GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-06-03 13:20:56 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: yfwjq57i.exe; Driver: C:\Users\UYTKOW~1\AppData\Local\Temp\axlcyaoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88003f95c34 12 bytes {MOV RAX, 0xfffffa8004e632a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\OO Software\Defrag\oodag.exe[2028] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000076fb94e0 13 bytes {MOV R11, 0x140002d80; JMP R11} .text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072be1a22 2 bytes [BE, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072be1ad0 2 bytes [BE, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072be1b08 2 bytes [BE, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072be1bba 2 bytes [BE, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072be1bda 2 bytes [BE, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000768f1465 2 bytes [8F, 76] .text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768f14bb 2 bytes [8F, 76] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010a5f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010a5cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010a669c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010a6a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010a68f4] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoAcquireRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoWMIRegistrationControl] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!ExFreePoolWithTag] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoWMIWriteEvent] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoRegisterDeviceInterface] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoSetDeviceInterfaceState] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoStartPacket] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoStartTimer] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!RtlInitUnicodeString] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoDeleteDevice] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!KeSetEvent] [f80348078bc87218] [unknown section] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoFreeWorkItem] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!MmGetSystemRoutineAddress] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!KeInitializeEvent] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!RtlQueryRegistryValues] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!RtlInitAnsiString] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!RtlGetVersion] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoDetachDevice] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!PoRequestPowerIrp] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoCancelIrp] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoStopTimer] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoStartNextPacket] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoAllocateWorkItem] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!_vsnwprintf] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!PoStartNextPowerIrp] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!_vsnprintf] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!ZwClose] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IofCompleteRequest] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoInitializeTimer] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoFreeIrp] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!PoCallDriver] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoAllocateIrp] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!RtlCompareMemory] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!ObfReferenceObject] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoSetStartIoAttributes] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoInitializeRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoCreateDevice] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IofCallDriver] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLockAtDpcLevel] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoBuildPartialMdl] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoReleaseRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoFreeMdl] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!KeDelayExecutionThread] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoGetSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoQueueWorkItem] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoAllocateMdl] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!ZwEnumerateValueKey] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoGetDeviceInterfaces] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!ZwOpenKey] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!KeBugCheckEx] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!KeWaitForSingleObject] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!NlsMbCodePageTag] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoIs32bitProcess] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!MmProbeAndLockPages] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!MmUnlockPages] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoAllocateSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoFreeSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!IoGetIoPriorityHint] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!EtwUnregister] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!EtwRegister] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!EtwEventEnabled] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!EtwWrite] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!EtwProviderEnabled] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[ntoskrnl.exe!__C_specific_handler] [?] IAT C:\Windows\System32\Drivers\a3dpyvaj.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] [?] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\System32\wcnapi.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\System32\wcnapi.dll[KERNEL32.dll!GetTickCount] [0] IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\System32\wcnapi.dll[RPCRT4.dll!Ndr64AsyncClientCall] [0] IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\System32\wcnapi.dll[RPCRT4.dll!CStdStubBuffer_DebugServerRelease] [0] IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\System32\wcnapi.dll[RPCRT4.dll!NdrDllGetClassObject] [0] IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\System32\wcnapi.dll[RPCRT4.dll!NdrCStdStubBuffer_Release] [0] IAT C:\Windows\Explorer.EXE[1872] @ C:\Windows\System32\wcnapi.dll[ole32.dll!CoCreateInstance] [0] ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80039ad2c0 Device \Driver\atapi \Device\Ide\IdePort4 fffffa80039ad2c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80039ad2c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-4 fffffa80039ad2c0 Device \Driver\atapi \Device\Ide\IdePort5 fffffa80039ad2c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80039ad2c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80039ad2c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80039ad2c0 Device \Driver\a3dpyvaj \Device\Scsi\a3dpyvaj1 fffffa8004eba2c0 Device \FileSystem\Ntfs \Ntfs fffffa80043162c0 Device \Driver\usbohci \Device\USBPDO-5 fffffa8004d5e2c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa8004d942c0 Device \Driver\USBSTOR \Device\00000088 fffffa800595a2c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8004d942c0 Device \Driver\USBSTOR \Device\00000084 fffffa800595a2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004af52c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{5A7DE2D5-7933-43FB-A54E-C21560BAEB66} fffffa8004c1a2c0 Device \Driver\usbehci \Device\USBPDO-6 fffffa8004d942c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa8004d5e2c0 Device \Driver\USBSTOR \Device\00000089 fffffa800595a2c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa8004d5e2c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa8004d5e2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8004f362c0 Device \Driver\usbohci \Device\USBFDO-5 fffffa8004d5e2c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa8004d942c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8004d942c0 Device \Driver\USBSTOR \Device\00000086 fffffa800595a2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004c1a2c0 Device \Driver\usbehci \Device\USBFDO-6 fffffa8004d942c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa8004d5e2c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80039ad2c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa8004d5e2c0 Device \Driver\USBSTOR \Device\00000087 fffffa800595a2c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa8004d5e2c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80039ad2c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80039ad2c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80039ad2c0 Device \Driver\atapi \Device\ScsiPort4 fffffa80039ad2c0 Device \Driver\atapi \Device\ScsiPort5 fffffa80039ad2c0 Device \Driver\a3dpyvaj \Device\ScsiPort6 fffffa8004eba2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039ad2c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80039ad2c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049de060] fffffa80049de060 Trace 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> [0xfffffa800493d9b0] fffffa800493d9b0 Trace 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa80049f3060] fffffa80049f3060 Trace \Driver\atapi[0xfffffa8004788760] -> IRP_MJ_CREATE -> 0xfffffa80039ad2c0 fffffa80039ad2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a3dpyvaj.SYS (USB Mass Storage Class Driver/Microsoft Corporation SIGNED)(2011-04-27 04:40:44) fffff88004149000-fffff8800419a000 (331776 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x34 0x38 0x14 0x6D ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBC 0x22 0xB3 0xA2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0xC0 0x8D 0xA4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x34 0x38 0x14 0x6D ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBC 0x22 0xB3 0xA2 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x03 0xC0 0x8D 0xA4 ... ---- EOF - GMER 2.1 ----