GMER 2.1.19115 - http://www.gmer.net Rootkit scan 2013-03-02 19:03:57 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: 740hhs4g.exe; Driver: C:\Users\Ilona\AppData\Local\Temp\kwddakod.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076021465 2 bytes [02, 76] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760214bb 2 bytes [02, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076021465 2 bytes [02, 76] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4328] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760214bb 2 bytes [02, 76] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dbcec5f Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dbcec5f (not active ControlSet) ---- Files - GMER 2.1 ---- File C:\ADSM_PData_0150 0 bytes File C:\ADSM_PData_0150\DB 0 bytes File C:\ADSM_PData_0150\DB\SI.db 624 bytes File C:\ADSM_PData_0150\DB\UL.db 16 bytes File C:\ADSM_PData_0150\DB\VL.db 16 bytes File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable File C:\ADSM_PData_0150\_avt 512 bytes ---- EOF - GMER 2.1 ----