GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-09-01 21:51:30 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000001d ST332041 rev.CC38 298,09GB Running: 558u7jjc.exe; Driver: C:\Users\Seba\AppData\Local\Temp\aflcraoc.sys ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [752:856] ffffee5518b36c20 Thread C:\WINDOWS\system32\svchost.exe [648:3620] 00007ffb14a21a50 Thread C:\WINDOWS\system32\svchost.exe [648:3784] 00007ffb144e39b0 Thread C:\WINDOWS\system32\svchost.exe [648:5336] 00007ffafe001040 Thread C:\WINDOWS\system32\svchost.exe [648:7772] 00007ffb0cc448e0 Thread C:\WINDOWS\system32\svchost.exe [648:7476] 00007ffb0cc448e0 Thread C:\WINDOWS\system32\svchost.exe [648:6604] 00007ffaf8c204d0 Thread C:\WINDOWS\system32\svchost.exe [648:6580] 00007ffaf8c1e990 Thread C:\WINDOWS\system32\svchost.exe [648:6556] 00007ffaf8c1e990 Thread C:\WINDOWS\system32\svchost.exe [648:6564] 00007ffaf8c1e990 Thread C:\WINDOWS\system32\svchost.exe [648:6588] 00007ffaf8c44580 Thread C:\WINDOWS\system32\svchost.exe [648:6540] 00007ffaf8c1e990 Thread C:\WINDOWS\system32\svchost.exe [648:6572] 00007ffaf8c44580 Thread C:\WINDOWS\system32\svchost.exe [648:6324] 00007ffb1d3030f0 Thread C:\WINDOWS\system32\svchost.exe [1120:1404] 00007ffb1d5da770 Thread C:\WINDOWS\system32\svchost.exe [1120:3044] 00007ffb14b51670 Thread C:\WINDOWS\system32\svchost.exe [1120:9144] 00007ffafa179620 Thread C:\WINDOWS\system32\svchost.exe [1120:9152] 00007ffafa172680 Thread C:\WINDOWS\system32\svchost.exe [1120:7540] 00007ffb15125bc0 Thread C:\WINDOWS\system32\svchost.exe [1200:3656] 00007ffb14511240 Thread C:\WINDOWS\system32\svchost.exe [1200:3660] 00007ffb0d4da3b0 Thread C:\WINDOWS\system32\svchost.exe [1200:3740] 00007ffb0d4025e0 Thread C:\WINDOWS\system32\svchost.exe [1200:4236] 00007ffb0baa3bc0 Thread C:\WINDOWS\system32\svchost.exe [1200:7192] 00007ffb0baa2080 Thread C:\WINDOWS\system32\svchost.exe [1180:1604] 00007ffb1895e830 Thread C:\WINDOWS\system32\svchost.exe [1180:1748] 00007ffb188310a0 Thread C:\WINDOWS\system32\svchost.exe [2244:3848] 00007ffb15125bc0 Thread C:\WINDOWS\system32\svchost.exe [2244:3852] 00007ffb15137d70 Thread C:\WINDOWS\system32\svchost.exe [2244:3180] 00007ffb0c8eb180 Thread C:\WINDOWS\system32\svchost.exe [2244:3196] 00007ffb0c8ef5f0 Thread C:\WINDOWS\system32\svchost.exe [2244:6160] 00007ffb0c906130 Thread C:\WINDOWS\system32\svchost.exe [2260:3124] 00007ffb15c558c0 Thread C:\WINDOWS\system32\svchost.exe [2260:3156] 00007ffb15c558c0 Thread C:\WINDOWS\SYSTEM32\ntdll.dll [2460:2464] 0000000000c15624 Thread C:\WINDOWS\system32\svchost.exe [2520:2960] 00007ffb155416b0 Thread C:\WINDOWS\system32\svchost.exe [2520:2964] 00007ffb155416b0 Thread C:\WINDOWS\system32\svchost.exe [2520:2968] 00007ffb155416b0 Thread C:\WINDOWS\system32\svchost.exe [2520:2972] 00007ffb155416b0 Thread C:\WINDOWS\system32\svchost.exe [2520:3160] 00007ffb15c558c0 Thread C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3312:3372] 00007ffb0d2a1b50 Thread C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3632:3748] 00007ffb126ed840 Thread C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3632:3752] 00007ffb12600250 Thread C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [3632:724] 00007ffb0d2a1b50 Thread C:\Users\Seba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [7788:8160] 000000006de36aec Thread C:\Users\Seba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [7788:8164] 000000006de36aec Thread C:\Users\Seba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [7788:7876] 0000000073e825a0 Thread C:\Users\Seba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [7788:7872] 000000006daf24d9 Thread C:\Users\Seba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [7788:7820] 000000006daf24d9 Thread C:\Users\Seba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [7788:8] 000000006daf24d9 Thread C:\Users\Seba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [7788:7896] 000000006daf24d9 Thread C:\Users\Seba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [7788:7900] 000000006d79f5c9 Thread C:\Users\Seba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [7788:7904] 000000006d79f5c9 Thread C:\Users\Seba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [7788:7908] 000000006d79f5c9 Thread C:\Users\Seba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [7788:7920] 000000006d57b453 Thread C:\Users\Seba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [7788:7924] 000000006d57b453 Thread C:\Users\Seba\AppData\Local\Microsoft\OneDrive\OneDrive.exe [7788:5244] 000000006d57b453 Thread C:\WINDOWS\system32\DllHost.exe [7864:9492] 00007ffb141dc820 Thread C:\WINDOWS\system32\DllHost.exe [7864:2560] 00007ffb141dc820 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 484833877 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config@LastKnownGoodTime 0x89 0x20 0x87 0x05 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0x56 0x54 0x87 0x88 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0x56 0xBC 0x4B 0xEA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0x56 0xEC 0xC2 0x26 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient@SpecialPollTimeRemaining time.windows.com,7d17d4f??????????? Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.commsphone_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.connectivitystore_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@windowspackagesettings-microsoft.bingnews_8wekyb3d8bbwe 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.office.onenote_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.microsoftsolitairecollection_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@windowspackagesettings-notifications-microsoft.advertising.xaml_8wekyb3d8bbwe 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.advertising.xaml_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.windowsdvdplayer_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.zunevideo_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.3dbuilder_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@windowspackagesettings-9e2f88e3.twitter_wgeqdkkx372wm 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@windowspackagesettings-microsoft.advertising.xaml_8wekyb3d8bbwe 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.windowssoundrecorder_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.bingsports_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.people_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.windowsalarms_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.windowscalculator_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.appconnector_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.windowsmaps_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.skypeapp_kzf8qxf38zg5c-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.windowsphone_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.microsoftofficehub_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.messaging_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.office.sway_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.bingfinance_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-9e2f88e3.twitter_wgeqdkkx372wm-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@windows-startpersonalization 3 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\DirtyRemoteCollections@packagestate-microsoft.bingnews_8wekyb3d8bbwe-0 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsBandwidthBucketCounter 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsBandwidthBucketDrainTime 0x26 0x3F 0xE7 0x0F ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x6B 0x66 0xE7 0x0F ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeBandwidthBucketDrainTime 0x33 0x3D 0x6B 0xBE ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x6B 0x66 0xE7 0x0F ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherBandwidthBucketCounter 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherBandwidthBucketDrainTime 0x79 0x63 0xA0 0xEC ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherRequestBucketCounter 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x6B 0x66 0xE7 0x0F ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x6B 0x66 0xE7 0x0F ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63608273303567%3bID%3d4BAEF86DB91188C!108%3bLR%3d63608273306143%3bEP%3d10%3bSI%3d28%3bTD%3dTrue%3bSO%3d0%3bPI%3d49 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0x20 0x9B 0x78 0x05 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@RenewCollectionsInterestDirty 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x63 0x82 0x9D 0xFC ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@RemoteCollectionsInterestDirty 0 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastDownloadCollectionInterest 0x6A 0x9B 0x80 0xEC ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\00187FFF82FA1BA5@LastMsgIdForDataConnection 0x46 0x07 0x69 0x09 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\browsersettings\wininet-internet-explorer@IsLocalReplicaDirty 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\notificationsettings@AttemptedOperations 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\quickactions@AttemptedOperations 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\userlibraries@AttemptedOperations 1 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.3dbuilder_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.appconnector_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.commsphone_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.connectivitystore_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.messaging_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.microsoftofficehub_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.microsoftstickynotes_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.office.onenote_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.oneconnect_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.people_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.skypeapp_kzf8qxf38zg5c@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.storepurchaseapp_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowsalarms_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowscalculator_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowsdvdplayer_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowsmaps_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowsphone_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.windowssoundrecorder_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\microsoft.zunevideo_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-9e2f88e3.twitter_wgeqdkkx372wm@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.3dbuilder_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.appconnector_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingfinance_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingnews_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.bingsports_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.commsphone_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.connectivitystore_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.messaging_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.microsoftofficehub_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.microsoftsolitairecollection_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.microsoftstickynotes_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.office.onenote_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.office.sway_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.oneconnect_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.people_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.skypeapp_kzf8qxf38zg5c@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.storepurchaseapp_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowsalarms_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowscalculator_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowsdvdplayer_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowsmaps_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowsphone_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.windowssoundrecorder_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windowspackagesettings\notifications-microsoft.zunevideo_8wekyb3d8bbwe@AttemptedOperations 5 Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-2020-1647-4094E4920772}@01 0x00 0x40 0x93 0x3F ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-2020-1647-4094E4920772}@07 0x00 0x10 0xEE 0x2A ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-2020-1647-4094E4920772}@10 0x00 0xC0 0x7B 0x11 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-2020-1647-4094E4920772}@12 0x00 0x70 0x2B 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-2020-1647-4094E4920772}@16 0x00 0x80 0xCA 0x60 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-2020-1647-4094E4920772}@18 0x00 0xC0 0x1A 0x83 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-2020-1647-4094E4920772}@21 0x00 0x10 0x40 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-2020-1647-4094E4920772}@22 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-2020-1647-4094E4920772}@26 0x00 0x40 0x94 0x1D ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-2020-1647-4094E4920772}@27 0x00 0x00 0x00 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-2020-1647-4094E4920772}@28 0x00 0x40 0x3B 0x2E ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\StorageSense\Parameters\CachedSizes\{20202020-2020-2020-1647-4094E4920772}@00 0x00 0xF0 0x47 0x78 ... ---- EOF - GMER 2.2 ----