GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-15 14:44:35 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB Running: 07m6dgc6.exe; Driver: C:\Users\Mateo\AppData\Local\Temp\pwddikog.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88005228d8c 12 bytes {MOV RAX, 0xfffffa8007b6f2a0; JMP RAX} ---- User code sections - GMER 2.2 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1008] C:\Windows\system32\kernel32.dll!SetUnhandledExceptionFilter 0000000077229010 4 bytes [C3, 00, 00, 00] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074de1401 2 bytes JMP 7668b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074de1419 2 bytes JMP 7668b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074de1431 2 bytes JMP 767090f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074de144a 2 bytes CALL 766648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074de14dd 2 bytes JMP 767089ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074de14f5 2 bytes JMP 76708bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074de150d 2 bytes JMP 767088e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074de1525 2 bytes JMP 76708caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074de153d 2 bytes JMP 7667fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074de1555 2 bytes JMP 76686937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074de156d 2 bytes JMP 767091a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074de1585 2 bytes JMP 76708d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074de159d 2 bytes JMP 767088a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074de15b5 2 bytes JMP 7667fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074de15cd 2 bytes JMP 7668b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074de16b2 2 bytes JMP 7670906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074de16bd 2 bytes JMP 76708839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074de1401 2 bytes JMP 7668b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074de1419 2 bytes JMP 7668b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074de1431 2 bytes JMP 767090f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074de144a 2 bytes CALL 766648ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074de14dd 2 bytes JMP 767089ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074de14f5 2 bytes JMP 76708bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074de150d 2 bytes JMP 767088e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074de1525 2 bytes JMP 76708caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074de153d 2 bytes JMP 7667fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074de1555 2 bytes JMP 76686937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074de156d 2 bytes JMP 767091a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074de1585 2 bytes JMP 76708d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074de159d 2 bytes JMP 767088a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074de15b5 2 bytes JMP 7667fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074de15cd 2 bytes JMP 7668b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074de16b2 2 bytes JMP 7670906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074de16bd 2 bytes JMP 76708839 C:\Windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001097f1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001097cc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff8800109869c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001098a98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010988f4] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoAcquireRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoWMIRegistrationControl] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!ExFreePoolWithTag] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoWMIWriteEvent] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoRegisterDeviceInterface] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoSetDeviceInterfaceState] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoStartPacket] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoStartTimer] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!RtlInitUnicodeString] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoDeleteDevice] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!KeSetEvent] [f80348078bc87218] [unknown section] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoFreeWorkItem] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!MmGetSystemRoutineAddress] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!KeInitializeEvent] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!RtlQueryRegistryValues] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!RtlInitAnsiString] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!RtlGetVersion] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoDetachDevice] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!PoRequestPowerIrp] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoCancelIrp] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoStopTimer] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoStartNextPacket] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoAllocateWorkItem] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!_vsnwprintf] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!PoStartNextPowerIrp] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!_vsnprintf] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!ZwClose] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IofCompleteRequest] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoReleaseRemoveLockAndWaitEx] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoInitializeTimer] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoFreeIrp] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!PoCallDriver] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoAllocateIrp] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!RtlCompareMemory] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!ObfReferenceObject] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoSetStartIoAttributes] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoInitializeRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoCreateDevice] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IofCallDriver] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLockAtDpcLevel] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoBuildPartialMdl] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoReleaseRemoveLockEx] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!KeAcquireInStackQueuedSpinLock] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoFreeMdl] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!KeDelayExecutionThread] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoGetSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoQueueWorkItem] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoAllocateMdl] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!ZwEnumerateValueKey] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoGetDeviceInterfaces] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!ZwOpenKey] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!KeBugCheckEx] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!KeWaitForSingleObject] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!NlsMbCodePageTag] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoIs32bitProcess] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!MmProbeAndLockPages] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!MmUnlockPages] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoAllocateSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoFreeSfioStreamIdentifier] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!IoGetIoPriorityHint] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!EtwUnregister] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!EtwRegister] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!EtwEventEnabled] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!EtwWrite] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!EtwProviderEnabled] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[ntoskrnl.exe!__C_specific_handler] [?] IAT C:\Windows\System32\Drivers\a9148jez.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] [?] ---- Devices - GMER 2.2 ---- Device \Driver\atapi \Device\Ide\IdePort0 fffffa8003c932c0 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 fffffa8003c932c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa8003c932c0 Device \Driver\a9148jez \Device\Scsi\a9148jez1 fffffa800730a2c0 Device \FileSystem\Ntfs \Ntfs fffffa80046312c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80077752c0 Device \Driver\cdrom \Device\CdRom0 fffffa80073f82c0 Device \Driver\USBSTOR \Device\00000094 fffffa800b2b12c0 Device \Driver\cdrom \Device\CdRom1 fffffa80073f82c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{0227BEB2-543B-4832-B477-7F523AA5F37B} fffffa8004be82c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa80077752c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{878193AE-DC3E-47CD-A138-8CFF9FC1CC7F} fffffa8004be82c0 Device \Driver\USBSTOR \Device\00000095 fffffa800b2b12c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{D9106A91-743D-4F08-883C-25A888FD6DA6} fffffa8004be82c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{2A35CBFF-FFDD-4F8A-AC38-25BF4B354454} fffffa8004be82c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80077752c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004be82c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa80077752c0 Device \Driver\atapi \Device\ScsiPort1 fffffa8003c932c0 Device \Driver\atapi \Device\ScsiPort2 fffffa8003c932c0 Device \Driver\a9148jez \Device\ScsiPort3 fffffa800730a2c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\a9148jez.SYS (USB Mass Storage Class Driver/Microsoft Corporation)(2016-03-09 16:20:54) fffff88004cac000-fffff88004cfd000 (331776 bytes) ---- EOF - GMER 2.2 ----