GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-09-11 14:28:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JF4Z 698,64GB
Running: by22x6k1.exe; Driver: C:\Users\Maku\AppData\Local\Temp\pxldapog.sys


---- Kernel code sections - GMER 2.2 ----

.text   C:\windows\System32\win32k.sys!W32pServiceTable                                                  fffff96000145a00 7 bytes [80, 50, F3, FF, C1, 5C, F0]
.text   C:\windows\System32\win32k.sys!W32pServiceTable + 8                                              fffff96000145a08 3 bytes [C0, 06, 02]

---- Threads - GMER 2.2 ----

Thread  C:\windows\System32\svchost.exe [1684:1752]                                                      000007fef7029688

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6427378a092c                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6427378a092c@5c51887ab808         0xFC 0x21 0x21 0x59 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Configurations@SymbolicLinkValue            0x5C 0x00 0x52 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Data@SymbolicLinkValue                      0x5C 0x00 0x52 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Options@SymbolicLinkValue                   0x5C 0x00 0x52 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6427378a092c (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6427378a092c@5c51887ab808             0xFC 0x21 0x21 0x59 ...
Reg     HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Configurations@SymbolicLinkValue                0x5C 0x00 0x52 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Data@SymbolicLinkValue                          0x5C 0x00 0x52 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Options@SymbolicLinkValue                       0x5C 0x00 0x52 0x00 ...
Reg     HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue                                                0x5C 0x00 0x52 0x00 ...
Reg     HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue                                       0x5C 0x00 0x52 0x00 ...

---- EOF - GMER 2.2 ----