GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-18 13:11:34 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHY2120BH rev.890B Running: 8umlzwc9.exe; Driver: C:\Users\Piotr\AppData\Local\Temp\kgloapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA834BF3C] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA834BFE4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA834C080] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA834C11C] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 81A77369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81AB0D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 81AB8054 4 Bytes [3C, BF, 34, A8] {CMP AL, 0xbf; XOR AL, 0xa8} .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 81AB8324 8 Bytes [E4, BF, 34, A8, 80, C0, 34, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 81AB8398 4 Bytes [1C, C1, 34, A8] {SBB AL, 0xc1; XOR AL, 0xa8} PAGE peauth.sys A835DB9B 72 Bytes [8E, 3A, A2, E9, 27, 7A, AC, ...] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A92EB000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A92EB123 629 Bytes [65, 2E, A9, FE, 05, 34, 65, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A92EB399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A92EB3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A92EB4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtCreateFile + 6 770B55CE 4 Bytes [28, 00, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtCreateFile + B 770B55D3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtMapViewOfSection + 6 770B5C2E 1 Byte [28] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtMapViewOfSection + 6 770B5C2E 4 Bytes [28, 03, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtMapViewOfSection + B 770B5C33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenFile + 6 770B5CDE 4 Bytes [68, 00, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenFile + B 770B5CE3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcess + 6 770B5D8E 4 Bytes [A8, 01, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcess + B 770B5D93 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcessToken + B 770B5DA3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcessTokenEx + 6 770B5DAE 4 Bytes [A8, 02, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenProcessTokenEx + B 770B5DB3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThread + 6 770B5E0E 4 Bytes [68, 01, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThread + B 770B5E13 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThreadToken + 6 770B5E1E 4 Bytes [68, 02, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThreadToken + B 770B5E23 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtOpenThreadTokenEx + B 770B5E33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtQueryAttributesFile + 6 770B5F3E 4 Bytes [A8, 00, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtQueryAttributesFile + B 770B5F43 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtQueryFullAttributesFile + B 770B5FF3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtSetInformationFile + 6 770B663E 4 Bytes [28, 01, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtSetInformationFile + B 770B6643 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtSetInformationThread + 6 770B669E 4 Bytes [28, 02, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtSetInformationThread + B 770B66A3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtUnmapViewOfSection + 6 770B69BE 1 Byte [68] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtUnmapViewOfSection + 6 770B69BE 4 Bytes [68, 03, 17, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4116] ntdll.dll!NtUnmapViewOfSection + B 770B69C3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtCreateFile + 6 770B55CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtCreateFile + B 770B55D3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtMapViewOfSection + 6 770B5C2E 1 Byte [28] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtMapViewOfSection + 6 770B5C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtMapViewOfSection + B 770B5C33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenFile + 6 770B5CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenFile + B 770B5CE3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcess + 6 770B5D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcess + B 770B5D93 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcessToken + B 770B5DA3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcessTokenEx + 6 770B5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenProcessTokenEx + B 770B5DB3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThread + 6 770B5E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThread + B 770B5E13 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThreadToken + 6 770B5E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThreadToken + B 770B5E23 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtOpenThreadTokenEx + B 770B5E33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtQueryAttributesFile + 6 770B5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtQueryAttributesFile + B 770B5F43 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtQueryFullAttributesFile + B 770B5FF3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtSetInformationFile + 6 770B663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtSetInformationFile + B 770B6643 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtSetInformationThread + 6 770B669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtSetInformationThread + B 770B66A3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtUnmapViewOfSection + 6 770B69BE 1 Byte [68] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtUnmapViewOfSection + 6 770B69BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4204] ntdll.dll!NtUnmapViewOfSection + B 770B69C3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtCreateFile + 6 770B55CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtCreateFile + B 770B55D3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtMapViewOfSection + 6 770B5C2E 1 Byte [28] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtMapViewOfSection + 6 770B5C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtMapViewOfSection + B 770B5C33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenFile + 6 770B5CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenFile + B 770B5CE3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcess + 6 770B5D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcess + B 770B5D93 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessToken + B 770B5DA3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessTokenEx + 6 770B5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenProcessTokenEx + B 770B5DB3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThread + 6 770B5E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThread + B 770B5E13 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadToken + 6 770B5E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadToken + B 770B5E23 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtOpenThreadTokenEx + B 770B5E33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryAttributesFile + 6 770B5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryAttributesFile + B 770B5F43 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtQueryFullAttributesFile + B 770B5FF3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationFile + 6 770B663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationFile + B 770B6643 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationThread + 6 770B669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtSetInformationThread + B 770B66A3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtUnmapViewOfSection + 6 770B69BE 1 Byte [68] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtUnmapViewOfSection + 6 770B69BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[4764] ntdll.dll!NtUnmapViewOfSection + B 770B69C3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtCreateFile + 6 770B55CE 4 Bytes [28, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtCreateFile + B 770B55D3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtMapViewOfSection + 6 770B5C2E 1 Byte [28] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtMapViewOfSection + 6 770B5C2E 4 Bytes [28, 03, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtMapViewOfSection + B 770B5C33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenFile + 6 770B5CDE 4 Bytes [68, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenFile + B 770B5CE3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenProcess + 6 770B5D8E 4 Bytes [A8, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenProcess + B 770B5D93 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenProcessToken + B 770B5DA3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenProcessTokenEx + 6 770B5DAE 4 Bytes [A8, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenProcessTokenEx + B 770B5DB3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenThread + 6 770B5E0E 4 Bytes [68, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenThread + B 770B5E13 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenThreadToken + 6 770B5E1E 4 Bytes [68, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenThreadToken + B 770B5E23 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtOpenThreadTokenEx + B 770B5E33 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtQueryAttributesFile + 6 770B5F3E 4 Bytes [A8, 00, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtQueryAttributesFile + B 770B5F43 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtQueryFullAttributesFile + B 770B5FF3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtSetInformationFile + 6 770B663E 4 Bytes [28, 01, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtSetInformationFile + B 770B6643 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtSetInformationThread + 6 770B669E 4 Bytes [28, 02, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtSetInformationThread + B 770B66A3 1 Byte [E2] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtUnmapViewOfSection + 6 770B69BE 1 Byte [68] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtUnmapViewOfSection + 6 770B69BE 4 Bytes [68, 03, 07, 00] .text C:\Users\Piotr\AppData\Local\Google\Chrome\Application\chrome.exe[5100] ntdll.dll!NtUnmapViewOfSection + B 770B69C3 1 Byte [E2] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xF8 0xF6 0xCC ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xF8 0xF6 0xCC ... Reg HKLM\SOFTWARE\Classes\.avgdx@ Reg HKLM\SOFTWARE\Classes\.avgdx@Content Type AvgDiagExFile Reg HKLM\SOFTWARE\Classes\.avgdx\shell Reg HKLM\SOFTWARE\Classes\.avgdx\shell\AvgDxOpenVerb Reg HKLM\SOFTWARE\Classes\.avgdx\shell\AvgDxOpenVerb@ Otw?rz plik diagnostyczny systemu AVG Reg HKLM\SOFTWARE\Classes\.avgdx\shell\AvgDxOpenVerb\command Reg HKLM\SOFTWARE\Classes\.avgdx\shell\AvgDxOpenVerb\command@ "C:\Program Files\AVG\AVG2012\avgdiagex.exe" /FILE="%1" /UI Reg HKLM\SOFTWARE\Classes\.svg@ svgfile Reg HKLM\SOFTWARE\Classes\.svg@Content Type image/svg+xml Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91IniInterface@ AutoUpd91IniInterface Class Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91IniInterface\CLSID Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91IniInterface\CLSID@ {21D752C0-92A4-4EBF-A85F-349832B74527} Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91IniInterface\CurVer Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91IniInterface\CurVer@ AutoUpd91.AutoUpd91IniInterface.1 Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91IniInterface.1@ AutoUpd91IniInterface Class Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91IniInterface.1\CLSID Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91IniInterface.1\CLSID@ {21D752C0-92A4-4EBF-A85F-349832B74527} Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91Interface@ AutoUpd91Interface Class Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91Interface\CLSID Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91Interface\CLSID@ {FBE45900-B8A5-46FE-ACAA-EF56CC22D998} Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91Interface\CurVer Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91Interface\CurVer@ AutoUpd91.AutoUpd91Interface.1 Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91Interface.1@ AutoUpd91Interface Class Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91Interface.1\CLSID Reg HKLM\SOFTWARE\Classes\AutoUpd91.AutoUpd91Interface.1\CLSID@ {FBE45900-B8A5-46FE-ACAA-EF56CC22D998} Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter@ AVG Safe Search Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter\CLSID Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter\CLSID@ {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter\CurVer Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter\CurVer@ LinkScannerIE.NavFilter.1 Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter.1@ AVG Safe Search Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter.1\CLSID Reg HKLM\SOFTWARE\Classes\LinkScannerIE.NavFilter.1\CLSID@ {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Reg HKLM\SOFTWARE\Classes\MicroScanner.MicroScanner@ Class managing the system scan module Reg HKLM\SOFTWARE\Classes\MicroScanner.MicroScanner\Clsid Reg HKLM\SOFTWARE\Classes\MicroScanner.MicroScanner\Clsid@ {1152F8E0-69DB-4935-AFC3-59F8A5A86A30} Reg HKLM\SOFTWARE\Classes\MicroScannerElevation.MicroScannerClean@ MicroScannerClean Reg HKLM\SOFTWARE\Classes\MicroScannerElevation.MicroScannerClean\Clsid Reg HKLM\SOFTWARE\Classes\MicroScannerElevation.MicroScannerClean\Clsid@ {1B29DEAA-3F68-4A51-8877-A0EB3F879AC3} Reg HKLM\SOFTWARE\Classes\PDAgent.DuplicatesFinder@ DuplicatesFinder Class Reg HKLM\SOFTWARE\Classes\PDAgent.DuplicatesFinder\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.DuplicatesFinder\CLSID@ {35C6767E-B901-46A6-8203-30FCFFD4AB81} Reg HKLM\SOFTWARE\Classes\PDAgent.DuplicatesFinder\CurVer Reg HKLM\SOFTWARE\Classes\PDAgent.DuplicatesFinder\CurVer@ PDAgent.DuplicatesFinder.1 Reg HKLM\SOFTWARE\Classes\PDAgent.DuplicatesFinder.1@ DuplicatesFinder Class Reg HKLM\SOFTWARE\Classes\PDAgent.DuplicatesFinder.1\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.DuplicatesFinder.1\CLSID@ {35C6767E-B901-46A6-8203-30FCFFD4AB81} Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgent@ PDAgent Class Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgent\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgent\CLSID@ {CC5C2398-3512-464D-B59D-C9B85541AD50} Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgent\CurVer Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgent\CurVer@ PDAgent.PDAgent.1 Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgent.1@ PDAgent Class Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgent.1\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgent.1\CLSID@ {CC5C2398-3512-464D-B59D-C9B85541AD50} Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileBrowser@ PDAgentFileBrowser Class Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileBrowser\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileBrowser\CLSID@ {DF274096-221E-4244-8967-5378E36A9E11} Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileBrowser\CurVer Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileBrowser\CurVer@ PDAgent.PDAgentFileBrowser.1 Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileBrowser.1@ PDAgentFileBrowser Class Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileBrowser.1\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileBrowser.1\CLSID@ {DF274096-221E-4244-8967-5378E36A9E11} Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileOp@ PDAgentFileOp Class Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileOp\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileOp\CLSID@ {997E2C76-4654-41A6-ABCB-C169E72CBFC5} Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileOp\CurVer Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileOp\CurVer@ PDAgent.PDAgentFileOp.1 Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileOp.1@ PDAgentFileOp Class Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileOp.1\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileOp.1\CLSID@ {997E2C76-4654-41A6-ABCB-C169E72CBFC5} Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileSet@ PDAgentFileSet Class Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileSet\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileSet\CLSID@ {B83F237B-81DD-4C3F-87FF-E7A534D221CA} Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileSet\CurVer Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileSet\CurVer@ PDAgent.PDAgentFileSet.1 Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileSet.1@ PDAgentFileSet Class Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileSet.1\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentFileSet.1\CLSID@ {B83F237B-81DD-4C3F-87FF-E7A534D221CA} Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentSpaceReports@ PDAgentSpaceReports Class Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentSpaceReports\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentSpaceReports\CLSID@ {63056E08-D7A8-486B-BF99-DD6FA63C0018} Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentSpaceReports\CurVer Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentSpaceReports\CurVer@ PDAgent.PDAgentSpaceReports.1 Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentSpaceReports.1@ PDAgentSpaceReports Class Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentSpaceReports.1\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.PDAgentSpaceReports.1\CLSID@ {63056E08-D7A8-486B-BF99-DD6FA63C0018} Reg HKLM\SOFTWARE\Classes\PDAgent.SpaceRecycler@ SpaceRecycler Class Reg HKLM\SOFTWARE\Classes\PDAgent.SpaceRecycler\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.SpaceRecycler\CLSID@ {18EC0531-7D75-46E7-8869-384AEDB699C9} Reg HKLM\SOFTWARE\Classes\PDAgent.SpaceRecycler\CurVer Reg HKLM\SOFTWARE\Classes\PDAgent.SpaceRecycler\CurVer@ PDAgent.SpaceRecycler.1 Reg HKLM\SOFTWARE\Classes\PDAgent.SpaceRecycler.1@ SpaceRecycler Class Reg HKLM\SOFTWARE\Classes\PDAgent.SpaceRecycler.1\CLSID Reg HKLM\SOFTWARE\Classes\PDAgent.SpaceRecycler.1\CLSID@ {18EC0531-7D75-46E7-8869-384AEDB699C9} Reg HKLM\SOFTWARE\Classes\PDEngine.Analyze@ Analyze Class Reg HKLM\SOFTWARE\Classes\PDEngine.Analyze\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.Analyze\CLSID@ {65F863A6-74A8-4604-83A2-59E013826C1B} Reg HKLM\SOFTWARE\Classes\PDEngine.Analyze\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.Analyze\CurVer@ PDEngine.Analyze.1 Reg HKLM\SOFTWARE\Classes\PDEngine.Analyze.1@ Analyze Class Reg HKLM\SOFTWARE\Classes\PDEngine.Analyze.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.Analyze.1\CLSID@ {65F863A6-74A8-4604-83A2-59E013826C1B} Reg HKLM\SOFTWARE\Classes\PDEngine.CChunkSensativeDefragOnly@ CChunkSensativeDefragOnly Class Reg HKLM\SOFTWARE\Classes\PDEngine.CChunkSensativeDefragOnly\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.CChunkSensativeDefragOnly\CLSID@ {77499A0B-E5FE-4db5-A490-ADF727549681} Reg HKLM\SOFTWARE\Classes\PDEngine.CChunkSensativeDefragOnly\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.CChunkSensativeDefragOnly\CurVer@ PDEngine.CChunkSensativeDefragOnly.1 Reg HKLM\SOFTWARE\Classes\PDEngine.CChunkSensativeDefragOnly.1@ CChunkSensativeDefragOnly Class Reg HKLM\SOFTWARE\Classes\PDEngine.CChunkSensativeDefragOnly.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.CChunkSensativeDefragOnly.1\CLSID@ {77499A0B-E5FE-4db5-A490-ADF727549681} Reg HKLM\SOFTWARE\Classes\PDEngine.CFreeChunksDefrag@ CFreeChunksDefrag Class Reg HKLM\SOFTWARE\Classes\PDEngine.CFreeChunksDefrag\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.CFreeChunksDefrag\CLSID@ {3FD132FE-8062-4285-81A2-66244463C3DA} Reg HKLM\SOFTWARE\Classes\PDEngine.CFreeChunksDefrag\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.CFreeChunksDefrag\CurVer@ PDEngine.CFreeChunksDefrag.1 Reg HKLM\SOFTWARE\Classes\PDEngine.CFreeChunksDefrag.1@ CFreeChunksDefrag Class Reg HKLM\SOFTWARE\Classes\PDEngine.CFreeChunksDefrag.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.CFreeChunksDefrag.1\CLSID@ {3FD132FE-8062-4285-81A2-66244463C3DA} Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpace@ ConsolidateFreeSpace Class Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpace\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpace\CLSID@ {14AE005C-338A-4C5F-B9B0-2C7CD2F077EE} Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpace\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpace\CurVer@ PDEngine.ConsolidateFreeSpace.1 Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpace.1@ ConsolidateFreeSpace Class Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpace.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpace.1\CLSID@ {14AE005C-338A-4C5F-B9B0-2C7CD2F077EE} Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceArbitraryRegion@ ConsolidateFreeSpaceArbitraryRegion Class Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceArbitraryRegion\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceArbitraryRegion\CLSID@ {45A03850-8EAF-4ffe-B18A-5A17333795A7} Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceArbitraryRegion\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceArbitraryRegion\CurVer@ PDEngine.ConsolidateFreeSpaceArbitraryRegion.1 Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceArbitraryRegion.1@ ConsolidateFreeSpaceArbitraryRegion Class Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceArbitraryRegion.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceArbitraryRegion.1\CLSID@ {45A03850-8EAF-4ffe-B18A-5A17333795A7} Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceNoDefrag@ ConsolidateFreeSpaceNoDefrag Class Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceNoDefrag\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceNoDefrag\CLSID@ {B4FE62FF-AA05-444f-AA6A-719AF3CF41A6} Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceNoDefrag\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceNoDefrag\CurVer@ PDEngine.ConsolidateFreeSpaceNoDefrag.1 Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceNoDefrag.1@ ConsolidateFreeSpaceNoDefrag Class Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceNoDefrag.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.ConsolidateFreeSpaceNoDefrag.1\CLSID@ {B4FE62FF-AA05-444f-AA6A-719AF3CF41A6} Reg HKLM\SOFTWARE\Classes\PDEngine.DefragFiles@ DefragFiles Class Reg HKLM\SOFTWARE\Classes\PDEngine.DefragFiles\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.DefragFiles\CLSID@ {0E733394-7AE3-40A3-B43A-FEAFC2FF1FF7} Reg HKLM\SOFTWARE\Classes\PDEngine.DefragFiles\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.DefragFiles\CurVer@ PDEngine.DefragFiles.1 Reg HKLM\SOFTWARE\Classes\PDEngine.DefragFiles.1@ DefragFiles Class Reg HKLM\SOFTWARE\Classes\PDEngine.DefragFiles.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.DefragFiles.1\CLSID@ {0E733394-7AE3-40A3-B43A-FEAFC2FF1FF7} Reg HKLM\SOFTWARE\Classes\PDEngine.DefragOnly@ DefragOnly Class Reg HKLM\SOFTWARE\Classes\PDEngine.DefragOnly\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.DefragOnly\CLSID@ {6A2448B5-6D47-4927-A429-89466114489E} Reg HKLM\SOFTWARE\Classes\PDEngine.DefragOnly\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.DefragOnly\CurVer@ PDEngine.DefragOnly.1 Reg HKLM\SOFTWARE\Classes\PDEngine.DefragOnly.1@ DefragOnly Class Reg HKLM\SOFTWARE\Classes\PDEngine.DefragOnly.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.DefragOnly.1\CLSID@ {6A2448B5-6D47-4927-A429-89466114489E} Reg HKLM\SOFTWARE\Classes\PDEngine.Drive@ Drive Class Reg HKLM\SOFTWARE\Classes\PDEngine.Drive\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.Drive\CLSID@ {1CE95E9C-67E8-45F5-BEA9-E43E653F4CB2} Reg HKLM\SOFTWARE\Classes\PDEngine.Drive\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.Drive\CurVer@ PDEngine.Drive.1 Reg HKLM\SOFTWARE\Classes\PDEngine.Drive.1@ Drive Class Reg HKLM\SOFTWARE\Classes\PDEngine.Drive.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.Drive.1\CLSID@ {1CE95E9C-67E8-45F5-BEA9-E43E653F4CB2} Reg HKLM\SOFTWARE\Classes\PDEngine.DriveManager@ DriveManager Class Reg HKLM\SOFTWARE\Classes\PDEngine.DriveManager\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.DriveManager\CLSID@ {5BBEF00D-06EF-47BE-AE47-3662B6BE78DC} Reg HKLM\SOFTWARE\Classes\PDEngine.DriveManager\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.DriveManager\CurVer@ PDEngine.DriveManager.1 Reg HKLM\SOFTWARE\Classes\PDEngine.DriveManager.1@ DriveManager Class Reg HKLM\SOFTWARE\Classes\PDEngine.DriveManager.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.DriveManager.1\CLSID@ {5BBEF00D-06EF-47BE-AE47-3662B6BE78DC} Reg HKLM\SOFTWARE\Classes\PDEngine.OfflineDefrag@ OfflineDefrag Class Reg HKLM\SOFTWARE\Classes\PDEngine.OfflineDefrag\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.OfflineDefrag\CLSID@ {CB212A1F-2B9E-4A67-BC26-88A4059AFF16} Reg HKLM\SOFTWARE\Classes\PDEngine.OfflineDefrag\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.OfflineDefrag\CurVer@ PDEngine.OfflineDefrag.1 Reg HKLM\SOFTWARE\Classes\PDEngine.OfflineDefrag.1@ OfflineDefrag Class Reg HKLM\SOFTWARE\Classes\PDEngine.OfflineDefrag.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.OfflineDefrag.1\CLSID@ {CB212A1F-2B9E-4A67-BC26-88A4059AFF16} Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineConfig@ PDEngineConfig Class Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineConfig\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineConfig\CLSID@ {7C8C9637-5840-4647-8F3B-B08A6D06454A} Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineConfig\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineConfig\CurVer@ PDEngine.PDEngineConfig.1 Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineConfig.1@ PDEngineConfig Class Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineConfig.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineConfig.1\CLSID@ {7C8C9637-5840-4647-8F3B-B08A6D06454A} Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineLicense@ PDEngineLicense Class Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineLicense\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineLicense\CLSID@ {E5BFC15E-3DC6-4B0A-B577-59F5F7FFD0F1} Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineLicense\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineLicense\CurVer@ PDEngine.PDEngineLicense.1 Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineLicense.1@ PDEngineLicense Class Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineLicense.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.PDEngineLicense.1\CLSID@ {E5BFC15E-3DC6-4B0A-B577-59F5F7FFD0F1} Reg HKLM\SOFTWARE\Classes\PDEngine.SmartDrive@ SmartDrive Class Reg HKLM\SOFTWARE\Classes\PDEngine.SmartDrive\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.SmartDrive\CLSID@ {01B47415-0E1E-412d-87F2-CF50AF49856E} Reg HKLM\SOFTWARE\Classes\PDEngine.SmartDrive\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.SmartDrive\CurVer@ PDEngine.SmartDrive.1 Reg HKLM\SOFTWARE\Classes\PDEngine.SmartDrive.1@ SmartDrive Class Reg HKLM\SOFTWARE\Classes\PDEngine.SmartDrive.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.SmartDrive.1\CLSID@ {01B47415-0E1E-412d-87F2-CF50AF49856E} Reg HKLM\SOFTWARE\Classes\PDEngine.SmartPlacement@ SmartPlacement Class Reg HKLM\SOFTWARE\Classes\PDEngine.SmartPlacement\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.SmartPlacement\CLSID@ {FE4CFAFE-910B-49E4-A581-D2B5B335250A} Reg HKLM\SOFTWARE\Classes\PDEngine.SmartPlacement\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.SmartPlacement\CurVer@ PDEngine.SmartPlacement.1 Reg HKLM\SOFTWARE\Classes\PDEngine.SmartPlacement.1@ SmartPlacement Class Reg HKLM\SOFTWARE\Classes\PDEngine.SmartPlacement.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.SmartPlacement.1\CLSID@ {FE4CFAFE-910B-49E4-A581-D2B5B335250A} Reg HKLM\SOFTWARE\Classes\PDEngine.SmartSettings@ SmartSettings Class Reg HKLM\SOFTWARE\Classes\PDEngine.SmartSettings\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.SmartSettings\CLSID@ {D8727363-34CE-4E79-8B84-1986D941371E} Reg HKLM\SOFTWARE\Classes\PDEngine.SmartSettings\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.SmartSettings\CurVer@ PDEngine.SmartSettings.1 Reg HKLM\SOFTWARE\Classes\PDEngine.SmartSettings.1@ SmartSettings Class Reg HKLM\SOFTWARE\Classes\PDEngine.SmartSettings.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.SmartSettings.1\CLSID@ {D8727363-34CE-4E79-8B84-1986D941371E} Reg HKLM\SOFTWARE\Classes\PDEngine.WiperOperation@ WiperOperation Class Reg HKLM\SOFTWARE\Classes\PDEngine.WiperOperation\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.WiperOperation\CLSID@ {62DBE6CE-65DF-4704-921E-52D17B77D391} Reg HKLM\SOFTWARE\Classes\PDEngine.WiperOperation\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.WiperOperation\CurVer@ PDEngine.WiperOperation.1 Reg HKLM\SOFTWARE\Classes\PDEngine.WiperOperation.1@ WiperOperation Class Reg HKLM\SOFTWARE\Classes\PDEngine.WiperOperation.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.WiperOperation.1\CLSID@ {62DBE6CE-65DF-4704-921E-52D17B77D391} Reg HKLM\SOFTWARE\Classes\PDEngine.WWGlobalSettings@ WWGlobalSettings Class Reg HKLM\SOFTWARE\Classes\PDEngine.WWGlobalSettings\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.WWGlobalSettings\CLSID@ {F01E003F-2784-4178-9209-5128ED010A65} Reg HKLM\SOFTWARE\Classes\PDEngine.WWGlobalSettings\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.WWGlobalSettings\CurVer@ PDEngine.WWGlobalSettings.1 Reg HKLM\SOFTWARE\Classes\PDEngine.WWGlobalSettings.1@ WWGlobalSettings Class Reg HKLM\SOFTWARE\Classes\PDEngine.WWGlobalSettings.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.WWGlobalSettings.1\CLSID@ {F01E003F-2784-4178-9209-5128ED010A65} Reg HKLM\SOFTWARE\Classes\PDEngine.WWSettings@ WWSettings Class Reg HKLM\SOFTWARE\Classes\PDEngine.WWSettings\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.WWSettings\CLSID@ {E81DE8EC-17C9-4F1D-B3B7-CD9CDED9CD7A} Reg HKLM\SOFTWARE\Classes\PDEngine.WWSettings\CurVer Reg HKLM\SOFTWARE\Classes\PDEngine.WWSettings\CurVer@ PDEngine.WWSettings.1 Reg HKLM\SOFTWARE\Classes\PDEngine.WWSettings.1@ WWSettings Class Reg HKLM\SOFTWARE\Classes\PDEngine.WWSettings.1\CLSID Reg HKLM\SOFTWARE\Classes\PDEngine.WWSettings.1\CLSID@ {E81DE8EC-17C9-4F1D-B3B7-CD9CDED9CD7A} Reg HKLM\SOFTWARE\Classes\PDState.PDFileBrowserEx@ PDFileBrowserEx Class Reg HKLM\SOFTWARE\Classes\PDState.PDFileBrowserEx\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDFileBrowserEx\CLSID@ {4083DD45-6214-4147-92C7-E5980F92BC0A} Reg HKLM\SOFTWARE\Classes\PDState.PDFileBrowserEx\CurVer Reg HKLM\SOFTWARE\Classes\PDState.PDFileBrowserEx\CurVer@ PDState.PDFileBrowserEx.1 Reg HKLM\SOFTWARE\Classes\PDState.PDFileBrowserEx.1@ PDFileBrowserEx Class Reg HKLM\SOFTWARE\Classes\PDState.PDFileBrowserEx.1\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDFileBrowserEx.1\CLSID@ {4083DD45-6214-4147-92C7-E5980F92BC0A} Reg HKLM\SOFTWARE\Classes\PDState.PDFileOp@ PDFileOp Class Reg HKLM\SOFTWARE\Classes\PDState.PDFileOp\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDFileOp\CLSID@ {B423869C-E29F-4C13-9C8F-328B32854A4E} Reg HKLM\SOFTWARE\Classes\PDState.PDFileOp\CurVer Reg HKLM\SOFTWARE\Classes\PDState.PDFileOp\CurVer@ PDState.PDFileOp.1 Reg HKLM\SOFTWARE\Classes\PDState.PDFileOp.1@ PDFileOp Class Reg HKLM\SOFTWARE\Classes\PDState.PDFileOp.1\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDFileOp.1\CLSID@ {B423869C-E29F-4C13-9C8F-328B32854A4E} Reg HKLM\SOFTWARE\Classes\PDState.PDFileSet@ PDFileSet Class Reg HKLM\SOFTWARE\Classes\PDState.PDFileSet\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDFileSet\CLSID@ {3F4225C2-ABCA-442C-90B9-1207C0C343AA} Reg HKLM\SOFTWARE\Classes\PDState.PDFileSet\CurVer Reg HKLM\SOFTWARE\Classes\PDState.PDFileSet\CurVer@ PDState.PDFileSet.1 Reg HKLM\SOFTWARE\Classes\PDState.PDFileSet.1@ PDFileSet Class Reg HKLM\SOFTWARE\Classes\PDState.PDFileSet.1\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDFileSet.1\CLSID@ {3F4225C2-ABCA-442C-90B9-1207C0C343AA} Reg HKLM\SOFTWARE\Classes\PDState.PDFileShredder@ PDFileShredder Class Reg HKLM\SOFTWARE\Classes\PDState.PDFileShredder\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDFileShredder\CLSID@ {3BC188EE-446E-4FDA-B575-CA4ABA0C3EAE} Reg HKLM\SOFTWARE\Classes\PDState.PDFileShredder\CurVer Reg HKLM\SOFTWARE\Classes\PDState.PDFileShredder\CurVer@ PDState.PDFileShredder.1 Reg HKLM\SOFTWARE\Classes\PDState.PDFileShredder.1@ PDFileShredder Class Reg HKLM\SOFTWARE\Classes\PDState.PDFileShredder.1\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDFileShredder.1\CLSID@ {3BC188EE-446E-4FDA-B575-CA4ABA0C3EAE} Reg HKLM\SOFTWARE\Classes\PDState.PDFileSpaceReports@ PDFileSpaceReports Class Reg HKLM\SOFTWARE\Classes\PDState.PDFileSpaceReports\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDFileSpaceReports\CLSID@ {C8681099-BFB6-4E0D-85C2-ED30C9A8C154} Reg HKLM\SOFTWARE\Classes\PDState.PDFileSpaceReports\CurVer Reg HKLM\SOFTWARE\Classes\PDState.PDFileSpaceReports\CurVer@ PDState.PDFileSpaceReports.1 Reg HKLM\SOFTWARE\Classes\PDState.PDFileSpaceReports.1@ PDFileSpaceReports Class Reg HKLM\SOFTWARE\Classes\PDState.PDFileSpaceReports.1\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDFileSpaceReports.1\CLSID@ {C8681099-BFB6-4E0D-85C2-ED30C9A8C154} Reg HKLM\SOFTWARE\Classes\PDState.PDMD5Browser@ PDMD5Browser Class Reg HKLM\SOFTWARE\Classes\PDState.PDMD5Browser\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDMD5Browser\CLSID@ {E7FCDC85-3A55-4C60-813F-4E9F9385BD40} Reg HKLM\SOFTWARE\Classes\PDState.PDMD5Browser\CurVer Reg HKLM\SOFTWARE\Classes\PDState.PDMD5Browser\CurVer@ PDState.PDMD5Browser.1 Reg HKLM\SOFTWARE\Classes\PDState.PDMD5Browser.1@ PDMD5Browser Class Reg HKLM\SOFTWARE\Classes\PDState.PDMD5Browser.1\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDMD5Browser.1\CLSID@ {E7FCDC85-3A55-4C60-813F-4E9F9385BD40} Reg HKLM\SOFTWARE\Classes\PDState.PDTempRecycleClean@ PDTempRecycleClean Class Reg HKLM\SOFTWARE\Classes\PDState.PDTempRecycleClean\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDTempRecycleClean\CLSID@ {0CE13451-A6D1-474D-B87D-612359451D15} Reg HKLM\SOFTWARE\Classes\PDState.PDTempRecycleClean\CurVer Reg HKLM\SOFTWARE\Classes\PDState.PDTempRecycleClean\CurVer@ PDState.PDTempRecycleClean.1 Reg HKLM\SOFTWARE\Classes\PDState.PDTempRecycleClean.1@ PDTempRecycleClean Class Reg HKLM\SOFTWARE\Classes\PDState.PDTempRecycleClean.1\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDTempRecycleClean.1\CLSID@ {0CE13451-A6D1-474D-B87D-612359451D15} Reg HKLM\SOFTWARE\Classes\PDState.PDWebBrowserCleaner@ PDWebBrowserCleaner Class Reg HKLM\SOFTWARE\Classes\PDState.PDWebBrowserCleaner\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDWebBrowserCleaner\CLSID@ {18EF8FA5-89B7-4380-8AED-D502AD575DB4} Reg HKLM\SOFTWARE\Classes\PDState.PDWebBrowserCleaner\CurVer Reg HKLM\SOFTWARE\Classes\PDState.PDWebBrowserCleaner\CurVer@ PDState.PDWebBrowserCleaner.1 Reg HKLM\SOFTWARE\Classes\PDState.PDWebBrowserCleaner.1@ PDWebBrowserCleaner Class Reg HKLM\SOFTWARE\Classes\PDState.PDWebBrowserCleaner.1\CLSID Reg HKLM\SOFTWARE\Classes\PDState.PDWebBrowserCleaner.1\CLSID@ {18EF8FA5-89B7-4380-8AED-D502AD575DB4} Reg HKLM\SOFTWARE\Classes\PDUtils.PDAbstractData@ PDAbstractData Class Reg HKLM\SOFTWARE\Classes\PDUtils.PDAbstractData\CLSID Reg HKLM\SOFTWARE\Classes\PDUtils.PDAbstractData\CLSID@ {BAFF6502-399E-4B8F-B892-9C0959F8204A} Reg HKLM\SOFTWARE\Classes\PDUtils.PDAbstractData\CurVer Reg HKLM\SOFTWARE\Classes\PDUtils.PDAbstractData\CurVer@ PDUtils.PDAbstractData.1 Reg HKLM\SOFTWARE\Classes\PDUtils.PDAbstractData.1@ PDAbstractData Class Reg HKLM\SOFTWARE\Classes\PDUtils.PDAbstractData.1\CLSID Reg HKLM\SOFTWARE\Classes\PDUtils.PDAbstractData.1\CLSID@ {BAFF6502-399E-4B8F-B892-9C0959F8204A} Reg HKLM\SOFTWARE\Classes\PDUtils.PDBrowser@ PDBrowser Class Reg HKLM\SOFTWARE\Classes\PDUtils.PDBrowser\CLSID Reg HKLM\SOFTWARE\Classes\PDUtils.PDBrowser\CLSID@ {334E0F1B-BD46-42E9-A798-79B1FC7BEFDA} Reg HKLM\SOFTWARE\Classes\PDUtils.PDBrowser\CurVer Reg HKLM\SOFTWARE\Classes\PDUtils.PDBrowser\CurVer@ PDUtils.PDBrowser.1 Reg HKLM\SOFTWARE\Classes\PDUtils.PDBrowser.1@ PDBrowser Class Reg HKLM\SOFTWARE\Classes\PDUtils.PDBrowser.1\CLSID Reg HKLM\SOFTWARE\Classes\PDUtils.PDBrowser.1\CLSID@ {334E0F1B-BD46-42E9-A798-79B1FC7BEFDA} Reg HKLM\SOFTWARE\Classes\PDUtils.PDLog@ PDLog Class Reg HKLM\SOFTWARE\Classes\PDUtils.PDLog\CLSID Reg HKLM\SOFTWARE\Classes\PDUtils.PDLog\CLSID@ {D02C542C-3AA9-4F68-A695-67C275AD3438} Reg HKLM\SOFTWARE\Classes\PDUtils.PDLog\CurVer Reg HKLM\SOFTWARE\Classes\PDUtils.PDLog\CurVer@ PDUtils.PDLog.1 Reg HKLM\SOFTWARE\Classes\PDUtils.PDSMTPMailer@ PDSMTPMailer Class Reg HKLM\SOFTWARE\Classes\PDUtils.PDSMTPMailer\CLSID Reg HKLM\SOFTWARE\Classes\PDUtils.PDSMTPMailer\CLSID@ {B03C6645-F95F-4393-9FD5-C5B723F5F777} Reg HKLM\SOFTWARE\Classes\PDUtils.PDSMTPMailer\CurVer Reg HKLM\SOFTWARE\Classes\PDUtils.PDSMTPMailer\CurVer@ PDUtils.PDSMTPMailer.1 Reg HKLM\SOFTWARE\Classes\PDUtils.PDSMTPMailer.1@ PDSMTPMailer Class Reg HKLM\SOFTWARE\Classes\PDUtils.PDSMTPMailer.1\CLSID Reg HKLM\SOFTWARE\Classes\PDUtils.PDSMTPMailer.1\CLSID@ {B03C6645-F95F-4393-9FD5-C5B723F5F777} Reg HKLM\SOFTWARE\Classes\PDUtils.PDWebUtils@ PDWebUtils Class Reg HKLM\SOFTWARE\Classes\PDUtils.PDWebUtils\CLSID Reg HKLM\SOFTWARE\Classes\PDUtils.PDWebUtils\CLSID@ {4D7CB30E-2D99-4E7B-8773-58EF9905B66F} Reg HKLM\SOFTWARE\Classes\PDUtils.PDWebUtils\CurVer Reg HKLM\SOFTWARE\Classes\PDUtils.PDWebUtils\CurVer@ PDUtils.PDWebUtils.1 Reg HKLM\SOFTWARE\Classes\PDUtils.PDWebUtils.1@ PDWebUtils Class Reg HKLM\SOFTWARE\Classes\PDUtils.PDWebUtils.1\CLSID Reg HKLM\SOFTWARE\Classes\PDUtils.PDWebUtils.1\CLSID@ {4D7CB30E-2D99-4E7B-8773-58EF9905B66F} Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad@ Synaptics Absolute Mode Touchpad Class Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad\CLSID Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad\CLSID@ {2A833A93-6641-11D3-B5FE-00104B0A87C2} Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad\CurVer Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad\CurVer@ Synaptics.AbsTouchPad.1 Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad.1@ Synaptics Absolute Mode Touchpad Class Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad.1\CLSID Reg HKLM\SOFTWARE\Classes\Synaptics.AbsTouchPad.1\CLSID@ {2A833A93-6641-11D3-B5FE-00104B0A87C2} ---- EOF - GMER 1.0.15 ----