GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-02-08 10:40:46 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721050CLA660 rev.JP2OA41A 465,76GB Running: hphkmomd.exe; Driver: C:\Users\user\AppData\Local\Temp\fwldqpow.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074f61401 2 bytes JMP 74e8b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074f61419 2 bytes JMP 74e8b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074f61431 2 bytes JMP 74f09149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074f6144a 2 bytes CALL 74e64885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074f614dd 2 bytes JMP 74f08a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074f614f5 2 bytes JMP 74f08c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074f6150d 2 bytes JMP 74f08938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074f61525 2 bytes JMP 74f08d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074f6153d 2 bytes JMP 74e7fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074f61555 2 bytes JMP 74e86907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074f6156d 2 bytes JMP 74f09201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074f61585 2 bytes JMP 74f08d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074f6159d 2 bytes JMP 74f088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074f615b5 2 bytes JMP 74e7fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074f615cd 2 bytes JMP 74e8b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074f616b2 2 bytes JMP 74f090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\RescueTime\RescueTime.exe[3160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074f616bd 2 bytes JMP 74f08891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074f61401 2 bytes JMP 74e8b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074f61419 2 bytes JMP 74e8b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074f61431 2 bytes JMP 74f09149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074f6144a 2 bytes CALL 74e64885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074f614dd 2 bytes JMP 74f08a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074f614f5 2 bytes JMP 74f08c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074f6150d 2 bytes JMP 74f08938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074f61525 2 bytes JMP 74f08d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074f6153d 2 bytes JMP 74e7fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074f61555 2 bytes JMP 74e86907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074f6156d 2 bytes JMP 74f09201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074f61585 2 bytes JMP 74f08d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074f6159d 2 bytes JMP 74f088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074f615b5 2 bytes JMP 74e7fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074f615cd 2 bytes JMP 74e8b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074f616b2 2 bytes JMP 74f090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074f616bd 2 bytes JMP 74f08891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074f61401 2 bytes JMP 74e8b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074f61419 2 bytes JMP 74e8b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074f61431 2 bytes JMP 74f09149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074f6144a 2 bytes CALL 74e64885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074f614dd 2 bytes JMP 74f08a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074f614f5 2 bytes JMP 74f08c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074f6150d 2 bytes JMP 74f08938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074f61525 2 bytes JMP 74f08d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074f6153d 2 bytes JMP 74e7fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074f61555 2 bytes JMP 74e86907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074f6156d 2 bytes JMP 74f09201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074f61585 2 bytes JMP 74f08d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074f6159d 2 bytes JMP 74f088fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074f615b5 2 bytes JMP 74e7fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074f615cd 2 bytes JMP 74e8b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074f616b2 2 bytes JMP 74f090c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe[2448] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074f616bd 2 bytes JMP 74f08891 C:\Windows\syswow64\kernel32.dll ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----