GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-23 18:15:21 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD103SI rev.1AG01113 931,51GB Running: jhnmqgsg.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uwddakob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077cd1401 2 bytes JMP 7578b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077cd1419 2 bytes JMP 7578b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077cd1431 2 bytes JMP 75808ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077cd144a 2 bytes CALL 757648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077cd14dd 2 bytes JMP 758087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077cd14f5 2 bytes JMP 75808978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077cd150d 2 bytes JMP 75808698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077cd1525 2 bytes JMP 75808a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077cd153d 2 bytes JMP 7577fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077cd1555 2 bytes JMP 757868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077cd156d 2 bytes JMP 75808f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077cd1585 2 bytes JMP 75808ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077cd159d 2 bytes JMP 7580865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077cd15b5 2 bytes JMP 7577fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077cd15cd 2 bytes JMP 7578b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077cd16b2 2 bytes JMP 75808e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077cd16bd 2 bytes JMP 758085f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077cd1401 2 bytes JMP 7578b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077cd1419 2 bytes JMP 7578b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077cd1431 2 bytes JMP 75808ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077cd144a 2 bytes CALL 757648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077cd14dd 2 bytes JMP 758087a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077cd14f5 2 bytes JMP 75808978 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077cd150d 2 bytes JMP 75808698 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077cd1525 2 bytes JMP 75808a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077cd153d 2 bytes JMP 7577fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077cd1555 2 bytes JMP 757868ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077cd156d 2 bytes JMP 75808f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077cd1585 2 bytes JMP 75808ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077cd159d 2 bytes JMP 7580865c C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077cd15b5 2 bytes JMP 7577fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077cd15cd 2 bytes JMP 7578b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077cd16b2 2 bytes JMP 75808e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[1116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077cd16bd 2 bytes JMP 758085f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077cd1401 2 bytes JMP 7578b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077cd1419 2 bytes JMP 7578b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077cd1431 2 bytes JMP 75808ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077cd144a 2 bytes CALL 757648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077cd14dd 2 bytes JMP 758087a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077cd14f5 2 bytes JMP 75808978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077cd150d 2 bytes JMP 75808698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077cd1525 2 bytes JMP 75808a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077cd153d 2 bytes JMP 7577fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077cd1555 2 bytes JMP 757868ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077cd156d 2 bytes JMP 75808f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077cd1585 2 bytes JMP 75808ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077cd159d 2 bytes JMP 7580865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077cd15b5 2 bytes JMP 7577fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077cd15cd 2 bytes JMP 7578b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077cd16b2 2 bytes JMP 75808e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[344] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077cd16bd 2 bytes JMP 758085f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077cd1401 2 bytes JMP 7578b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077cd1419 2 bytes JMP 7578b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077cd1431 2 bytes JMP 75808ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077cd144a 2 bytes CALL 757648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077cd14dd 2 bytes JMP 758087a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077cd14f5 2 bytes JMP 75808978 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077cd150d 2 bytes JMP 75808698 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077cd1525 2 bytes JMP 75808a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077cd153d 2 bytes JMP 7577fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077cd1555 2 bytes JMP 757868ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077cd156d 2 bytes JMP 75808f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077cd1585 2 bytes JMP 75808ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077cd159d 2 bytes JMP 7580865c C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077cd15b5 2 bytes JMP 7577fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077cd15cd 2 bytes JMP 7578b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077cd16b2 2 bytes JMP 75808e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077cd16bd 2 bytes JMP 758085f1 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001032e94] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001032c38] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001033614] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001033a10] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff8800103386c] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdePort0 fffffa80042e02c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 fffffa80042e02c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80042e02c0 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80042e02c0 Device \FileSystem\Ntfs \Ntfs fffffa80042e42c0 Device \Driver\usbuhci \Device\USBFDO-3 fffffa80054832c0 Device \Driver\usbuhci \Device\USBPDO-1 fffffa80054832c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004da22c0 Device \Driver\USBSTOR \Device\00000069 fffffa8005ae32c0 Device \Driver\usbehci \Device\USBFDO-4 fffffa80054b52c0 Device \Driver\usbuhci \Device\USBFDO-0 fffffa80054832c0 Device \Driver\usbuhci \Device\USBPDO-2 fffffa80054832c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{01988FF0-DF99-4747-9DC1-739B5C2B212C} fffffa8004e9b2c0 Device \Driver\usbuhci \Device\USBPDO-3 fffffa80054832c0 Device \Driver\usbuhci \Device\USBFDO-1 fffffa80054832c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004e9b2c0 Device \Driver\USBSTOR \Device\00000067 fffffa8005ae32c0 Device \Driver\usbehci \Device\USBPDO-4 fffffa80054b52c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80042e02c0 Device \Driver\usbuhci \Device\USBFDO-2 fffffa80054832c0 Device \Driver\usbuhci \Device\USBPDO-0 fffffa80054832c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80042e02c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80042e02c0]<< sptd.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80042e02c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004911060] fffffa8004911060 Trace 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa80043e5520] fffffa80043e5520 Trace 5 ACPI.sys[fffff880011597a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80043e1680] fffffa80043e1680 Trace \Driver\atapi[0xfffffa80043c7e70] -> IRP_MJ_CREATE -> 0xfffffa80042e02c0 fffffa80042e02c0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD3 0x5E 0x27 0xCD ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD3 0x5E 0x27 0xCD ... ---- EOF - GMER 2.1 ----