GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-20 23:49:27 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD5000AAKS-00V1A0 rev.05.01D05 465,76GB Running: klmtpp0l.exe; Driver: C:\Users\Adam\AppData\Local\Temp\aftcqaow.sys ---- User code sections - GMER 2.1 ---- .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769b1401 2 bytes JMP 76d4b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769b1419 2 bytes JMP 76d4b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769b1431 2 bytes JMP 76dc8ea9 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769b144a 2 bytes CALL 76d248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769b14dd 2 bytes JMP 76dc87a2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769b14f5 2 bytes JMP 76dc8978 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769b150d 2 bytes JMP 76dc8698 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769b1525 2 bytes JMP 76dc8a62 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769b153d 2 bytes JMP 76d3fca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769b1555 2 bytes JMP 76d468ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769b156d 2 bytes JMP 76dc8f61 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769b1585 2 bytes JMP 76dc8ac2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769b159d 2 bytes JMP 76dc865c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769b15b5 2 bytes JMP 76d3fd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769b15cd 2 bytes JMP 76d4b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769b16b2 2 bytes JMP 76dc8e24 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769b16bd 2 bytes JMP 76dc85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769b1401 2 bytes JMP 76d4b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769b1419 2 bytes JMP 76d4b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769b1431 2 bytes JMP 76dc8ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769b144a 2 bytes CALL 76d248ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769b14dd 2 bytes JMP 76dc87a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769b14f5 2 bytes JMP 76dc8978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769b150d 2 bytes JMP 76dc8698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769b1525 2 bytes JMP 76dc8a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769b153d 2 bytes JMP 76d3fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769b1555 2 bytes JMP 76d468ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769b156d 2 bytes JMP 76dc8f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769b1585 2 bytes JMP 76dc8ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769b159d 2 bytes JMP 76dc865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769b15b5 2 bytes JMP 76d3fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769b15cd 2 bytes JMP 76d4b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769b16b2 2 bytes JMP 76dc8e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\D-Link Connection Manager\WirelessModem.exe[2808] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769b16bd 2 bytes JMP 76dc85f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077a51530 16 bytes [50, 48, B8, 2C, 35, 59, F3, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a51380 16 bytes [50, 48, B8, 08, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077a514f0 16 bytes [50, 48, B8, 60, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 48 bytes [50, 48, B8, DC, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077a51550 16 bytes [50, 48, B8, 2C, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077a515a0 32 bytes [50, 48, B8, 84, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a515e0 16 bytes [50, 48, B8, 6C, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077a51680 16 bytes [50, 48, B8, B4, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a51800 16 bytes [50, 48, B8, 30, B4, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077a52270 16 bytes [50, 48, B8, 00, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 16 bytes [50, 48, B8, 3C, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077a52410 16 bytes [50, 48, B8, C8, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a51380 16 bytes [50, 48, B8, 08, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077a514f0 16 bytes [50, 48, B8, 60, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 48 bytes [50, 48, B8, DC, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077a51550 16 bytes [50, 48, B8, 2C, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077a515a0 32 bytes [50, 48, B8, 84, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a515e0 16 bytes [50, 48, B8, 6C, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077a51680 16 bytes [50, 48, B8, B4, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a51800 16 bytes [50, 48, B8, 30, B4, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077a52270 16 bytes [50, 48, B8, 00, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 16 bytes [50, 48, B8, 3C, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077a52410 16 bytes [50, 48, B8, C8, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a51380 16 bytes [50, 48, B8, 08, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077a514f0 16 bytes [50, 48, B8, 60, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 48 bytes [50, 48, B8, DC, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077a51550 16 bytes [50, 48, B8, 2C, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077a515a0 32 bytes [50, 48, B8, 84, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a515e0 16 bytes [50, 48, B8, 6C, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077a51680 16 bytes [50, 48, B8, B4, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a51800 16 bytes [50, 48, B8, 30, B4, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077a52270 16 bytes [50, 48, B8, 00, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 16 bytes [50, 48, B8, 3C, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077a52410 16 bytes [50, 48, B8, C8, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a51380 16 bytes [50, 48, B8, 08, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077a514f0 16 bytes [50, 48, B8, 60, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 48 bytes [50, 48, B8, DC, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077a51550 16 bytes [50, 48, B8, 2C, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077a515a0 32 bytes [50, 48, B8, 84, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a515e0 16 bytes [50, 48, B8, 6C, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077a51680 16 bytes [50, 48, B8, B4, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a51800 16 bytes [50, 48, B8, 30, B4, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077a52270 16 bytes [50, 48, B8, 00, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 16 bytes [50, 48, B8, 3C, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077a52410 16 bytes [50, 48, B8, C8, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a51380 16 bytes [50, 48, B8, 08, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077a514f0 16 bytes [50, 48, B8, 60, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 48 bytes [50, 48, B8, DC, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077a51550 16 bytes [50, 48, B8, 2C, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077a515a0 32 bytes [50, 48, B8, 84, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a515e0 16 bytes [50, 48, B8, 6C, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077a51680 16 bytes [50, 48, B8, B4, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a51800 16 bytes [50, 48, B8, 30, B4, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077a52270 16 bytes [50, 48, B8, 00, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 16 bytes [50, 48, B8, 3C, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077a52410 16 bytes [50, 48, B8, C8, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a51380 16 bytes [50, 48, B8, 08, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077a514f0 16 bytes [50, 48, B8, 60, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 48 bytes [50, 48, B8, DC, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077a51550 16 bytes [50, 48, B8, 2C, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077a515a0 32 bytes [50, 48, B8, 84, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a515e0 16 bytes [50, 48, B8, 6C, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077a51680 16 bytes [50, 48, B8, B4, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a51800 16 bytes [50, 48, B8, 30, B4, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077a52270 16 bytes [50, 48, B8, 00, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 16 bytes [50, 48, B8, 3C, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077a52410 16 bytes [50, 48, B8, C8, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077a51380 16 bytes [50, 48, B8, 08, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 0000000077a514f0 16 bytes [50, 48, B8, 60, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077a51510 48 bytes [50, 48, B8, DC, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077a51550 16 bytes [50, 48, B8, 2C, B7, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 0000000077a515a0 32 bytes [50, 48, B8, 84, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000077a515e0 16 bytes [50, 48, B8, 6C, B5, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 0000000077a51680 16 bytes [50, 48, B8, B4, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077a51800 16 bytes [50, 48, B8, 30, B4, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 0000000077a52270 16 bytes [50, 48, B8, 00, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077a522c0 16 bytes [50, 48, B8, 3C, B6, FB, 3F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 0000000077a52410 16 bytes [50, 48, B8, C8, B6, FB, 3F, ...] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee6807838] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee6807684] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee6807820] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee6807988] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee6807818] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] @ C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll[GDI32.dll!GetFontData] [7fee60fae24] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee6807838] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee6807684] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee6807820] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee6807988] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee6807818] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4888] @ C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll[GDI32.dll!GetFontData] [7fee60fae24] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee6807838] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee6807684] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee6807820] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee6807988] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee6807818] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3864] @ C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll[GDI32.dll!GetFontData] [7fee60fae24] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee6807838] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee6807684] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee6807820] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee6807988] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee6807818] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3872] @ C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll[GDI32.dll!GetFontData] [7fee60fae24] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenServiceW] [7fee6807838] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!CloseServiceHandle] [7fee6807684] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!OpenSCManagerW] [7fee6807820] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] @ C:\Windows\system32\dwrite.dll[ADVAPI32.dll!StartServiceW] [7fee6807988] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] @ C:\Windows\system32\dwrite.dll[ntdll.dll!NtAlpcConnectPort] [7fee6807818] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3940] @ C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll[GDI32.dll!GetFontData] [7fee60fae24] C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4568] @ C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [b77e0030] ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2484](2015-02-10 20:32:47) 000000006fbc0000 Library C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2484](2015-02-10 20:32:47) 000000006e940000 Library C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2484](2015-02-10 20:32:47) 000000006a1c0000 Library C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe [2484](2015-02-10 20:32:47) 000000006ff00000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain@ Service Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService@ Service Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain@ Service Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService@ Service Reg HKLM\SYSTEM\CurrentControlSet\services\NanoServiceMain@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\services\NanoServiceMain@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\NanoServiceMain@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NanoServiceMain@ImagePath "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\NanoServiceMain@DisplayName Panda Cloud Antivirus Service Reg HKLM\SYSTEM\CurrentControlSet\services\NanoServiceMain@DependOnService CryptSvc? Reg HKLM\SYSTEM\CurrentControlSet\services\NanoServiceMain@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\NanoServiceMain@Description Panda Cloud Antivirus Service Reg HKLM\SYSTEM\CurrentControlSet\services\NanoServiceMain Reg HKLM\SYSTEM\CurrentControlSet\services\NNSALPC@DisplayName NNSAlpc Reg HKLM\SYSTEM\CurrentControlSet\services\NNSALPC@ImagePath system32\DRIVERS\NNSAlpc.sys Reg HKLM\SYSTEM\CurrentControlSet\services\NNSALPC@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSALPC@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSALPC@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSALPC@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSALPC Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTP@DisplayName NNSHttp Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTP@ImagePath system32\DRIVERS\NNSHttp.sys Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTP@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTP Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTPS@ImagePath system32\DRIVERS\NNSHttps.sys Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTPS@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTPS@DisplayName NNSHttps Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTPS@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTPS@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTPS@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSHTTPS Reg HKLM\SYSTEM\CurrentControlSet\services\NNSIDS@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSIDS@ImagePath system32\DRIVERS\NNSIds.sys Reg HKLM\SYSTEM\CurrentControlSet\services\NNSIDS@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSIDS@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSIDS@DisplayName NNSids Reg HKLM\SYSTEM\CurrentControlSet\services\NNSIDS@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSIDS Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPICC@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPICC@DisplayName NNSPicc Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPICC@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPICC@ImagePath system32\DRIVERS\NNSPicc.sys Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPICC@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPICC@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPICC Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPOP3@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPOP3@DisplayName NNSPop3 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPOP3@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPOP3@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPOP3@ImagePath system32\DRIVERS\NNSPop3.sys Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPOP3@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPOP3 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPROT@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPROT@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPROT@DisplayName NNSProt Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPROT@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPROT@ImagePath system32\DRIVERS\NNSProt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPROT@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPROT Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPRV@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPRV@DisplayName NNSPrv Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPRV@ImagePath system32\DRIVERS\NNSPrv.sys Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPRV@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPRV@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPRV@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSPRV Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSMTP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSMTP@ImagePath system32\DRIVERS\NNSSmtp.sys Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSMTP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSMTP@DisplayName NNSSmtp Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSMTP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSMTP@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSMTP Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSTRM@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSTRM@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSTRM@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSTRM@DisplayName NNSStrm Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSTRM@ImagePath system32\DRIVERS\NNSStrm.sys Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSTRM@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSSTRM Reg HKLM\SYSTEM\CurrentControlSet\services\NNSTLSC@ImagePath system32\DRIVERS\NNSTlsc.sys Reg HKLM\SYSTEM\CurrentControlSet\services\NNSTLSC@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSTLSC@DisplayName NNSTlsc Reg HKLM\SYSTEM\CurrentControlSet\services\NNSTLSC@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSTLSC@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSTLSC@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\NNSTLSC Reg HKLM\SYSTEM\CurrentControlSet\services\PSINAflt@Tag 9 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINAflt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINAflt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINAflt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINAflt@Description PSINAflt Driver Reg HKLM\SYSTEM\CurrentControlSet\services\PSINAflt@Group FSFilter Replication Reg HKLM\SYSTEM\CurrentControlSet\services\PSINAflt@DisplayName PSINAflt Reg HKLM\SYSTEM\CurrentControlSet\services\PSINAflt@ImagePath system32\DRIVERS\PSINAflt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\PSINAflt@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINAflt Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile@Tag 14 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile@DebugFlags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile@DisplayName PSINFile Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile@ImagePath system32\DRIVERS\PSINFile.sys Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile@Description PSINFile Mini-Filter Driver Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile\Instances@DefaultInstance PSINFile Instance Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile\Instances\PSINFile Instance Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile\Instances\PSINFile Instance@Altitude 327610 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile\Instances\PSINFile Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINFile Reg HKLM\SYSTEM\CurrentControlSet\services\PSINKNC@ImagePath system32\DRIVERS\psinknc.sys Reg HKLM\SYSTEM\CurrentControlSet\services\PSINKNC@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINKNC@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINKNC@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINKNC@DisplayName PSINKnc Reg HKLM\SYSTEM\CurrentControlSet\services\PSINKNC@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINKNC\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\PSINKNC\Parameters@BasePath C:\ProgramData\Panda Security\Panda Cloud Antivirus\ Reg HKLM\SYSTEM\CurrentControlSet\services\PSINKNC Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc@Tag 15 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc@Description PSINProc Filter Driver Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc@ImagePath system32\DRIVERS\PSINProc.sys Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc@DisplayName PSINProc Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc\Instances@DefaultInstance PSINProc Instance Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc\Instances\PSINProc Instance Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc\Instances\PSINProc Instance@Altitude 327620 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc\Instances\PSINProc Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc\Parameters@WaitTimeout 3000 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProc Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProt@Description PSINProt Driver Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProt@DisplayName PSINProt Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProt@Group FSFilter Replication Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProt@ImagePath system32\DRIVERS\PSINProt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProt@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINProt Reg HKLM\SYSTEM\CurrentControlSet\services\PSINReg@Description PSINReg Driver Reg HKLM\SYSTEM\CurrentControlSet\services\PSINReg@DisplayName PSINReg Reg HKLM\SYSTEM\CurrentControlSet\services\PSINReg@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINReg@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\PSINReg@ImagePath system32\DRIVERS\PSINReg.sys Reg HKLM\SYSTEM\CurrentControlSet\services\PSINReg@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINReg@Tag 9 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINReg@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINReg@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSINReg\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\PSINReg\Parameters@ Reg HKLM\SYSTEM\CurrentControlSet\services\PSINReg Reg HKLM\SYSTEM\CurrentControlSet\services\PSUAService@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\services\PSUAService@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\PSUAService@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\PSUAService@ImagePath "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\PSUAService@DisplayName Panda Product Service Reg HKLM\SYSTEM\CurrentControlSet\services\PSUAService@DependOnService RPCSS? Reg HKLM\SYSTEM\CurrentControlSet\services\PSUAService@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\PSUAService@Description Panda Product Service Reg HKLM\SYSTEM\CurrentControlSet\services\PSUAService Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 110 Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\NanoServiceMain@ Service Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\PSUAService@ Service Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\NanoServiceMain@ Service Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\PSUAService@ Service Reg HKLM\SYSTEM\ControlSet002\services\NanoServiceMain@Type 16 Reg HKLM\SYSTEM\ControlSet002\services\NanoServiceMain@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\NanoServiceMain@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\NanoServiceMain@ImagePath "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe" Reg HKLM\SYSTEM\ControlSet002\services\NanoServiceMain@DisplayName Panda Cloud Antivirus Service Reg HKLM\SYSTEM\ControlSet002\services\NanoServiceMain@DependOnService CryptSvc? Reg HKLM\SYSTEM\ControlSet002\services\NanoServiceMain@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\NanoServiceMain@Description Panda Cloud Antivirus Service Reg HKLM\SYSTEM\ControlSet002\services\NNSALPC@DisplayName NNSAlpc Reg HKLM\SYSTEM\ControlSet002\services\NNSALPC@ImagePath system32\DRIVERS\NNSAlpc.sys Reg HKLM\SYSTEM\ControlSet002\services\NNSALPC@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSALPC@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSALPC@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSALPC@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSHTTP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSHTTP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSHTTP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSHTTP@DisplayName NNSHttp Reg HKLM\SYSTEM\ControlSet002\services\NNSHTTP@ImagePath system32\DRIVERS\NNSHttp.sys Reg HKLM\SYSTEM\ControlSet002\services\NNSHTTP@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSHTTPS@ImagePath system32\DRIVERS\NNSHttps.sys Reg HKLM\SYSTEM\ControlSet002\services\NNSHTTPS@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSHTTPS@DisplayName NNSHttps Reg HKLM\SYSTEM\ControlSet002\services\NNSHTTPS@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSHTTPS@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSHTTPS@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSIDS@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSIDS@ImagePath system32\DRIVERS\NNSIds.sys Reg HKLM\SYSTEM\ControlSet002\services\NNSIDS@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSIDS@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSIDS@DisplayName NNSids Reg HKLM\SYSTEM\ControlSet002\services\NNSIDS@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPICC@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPICC@DisplayName NNSPicc Reg HKLM\SYSTEM\ControlSet002\services\NNSPICC@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPICC@ImagePath system32\DRIVERS\NNSPicc.sys Reg HKLM\SYSTEM\ControlSet002\services\NNSPICC@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPICC@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPOP3@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPOP3@DisplayName NNSPop3 Reg HKLM\SYSTEM\ControlSet002\services\NNSPOP3@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPOP3@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPOP3@ImagePath system32\DRIVERS\NNSPop3.sys Reg HKLM\SYSTEM\ControlSet002\services\NNSPOP3@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPROT@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPROT@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPROT@DisplayName NNSProt Reg HKLM\SYSTEM\ControlSet002\services\NNSPROT@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPROT@ImagePath system32\DRIVERS\NNSProt.sys Reg HKLM\SYSTEM\ControlSet002\services\NNSPROT@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPRV@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPRV@DisplayName NNSPrv Reg HKLM\SYSTEM\ControlSet002\services\NNSPRV@ImagePath system32\DRIVERS\NNSPrv.sys Reg HKLM\SYSTEM\ControlSet002\services\NNSPRV@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPRV@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSPRV@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSSMTP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSSMTP@ImagePath system32\DRIVERS\NNSSmtp.sys Reg HKLM\SYSTEM\ControlSet002\services\NNSSMTP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSSMTP@DisplayName NNSSmtp Reg HKLM\SYSTEM\ControlSet002\services\NNSSMTP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSSMTP@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSSTRM@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSSTRM@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSSTRM@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSSTRM@DisplayName NNSStrm Reg HKLM\SYSTEM\ControlSet002\services\NNSSTRM@ImagePath system32\DRIVERS\NNSStrm.sys Reg HKLM\SYSTEM\ControlSet002\services\NNSSTRM@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSTLSC@ImagePath system32\DRIVERS\NNSTlsc.sys Reg HKLM\SYSTEM\ControlSet002\services\NNSTLSC@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSTLSC@DisplayName NNSTlsc Reg HKLM\SYSTEM\ControlSet002\services\NNSTLSC@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSTLSC@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\NNSTLSC@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINAflt@Tag 9 Reg HKLM\SYSTEM\ControlSet002\services\PSINAflt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINAflt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\PSINAflt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINAflt@Description PSINAflt Driver Reg HKLM\SYSTEM\ControlSet002\services\PSINAflt@Group FSFilter Replication Reg HKLM\SYSTEM\ControlSet002\services\PSINAflt@DisplayName PSINAflt Reg HKLM\SYSTEM\ControlSet002\services\PSINAflt@ImagePath system32\DRIVERS\PSINAflt.sys Reg HKLM\SYSTEM\ControlSet002\services\PSINAflt@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINFile@Tag 14 Reg HKLM\SYSTEM\ControlSet002\services\PSINFile@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\PSINFile@DebugFlags 0 Reg HKLM\SYSTEM\ControlSet002\services\PSINFile@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\PSINFile@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\PSINFile@DisplayName PSINFile Reg HKLM\SYSTEM\ControlSet002\services\PSINFile@ImagePath system32\DRIVERS\PSINFile.sys Reg HKLM\SYSTEM\ControlSet002\services\PSINFile@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\PSINFile@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINFile@Description PSINFile Mini-Filter Driver Reg HKLM\SYSTEM\ControlSet002\services\PSINFile@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINFile\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\PSINFile\Instances@DefaultInstance PSINFile Instance Reg HKLM\SYSTEM\ControlSet002\services\PSINFile\Instances\PSINFile Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\PSINFile\Instances\PSINFile Instance@Altitude 327610 Reg HKLM\SYSTEM\ControlSet002\services\PSINFile\Instances\PSINFile Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\PSINKNC@ImagePath system32\DRIVERS\psinknc.sys Reg HKLM\SYSTEM\ControlSet002\services\PSINKNC@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINKNC@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINKNC@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINKNC@DisplayName PSINKnc Reg HKLM\SYSTEM\ControlSet002\services\PSINKNC@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINKNC\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\PSINKNC\Parameters@BasePath C:\ProgramData\Panda Security\Panda Cloud Antivirus\ Reg HKLM\SYSTEM\ControlSet002\services\PSINProc@Tag 15 Reg HKLM\SYSTEM\ControlSet002\services\PSINProc@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\PSINProc@Description PSINProc Filter Driver Reg HKLM\SYSTEM\ControlSet002\services\PSINProc@ImagePath system32\DRIVERS\PSINProc.sys Reg HKLM\SYSTEM\ControlSet002\services\PSINProc@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\PSINProc@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINProc@DisplayName PSINProc Reg HKLM\SYSTEM\ControlSet002\services\PSINProc@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\PSINProc@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\PSINProc@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINProc\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\PSINProc\Instances@DefaultInstance PSINProc Instance Reg HKLM\SYSTEM\ControlSet002\services\PSINProc\Instances\PSINProc Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\PSINProc\Instances\PSINProc Instance@Altitude 327620 Reg HKLM\SYSTEM\ControlSet002\services\PSINProc\Instances\PSINProc Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\PSINProc\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\PSINProc\Parameters@WaitTimeout 3000 Reg HKLM\SYSTEM\ControlSet002\services\PSINProt@Description PSINProt Driver Reg HKLM\SYSTEM\ControlSet002\services\PSINProt@DisplayName PSINProt Reg HKLM\SYSTEM\ControlSet002\services\PSINProt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINProt@Group FSFilter Replication Reg HKLM\SYSTEM\ControlSet002\services\PSINProt@ImagePath system32\DRIVERS\PSINProt.sys Reg HKLM\SYSTEM\ControlSet002\services\PSINProt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\PSINProt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINProt@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINReg@Description PSINReg Driver Reg HKLM\SYSTEM\ControlSet002\services\PSINReg@DisplayName PSINReg Reg HKLM\SYSTEM\ControlSet002\services\PSINReg@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINReg@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\PSINReg@ImagePath system32\DRIVERS\PSINReg.sys Reg HKLM\SYSTEM\ControlSet002\services\PSINReg@Start 3 Reg HKLM\SYSTEM\ControlSet002\services\PSINReg@Tag 9 Reg HKLM\SYSTEM\ControlSet002\services\PSINReg@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINReg@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\PSINReg\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\PSINReg\Parameters@ Reg HKLM\SYSTEM\ControlSet002\services\PSUAService@Type 16 Reg HKLM\SYSTEM\ControlSet002\services\PSUAService@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\PSUAService@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\PSUAService@ImagePath "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe" Reg HKLM\SYSTEM\ControlSet002\services\PSUAService@DisplayName Panda Product Service Reg HKLM\SYSTEM\ControlSet002\services\PSUAService@DependOnService RPCSS? Reg HKLM\SYSTEM\ControlSet002\services\PSUAService@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\PSUAService@Description Panda Product Service ---- EOF - GMER 2.1 ----