GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-06-27 19:32:52 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e ST1000DM003-1SB10C rev.CC43 931,51GB Running: k5b9vnd1.exe; Driver: C:\Users\PIOTRN~1\AppData\Local\Temp\uglyrpog.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600009aa00 15 bytes [00, 31, EF, 01, 00, 36, 6A, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff9600009aa10 11 bytes [00, E4, FB, FF, C0, 4B, E6, ...] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\csrss.exe [572:596] fffff960008ff2d0 ---- Services - GMER 2.2 ---- Service C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe (*** hidden *** ) [DISABLED] ZAPrivacyService <-- ROOTKIT !!! ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control@LastBootShutdown 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ?????????????????? ??????????????????&????4?????????SWD\PRINTENUM\PrintQueues????????????????&???????????l???????????&???????????????d????????????????N?????????????????????????????????????????????????????????????????? ???9????????????????$?????????? T???????????????????N???????????D?????? p??????????????????????????????????&??? $?????????????????Local Print Queue?????H?????????????????Local Print Queue???????????????????????Microsoft????????????&??????????????Microsoft???????????????????????? ??????????????????6-21-2006???????????????PrintQueue.inf???&??????? ??????????????n???6.3.9600.16384??????????????????6.3.9600.16384??????????PrintQueue.inf????????4??????????????????????&????l??????&???????&??????? ??????????????????NO_DRV_LOCAL????????????????NO_DRV_LOCAL?????????????????&???????&????4?????????????????PRINTENUM\LocalPrintQueue??????????????$????????PRINTENUM\LocalPrintQueue????????????????????&???&???&???&???&??????????Send To OneNote 2013?l???#?$????????????????lA???????&????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x07 0x4A 0x62 0xD0 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x53 0xF5 0x2A 0x8C ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x07 0x4A 0x62 0xD0 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x53 0xF5 0x2A 0x8C ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 69 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\GSM4B0020033_06_07D7_01^7456786429350C1A9C272A10F633A20D@Timestamp 0x04 0xA4 0xED 0xA1 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 640 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{EF0CD417-ED18-4438-B0BF-9146D95CAC45}\Connection@Name Reusable ISATAP Interface {EF0CD417-ED18-4438-B0BF-9146D95CAC45} Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\PIOTRN~1\AppData\Local\Temp\_iu14D2N.tmp??\??\C:\Users\PIOTRN~1\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\PIOTRN~1\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\PIOTRN~1\AppData\Local\Temp\nsu4407.tmp\??\??\C:\Users\PIOTRN~1\AppData\Local\Temp\nsu4407.tmp\Lang\ENU.dll??\??\C:\Users\PIOTRN~1\AppData\Local\Temp\nsu4407.tmp\Lang\PLK.dll??\??\C:\Users\PIOTRN~1\AppData\Local\Temp\nsu4407.tmp\SetupHelper.exe??\??\C:\Users\PIOTRN~1\AppData\Local\Temp\nsu4407.tmp\??\??\C:\Config.Msi\a1615e2.rbf??\??\C:\Windows\SysWOW64\ICSLTA.DLL??\??\C:\Windows\SysWOW64\VSDATA.DLL??\??\C:\Windows\SysWOW64\VSINIT.DLL??\??\C:\Windows\SysWOW64\VSMONAPI.DLL??\??\C:\Windows\SysWOW64\VSPUBAPI.DLL??\??\C:\Windows\SysWOW64\VSUTIL.DLL??\??\C:\Windows\SysWOW64\VSUTIL_LOC0407.DLL??\??\C:\Windows\SysWOW64\VSUTIL_LOC040C.DLL??\??\C:\Windows\SysWOW64\VSUTIL_LOC0410.DLL??\??\C:\Windows\SysWOW64\VSUTIL_LOC0411.DLL??\??\C:\Windows\SysWOW64\VSUTIL_LOC0419.DLL??\??\C:\Windows\SysWOW64\VSUTIL_LOC0C0A.DLL??\??\C:\Windows\SysWOW64\VSWMI Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900053 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 1421320331 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 76 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 477124310 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 7655 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 3aa961fc-3caf-4dd8-984f-4bfb782 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 4 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\acpiex\Parameters\Wdf@TimeOfLastSqmLog 0x33 0xA5 0x7D 0x85 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastSqmLog 0x21 0xF7 0x9C 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{7369be52-7cbf-47be-bfea-cb4d60bf8bc2}@LastProbeTime 1466886128 Reg HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastSqmLog 0x5B 0x6C 0xB2 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\intelppm\Parameters\Wdf@TimeOfLastSqmLog 0xEE 0xA4 0xEB 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{EF0CD417-ED18-4438-B0BF-9146D95CAC45}@InterfaceName Reusable ISATAP Interface {EF0CD417-ED18-4438-B0BF-9146D95CAC45} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{EF0CD417-ED18-4438-B0BF-9146D95CAC45}@ReusableType 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\iwdbus\Parameters\Wdf@TimeOfLastSqmLog 0xEE 0xA4 0xEB 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\KLIF\Parameters@LastFileRevision 1114147 Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastSqmLog 0x8A 0x52 0x0A 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\msisadrv\Parameters\Wdf@TimeOfLastSqmLog 0xCC 0x7C 0x95 0x85 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastSqmLog 0xEE 0xA4 0xEB 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog 0xDF 0x8E 0xE9 0x94 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?So?, ?cze ?25 ?16, 08:23:12??????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 3275 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 904 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 66 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA3BB4A6-4C1D-4BAD-82AF-EB3D9F48F5D3}@LeaseObtainedTime 1467051711 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA3BB4A6-4C1D-4BAD-82AF-EB3D9F48F5D3}@T1 1467138111 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA3BB4A6-4C1D-4BAD-82AF-EB3D9F48F5D3}@T2 1467202911 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA3BB4A6-4C1D-4BAD-82AF-EB3D9F48F5D3}@LeaseTerminatesTime 1467224511 Reg HKLM\SYSTEM\CurrentControlSet\Services\UCX01000\Parameters\Wdf@TimeOfLastSqmLog 0x12 0x8F 0x51 0x89 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastSqmLog 0x6E 0x59 0x9F 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastSqmLog 0xEB 0xA5 0x09 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastSqmLog 0x8A 0xBA 0xC0 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrvroot\Parameters\Wdf@TimeOfLastSqmLog 0xDF 0xDD 0xB6 0x85 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vwifibus\Parameters\Wdf@TimeOfLastSqmLog 0xE7 0x43 0xCA 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\ZAPrivacyService Reg HKLM\SYSTEM\CurrentControlSet\Services\ZAPrivacyService@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\ZAPrivacyService@Start 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\ZAPrivacyService@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\ZAPrivacyService@ImagePath "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe" Reg HKLM\SYSTEM\CurrentControlSet\Services\ZAPrivacyService@DisplayName ZoneAlarm Privacy Service Reg HKLM\SYSTEM\CurrentControlSet\Services\ZAPrivacyService@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\ZAPrivacyService@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\ZAPrivacyService@Description ZoneAlarm Privacy Service Reg HKLM\SYSTEM\CurrentControlSet\Services\ZAPrivacyService@DelayedAutostart 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\ZAPrivacyService@FailureActions 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\ZAPrivacyService@DeleteFlag 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\ZAPrivacyService Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesChanges 52 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 209 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@PolicyDocumentLastRefresh 0x26 0x2F 0xE3 0xC8 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsBandwidthBucketCounter 1135 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsBandwidthBucketDrainTime 0xA2 0x86 0xCC 0x4F ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 184 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x60 0x59 0xA2 0xC8 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsLargeBandwidthBucketCounter 458727 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeBandwidthBucketDrainTime 0xB6 0x9F 0xA1 0xE0 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsLargeRequestBucketCounter 99 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x60 0x59 0xA2 0xC8 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherBandwidthBucketDrainTime 0xA2 0x86 0xCC 0x4F ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherRequestBucketCounter 0 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x60 0x59 0xA2 0xC8 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 771442 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalBandwidthBucketDrainTime 0xE8 0x50 0x54 0x52 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 235 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x60 0x59 0xA2 0xC8 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0x0D 0xBC 0xA4 0xC8 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 506 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.bingweather_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.helpandtips_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.media.playreadyclient.2_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.mocamera_cw5n1h2txyewy-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.office.onenote_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.reader_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.skypeapp_kzf8qxf38zg5c-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\Microsoft.VCLibs.110.00_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.vclibs.120.00_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.windowsalarms_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.windowscalculator_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.windowscommunicationsapps_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.windowsreadinglist_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.windowsscan_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.windowssoundrecorder_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\Microsoft.WinJS.1.0_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.winjs.2.0_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.xboxlivegames_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.xboxonesmartglass_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\microsoft.zunemusic_8wekyb3d8bbwe-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\sonicwall.mobileconnect_cw5n1h2txyewy-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\windows.immersivecontrolpanel_cw5n1h2txyewy-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\packagestate\winstore_cw5n1h2txyewy-0@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\accessibility@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\aep@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\appsync@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\backstack@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\commandprompt@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\credentials@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\emojimfu@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\explorer@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\homegroup@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\imejpn@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\imekor@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\inputpersonalization@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\inputsettings@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\language@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\lockscreen@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\moimechs@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\mouse@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\narrator@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\openwith@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\osk@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\picturepasswordpicture@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\precisiontouchpadsettings@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\screenmagnifier@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\secondarytiles@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\slideshow@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\spellingdictionary@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\startlayout@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\startpersonalization@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\storepurchaseinformation@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\taskbar@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\tethering@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\theme@PendingOperations 13 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\userlibraries@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\usertile@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\windowcolorization@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\wireless@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\aff540dc.pcbenchmark_v7353qx4kg3sa@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\checkpoint.vpn_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\f5.vpn.client_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\filemanager_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\junipernetworks.junospulsevpn_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingfinance_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingfoodanddrink_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.binghealthandfitness_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingmaps_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingnews_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingsports_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingtravel_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.bingweather_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.helpandtips_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.media.playreadyclient.2_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.mocamera_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.office.onenote_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.reader_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.skypeapp_kzf8qxf38zg5c@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\Microsoft.VCLibs.110.00_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.vclibs.120.00_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowsalarms_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowscalculator_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowscommunicationsapps_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowsreadinglist_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowsscan_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowssoundrecorder_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\Microsoft.WinJS.1.0_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.winjs.2.0_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.xboxlivegames_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.xboxonesmartglass_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.zunemusic_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.zunevideo_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-aff540dc.pcbenchmark_v7353qx4kg3sa@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-checkpoint.vpn_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-f5.vpn.client_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-filemanager_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-junipernetworks.junospulsevpn_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingfinance_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingfoodanddrink_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.binghealthandfitness_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingmaps_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingnews_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingsports_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingtravel_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingweather_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.helpandtips_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.media.playreadyclient.2_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.mocamera_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.office.onenote_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.reader_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.skypeapp_kzf8qxf38zg5c@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\Notifications-Microsoft.VCLibs.110.00_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.vclibs.120.00_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowsalarms_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowscalculator_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowscommunicationsapps_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowsreadinglist_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowsscan_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowssoundrecorder_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\Notifications-Microsoft.WinJS.1.0_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.winjs.2.0_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.xboxlivegames_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.xboxonesmartglass_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.zunemusic_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.zunevideo_8wekyb3d8bbwe@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-sonicwall.mobileconnect_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-windows.immersivecontrolpanel_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-winstore_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\sonicwall.mobileconnect_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\windows.immersivecontrolpanel_cw5n1h2txyewy@PendingOperations 12 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\winstore_cw5n1h2txyewy@PendingOperations 12 ---- EOF - GMER 2.2 ----