GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-07-12 21:18:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006f ST1000DM rev.CC47 931,51GB
Running: gmer.exe; Driver: C:\Users\Bolec\AppData\Local\Temp\fwddrkog.sys


---- Kernel code sections - GMER 2.2 ----

.text   C:\Windows\System32\win32k.sys!W32pServiceTable                                                                              fffff96000135900 7 bytes [80, 48, F3, FF, 01, 55, F0]
.text   C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                          fffff96000135908 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.2 ----

.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                             0000000071d917fa 2 bytes CALL 750011a9 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                         0000000071d91860 2 bytes CALL 750011a9 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                       0000000071d91942 2 bytes JMP 74fb6da1 C:\Windows\syswow64\WS2_32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                      0000000071d9194d 2 bytes JMP 74fbe8de C:\Windows\syswow64\WS2_32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                               00000000754b1401 2 bytes JMP 7502b263 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                 00000000754b1419 2 bytes JMP 7502b38e C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                               00000000754b1431 2 bytes JMP 750a90f1 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                               00000000754b144a 2 bytes CALL 750048ad C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                          * 9
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                  00000000754b14dd 2 bytes JMP 750a89ea C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                           00000000754b14f5 2 bytes JMP 750a8bc0 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                  00000000754b150d 2 bytes JMP 750a88e0 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                           00000000754b1525 2 bytes JMP 750a8caa C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                 00000000754b153d 2 bytes JMP 7501fce8 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                      00000000754b1555 2 bytes JMP 75026937 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                               00000000754b156d 2 bytes JMP 750a91a9 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                 00000000754b1585 2 bytes JMP 750a8d0a C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                    00000000754b159d 2 bytes JMP 750a88a4 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                 00000000754b15b5 2 bytes JMP 7501fd81 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                               00000000754b15cd 2 bytes JMP 7502b324 C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                           00000000754b16b2 2 bytes JMP 750a906c C:\Windows\syswow64\kernel32.dll
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                           00000000754b16bd 2 bytes JMP 750a8839 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[1788] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW  0000000075392bdc 5 bytes JMP 0000000000338c60

---- Threads - GMER 2.2 ----

Thread  C:\Windows\System32\svchost.exe [1752:1780]                                                                                  000007fef0819688

---- EOF - GMER 2.2 ----