6012c] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [680:728] fffff40ad7d36c20 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration 15 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{D62A68EE-3929-4F6E-9410-A9F52929CCD9}\Connection@Name Reusable ISATAP Interface {D62A68EE-3929-4F6E-9410-A9F52929CCD9} Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@SETUPEXECUTE Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 239340569 Reg HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller@Events Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\f406691862c5 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{D62A68EE-3929-4F6E-9410-A9F52929CCD9}@InterfaceName Reusable ISATAP Interface {D62A68EE-3929-4F6E-9410-A9F52929CCD9} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{D62A68EE-3929-4F6E-9410-A9F52929CCD9}@ReusableType 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{D62A68EE-3929-4F6E-9410-A9F52929CCD9}@DefunctTimestamp 0x16 0x1B 0xD4 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\34-ba-9a-0e-dc-a8@AddressCreationTimestamp 0x25 0xA3 0xE4 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\34-ba-9a-0e-dc-a8@NatDetectionTimestamp 0x8E 0x96 0xE4 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\34-ba-9a-0e-dc-a8@TeredoAddress 2001:0:9d38:90d7:3434:bce0:da07:66bd Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 321 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 105 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{9C692876-C399-4D9D-9154-5031750C1B08} v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Paradise Bay|Desc=Paradise Bay|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1947118478-2479954299-1853165592-943964087-1849639575-3164417112-1118570905|EmbedCtxt=Paradise Bay|Platform=2:6:2|Platform2=GTEQ| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{D1DACEDD-F042-47BC-AB0E-9056F6C698E2} v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Minecraft: Windows 10 Edition|Desc=Minecraft: Windows 10 Edition|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft: Windows 10 Edition|Platform=2:6:2|Platform2=GTEQ| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{E345E353-6386-4A51-A5DB-4A86FCAE0D2C} v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Minecraft: Windows 10 Edition|Desc=Minecraft: Windows 10 Edition|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft: Windows 10 Edition|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{DC13CE8E-9B4B-4D3C-A04B-CD3DB55274EE} v2.26|Action=Block|Active=TRUE|Dir=In|Name=Paradise Bay|Desc=Paradise Bay|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1947118478-2479954299-1853165592-943964087-1849639575-3164417112-1118570905|EmbedCtxt=Paradise Bay| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{BECB9E53-6F08-4EA3-8882-EB81BB99A8C2} v2.26|Action=Block|Active=TRUE|Dir=Out|Name=Paradise Bay|Desc=Paradise Bay|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1947118478-2479954299-1853165592-943964087-1849639575-3164417112-1118570905|EmbedCtxt=Paradise Bay| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{26993C31-BFAF-4E41-BD31-1D0AEA0FD43B} v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=Paradise Bay|Desc=Paradise Bay|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1947118478-2479954299-1853165592-943964087-1849639575-3164417112-1118570905|EmbedCtxt=Paradise Bay| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{8D6D69D0-A213-4E73-8002-A78A491A1221} v2.26|Action=Block|Active=TRUE|Dir=In|Name=Minecraft: Windows 10 Edition|Desc=Minecraft: Windows 10 Edition|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft: Windows 10 Edition| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{509377ED-F36E-457F-B65C-C33BD7E6CCBC} v2.26|Action=Block|Active=TRUE|Dir=Out|Name=Minecraft: Windows 10 Edition|Desc=Minecraft: Windows 10 Edition|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft: Windows 10 Edition| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{15702EDB-9E96-42DB-B1E1-9AD421B97268} v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|RA42=IntrAnet|RA62=IntrAnet|Name=Minecraft: Windows 10 Edition|Desc=Minecraft: Windows 10 Edition|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft: Windows 10 Edition| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{BFC749B3-ABCC-4DC1-B8BC-98DF6DBAF413} v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntrAnet|RA62=IntrAnet|Name=Minecraft: Windows 10 Edition|Desc=Minecraft: Windows 10 Edition|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft: Windows 10 Edition| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{5EED8029-9F2B-4D4F-A238-9A1612545806} v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Private|Profile=Public|RA42=RmtIntrAnet|RA62=RmtIntrAnet|Name=Minecraft: Windows 10 Edition|Desc=Minecraft: Windows 10 Edition|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft: Windows 10 Edition|Security=Authenticate| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{403C0E2D-DC7B-4CFD-ABC6-0FC5C0282A6A} v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Private|Profile=Public|RA42=RmtIntrAnet|RA62=RmtIntrAnet|Name=Minecraft: Windows 10 Edition|Desc=Minecraft: Windows 10 Edition|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-3)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft: Windows 10 Edition|Security=Authenticate| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{58AF760B-59A2-4A5D-AA66-32E9EC29B189} v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=Minecraft: Windows 10 Edition|Desc=Minecraft: Windows 10 Edition|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-2)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft: Windows 10 Edition| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{FCD95C7B-CBF7-4B78-8849-92FBBCCE0644} v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=Minecraft: Windows 10 Edition|Desc=Minecraft: Windows 10 Edition|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-2)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-3202557039-1415719484-1137328956-1001|AppPkgId=S-1-15-2-1958404141-86561845-1752920682-3514627264-368642714-62675701-733520436|EmbedCtxt=Minecraft: Windows 10 Edition| Reg HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\TabletInputService Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bef574bc-8b61-4096-a727-1e15df7e2c59}@LeaseObtainedTime 1490293275 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bef574bc-8b61-4096-a727-1e15df7e2c59}@T1 1490336475 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bef574bc-8b61-4096-a727-1e15df7e2c59}@T2 1490368875 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bef574bc-8b61-4096-a727-1e15df7e2c59}@LeaseTerminatesTime 1490379675 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{6c518ee7-3295-408a-984f-5ecdad4e6523}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{bef574bc-8b61-4096-a727-1e15df7e2c59}@Dhcpv6State 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xD2 0x15 0x75 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xD2 0x7D 0x39 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xD2 0xAD 0xB0 0xC7 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 9830 9836 9848 9858 9868 9888 9932 9942 9980 9986 10002 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 10008 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 10009 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 9830 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 9831 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search@JumpListChangedAppIds {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe?Chrome.UserData.Profile1? Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe 0xDF 0x9F 0x98 0x83 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@Chrome.UserData.Profile1 0x0E 0x1B 0xF5 0x4A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate@LastScheduledRetryTime 2017-03-23 15:21:44 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----