GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-08 13:39:15 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 GOODRAM_C100 rev.S8FM06.1 111,79GB Running: gmer.exe; Driver: L:\TEMP\pgldypow.sys ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\Explorer.EXE[USER32.dll!LoadImageW] [1800060c0] C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\system32\DUI70.dll[USER32.dll!LoadImageW] [1800060c0] C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll IAT C:\Windows\Explorer.EXE[1048] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!LoadImageW] [1800060c0] C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... ---- EOF - GMER 2.2 ----