GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-24 11:19:50 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB Running: gmer.exe; Driver: C:\Users\JAY\AppData\Local\Temp\pxldypow.sys ---- Kernel code sections - GMER 2.2 ---- .text C:\windows\system32\drivers\USBPORT.SYS!DllUnload fffff88003dad30c 12 bytes {MOV RAX, 0xfffffa8006ffe2a0; JMP RAX} ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e41401 2 bytes JMP 769fb233 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e41419 2 bytes JMP 769fb35e C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e41431 2 bytes JMP 76a79149 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e4144a 2 bytes CALL 769d4885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e414dd 2 bytes JMP 76a78a42 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e414f5 2 bytes JMP 76a78c18 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e4150d 2 bytes JMP 76a78938 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e41525 2 bytes JMP 76a78d02 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e4153d 2 bytes JMP 769efcc0 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e41555 2 bytes JMP 769f6907 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e4156d 2 bytes JMP 76a79201 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e41585 2 bytes JMP 76a78d62 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e4159d 2 bytes JMP 76a788fc C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e415b5 2 bytes JMP 769efd59 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e415cd 2 bytes JMP 769fb2f4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e416b2 2 bytes JMP 76a790c4 C:\windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[2424] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e416bd 2 bytes JMP 76a78891 C:\windows\syswow64\kernel32.dll ? C:\windows\system32\mssprxy.dll [608] entry point in ".rdata" section 00000000744f71e6 .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077e41401 2 bytes JMP 769fb233 C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077e41419 2 bytes JMP 769fb35e C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077e41431 2 bytes JMP 76a79149 C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077e4144a 2 bytes CALL 769d4885 C:\windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077e414dd 2 bytes JMP 76a78a42 C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077e414f5 2 bytes JMP 76a78c18 C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077e4150d 2 bytes JMP 76a78938 C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077e41525 2 bytes JMP 76a78d02 C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077e4153d 2 bytes JMP 769efcc0 C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077e41555 2 bytes JMP 769f6907 C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077e4156d 2 bytes JMP 76a79201 C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077e41585 2 bytes JMP 76a78d62 C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077e4159d 2 bytes JMP 76a788fc C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077e415b5 2 bytes JMP 769efd59 C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077e415cd 2 bytes JMP 769fb2f4 C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077e416b2 2 bytes JMP 76a790c4 C:\windows\syswow64\kernel32.dll .text C:\Users\JAY\Downloads\gmer.exe[608] C:\windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077e416bd 2 bytes JMP 76a78891 C:\windows\syswow64\kernel32.dll ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\windows\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [fffff88001076650] \SystemRoot\System32\Drivers\spcp.sys [unknown section] IAT C:\windows\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [fffff880010765dc] \SystemRoot\System32\Drivers\spcp.sys [unknown section] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff8800104135c] \SystemRoot\System32\Drivers\spcp.sys [unknown section] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001041224] \SystemRoot\System32\Drivers\spcp.sys [unknown section] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001041a24] \SystemRoot\System32\Drivers\spcp.sys [unknown section] IAT C:\windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff88001041ba0] \SystemRoot\System32\Drivers\spcp.sys [unknown section] ---- Devices - GMER 2.2 ---- Device \Driver\auy9djay \Device\Scsi\auy9djay1Port1Path0Target0Lun0 fffffa80070772c0 Device \Driver\auy9djay \Device\Scsi\auy9djay1 fffffa80070772c0 Device \FileSystem\Ntfs \Ntfs fffffa80049052c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8004f6d2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8004e102c0 Device \Driver\cdrom \Device\CdRom1 fffffa8004e102c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8004f6d2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{BF181C4D-C617-4FE7-A837-4BE7278C2D47} fffffa8004f9a2c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8004f6d2c0 Device \Driver\volmgr \Device\HarddiskVolume1 fffffa8003b2a2c0 Device \Driver\volmgr \Device\FtControl fffffa8003b2a2c0 Device \Driver\volmgr \Device\VolMgrControl fffffa8003b2a2c0 Device \Driver\volmgr \Device\HarddiskVolume2 fffffa8003b2a2c0 Device \Driver\volmgr \Device\HarddiskVolume3 fffffa8003b2a2c0 Device \Driver\volmgr \Device\HarddiskVolume4 fffffa8003b2a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B6AC41CC-732B-4B03-897C-92612C138041} fffffa8004f9a2c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8004f9a2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{CB65A293-A44E-4EED-BE79-C14500035831} fffffa8004f9a2c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8004f6d2c0 Device \Driver\auy9djay \Device\ScsiPort1 fffffa80070772c0 ---- Modules - GMER 2.2 ---- Module \SystemRoot\System32\Drivers\auy9djay.SYS fffff88004626000-fffff8800466b000 (282624 bytes) ---- Threads - GMER 2.2 ---- Thread C:\windows\System32\svchost.exe [2960:3736] 000007fef99f9688 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a372 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a372@001d6eb97161 0x74 0x8C 0xE9 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a372@d82a7e212c04 0xCA 0xAA 0x9D 0x40 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a372@001adcea00f0 0xC7 0x80 0xF8 0x0D ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a372@205476422159 0x70 0x5B 0x04 0xF2 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a372@20547638bde8 0x19 0x8B 0x9B 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00158315a372@70d4f2390065 0xC7 0xBD 0x73 0xD9 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654edff Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b654f652 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6864 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026b66b6982 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 50840 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD4 0xBE 0xF6 0x12 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0xB1 0x69 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0A 0x79 0xA8 0x5C ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BF181C4D-C617-4FE7-A837-4BE7278C2D47}@LeaseObtainedTime 1482571567 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BF181C4D-C617-4FE7-A837-4BE7278C2D47}@T1 1482614767 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BF181C4D-C617-4FE7-A837-4BE7278C2D47}@T2 1482647167 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BF181C4D-C617-4FE7-A837-4BE7278C2D47}@LeaseTerminatesTime 1482657967 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a372 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a372@001d6eb97161 0x74 0x8C 0xE9 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a372@d82a7e212c04 0xCA 0xAA 0x9D 0x40 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a372@001adcea00f0 0xC7 0x80 0xF8 0x0D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a372@205476422159 0x70 0x5B 0x04 0xF2 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a372@20547638bde8 0x19 0x8B 0x9B 0x37 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00158315a372@70d4f2390065 0xC7 0xBD 0x73 0xD9 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654edff (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b654f652 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6864 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026b66b6982 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD4 0xBE 0xF6 0x12 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2F 0xB1 0x69 0x29 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0A 0x79 0xA8 0x5C ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Windows\winsxs\amd64_microsoft-windows-d..e-coretipjpnprofile_31bf3856ad364e35_6.1.7601.23572_none_4046974d2dec97fd\IMJPTIP.DLL (size mismatch) 1242112/1243136 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-i..lified-chinese-core_31bf3856ad364e35_6.1.7601.23572_none_767df08977e35328\ImSCCfg.DLL (size mismatch) 165888/166400 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-oobe-machine-ui_31bf3856ad364e35_6.1.7601.17514_none_c081339cf850430b\msoobeui.dll (size mismatch) 1156608/1161728 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-rasserver_31bf3856ad364e35_6.1.7601.17514_none_09cf3ec67e6c6b50\RasMigPlugin.dll (size mismatch) 155136/217088 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-tpm-driver-wmi_31bf3856ad364e35_6.1.7601.19146_none_cd946f77d6fa15da\Win32_Tpm.dll (size mismatch) 115408/312600 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-w..ovider-cimwin32-dll_31bf3856ad364e35_6.1.7601.17514_none_2dd0f6a01caf55c6\cimwin32.dll (size mismatch) 2055168/2058240 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_6e88c3faa2049408\WmiPrvSD.dll (size mismatch) 750080/754176 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_6e88c3faa2049408\WmiPrvSE.exe (size mismatch) 368640/372736 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WmiApRpl.dll (size mismatch) 137216/137728 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.1.7601.17514_none_3fe5b852ed7138b6\wbemcore.dll (size mismatch) 1220096/1225216 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-wmi-ds-provider_31bf3856ad364e35_6.1.7601.17514_none_e70f3fb2e8f114ba\dsprov.dll (size mismatch) 160256/159232 bytes executable File C:\Windows\winsxs\amd64_microsoft-windows-wmi-ntevent-provider_31bf3856ad364e35_6.1.7601.17514_none_4e7fa5bfc379eecd\ntevt.dll (size mismatch) 266240/265728 bytes executable ---- EOF - GMER 2.2 ----