GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-11 22:55:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000067 KINGSTON rev.E120 119,24GB
Running: gmer.exe; Driver: C:\Users\Qairo\AppData\Local\Temp\pwddikoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\system32\taskhost.exe[1472] C:\Windows\system32\ws2_32.dll!connect + 1                                                   000007fefed145c1 5 bytes {JMP QWORD [RIP-0x7fef458e]}
.text  C:\Windows\system32\taskhost.exe[1472] C:\Windows\system32\ws2_32.dll!getsockname                                                   000007fefed19480 6 bytes {JMP QWORD [RIP-0x7fed9416]}
.text  C:\Windows\system32\taskhost.exe[1472] C:\Windows\system32\ws2_32.dll!WSAConnect                                                    000007fefed3e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]}
.text  C:\Windows\system32\taskhost.exe[1472] C:\Windows\system32\ws2_32.dll!getpeername                                                   000007fefed3e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]}
.text  C:\Windows\system32\Dwm.exe[1556] C:\Windows\system32\ws2_32.dll!connect + 1                                                        000007fefed145c1 5 bytes {JMP QWORD [RIP-0x7fef458e]}
.text  C:\Windows\system32\Dwm.exe[1556] C:\Windows\system32\ws2_32.dll!getsockname                                                        000007fefed19480 6 bytes {JMP QWORD [RIP-0x7fed9416]}
.text  C:\Windows\system32\Dwm.exe[1556] C:\Windows\system32\ws2_32.dll!WSAConnect                                                         000007fefed3e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]}
.text  C:\Windows\system32\Dwm.exe[1556] C:\Windows\system32\ws2_32.dll!getpeername                                                        000007fefed3e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]}
.text  C:\Windows\Explorer.EXE[1596] C:\Windows\system32\WS2_32.dll!connect + 1                                                            000007fefed145c1 5 bytes {JMP QWORD [RIP-0x7fef458e]}
.text  C:\Windows\Explorer.EXE[1596] C:\Windows\system32\WS2_32.dll!getsockname                                                            000007fefed19480 6 bytes {JMP QWORD [RIP-0x7fed9416]}
.text  C:\Windows\Explorer.EXE[1596] C:\Windows\system32\WS2_32.dll!WSAConnect                                                             000007fefed3e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]}
.text  C:\Windows\Explorer.EXE[1596] C:\Windows\system32\WS2_32.dll!getpeername                                                            000007fefed3e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]}
.text  C:\Program Files\kX Audio Driver\3550\kxmixer.exe[1084] C:\Windows\system32\ws2_32.dll!connect + 1                                  000007fefed145c1 5 bytes {JMP QWORD [RIP-0x7fef458e]}
.text  C:\Program Files\kX Audio Driver\3550\kxmixer.exe[1084] C:\Windows\system32\ws2_32.dll!getsockname                                  000007fefed19480 6 bytes {JMP QWORD [RIP-0x7fed9416]}
.text  C:\Program Files\kX Audio Driver\3550\kxmixer.exe[1084] C:\Windows\system32\ws2_32.dll!WSAConnect                                   000007fefed3e0f0 6 bytes {JMP QWORD [RIP-0x7fefe0be]}
.text  C:\Program Files\kX Audio Driver\3550\kxmixer.exe[1084] C:\Windows\system32\ws2_32.dll!getpeername                                  000007fefed3e450 6 bytes {JMP QWORD [RIP-0x7fefe3ae]}
.text  C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076bf1465 2 bytes [BF, 76]
.text  C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076bf14bb 2 bytes [BF, 76]
.text  ...                                                                                                                                 * 2
.text  C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe[1652] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38           00000000766830aa 7 bytes JMP 00000001037c0095
.text  C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe[1652] C:\Windows\syswow64\WS2_32.dll!recv + 202                 0000000076686bd8 7 bytes JMP 00000001037c002d
.text  C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe[1652] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185              0000000076687142 7 bytes JMP 00000001037c00c9
.text  C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe[1652] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom + 148          000000007668cc3a 7 bytes JMP 00000001037c0061
.text  C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076bf1465 2 bytes [BF, 76]
.text  C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe[1652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076bf14bb 2 bytes [BF, 76]
.text  ...                                                                                                                                 * 2
.text  C:\Users\Qairo\AppData\Local\GG\Application\ggdrive\ggdrive.exe[1364] C:\Windows\syswow64\WS2_32.dll!ioctlsocket + 38               00000000766830aa 7 bytes JMP 0000000100330095
.text  C:\Users\Qairo\AppData\Local\GG\Application\ggdrive\ggdrive.exe[1364] C:\Windows\syswow64\WS2_32.dll!recv + 202                     0000000076686bd8 7 bytes JMP 000000010033002d
.text  C:\Users\Qairo\AppData\Local\GG\Application\ggdrive\ggdrive.exe[1364] C:\Windows\syswow64\WS2_32.dll!WSARecv + 185                  0000000076687142 7 bytes JMP 00000001003300c9
.text  C:\Users\Qairo\AppData\Local\GG\Application\ggdrive\ggdrive.exe[1364] C:\Windows\syswow64\WS2_32.dll!WSARecvFrom + 148              000000007668cc3a 7 bytes JMP 0000000100330061

---- EOF - GMER 2.1 ----