GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-06 20:45:06 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST500DM002-1BC142 rev.JC4B 465,76GB Running: nlhz26gz.exe; Driver: C:\Users\Marcin\AppData\Local\Temp\awrdrpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff880045abd64 12 bytes {MOV RAX, 0xfffffa80080c32a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1652] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075978799 4 bytes [C2, 04, 00, 00] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1652] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077961465 2 bytes [96, 77] .text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1652] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000779614bb 2 bytes [96, 77] .text ... * 2 .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077961465 2 bytes [96, 77] .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000779614bb 2 bytes [96, 77] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1476] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 0000000077304296 5 bytes JMP 00000001288c8580 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1476] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000077304889 5 bytes JMP 00000001288c7490 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1476] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007730d1ea 5 bytes JMP 00000001288c7cd0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1476] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExA 000000007731469b 5 bytes JMP 00000001288c79a0 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1476] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000077317673 5 bytes JMP 00000001288c7830 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077961465 2 bytes [96, 77] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000779614bb 2 bytes [96, 77] .text ... * 2 .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077961465 2 bytes [96, 77] .text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[1620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000779614bb 2 bytes [96, 77] .text ... * 2 .text C:\PROGRA~2\SpeedBit Video Accelerator\VideoAcceleratorService.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077961465 2 bytes [96, 77] .text C:\PROGRA~2\SpeedBit Video Accelerator\VideoAcceleratorService.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000779614bb 2 bytes [96, 77] .text ... * 2 .text C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077961465 2 bytes [96, 77] .text C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe[2456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000779614bb 2 bytes [96, 77] .text ... * 2 .text C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe[2644] C:\Windows\syswow64\ws2_32.dll!getaddrinfo 0000000077304296 5 bytes JMP 00000001288c8580 .text C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe[2644] C:\Windows\syswow64\ws2_32.dll!GetAddrInfoW 0000000077304889 5 bytes JMP 00000001288c7490 .text C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe[2644] C:\Windows\syswow64\ws2_32.dll!GetAddrInfoExW 000000007730d1ea 5 bytes JMP 00000001288c7cd0 .text C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe[2644] C:\Windows\syswow64\ws2_32.dll!GetAddrInfoExA 000000007731469b 5 bytes JMP 00000001288c79a0 .text C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe[2644] C:\Windows\syswow64\ws2_32.dll!gethostbyname 0000000077317673 5 bytes JMP 00000001288c7830 .text C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077961465 2 bytes [96, 77] .text C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000779614bb 2 bytes [96, 77] .text ... * 2 .text C:\Users\Marcin\Desktop\OTL.exe[2448] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000077961465 2 bytes [96, 77] .text C:\Users\Marcin\Desktop\OTL.exe[2448] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 00000000779614bb 2 bytes [96, 77] .text ... * 2 ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010aef1c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010aecc0] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010af69c] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010afa98] \SystemRoot\System32\Drivers\sptd.sys [.text] IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010af8f4] \SystemRoot\System32\Drivers\sptd.sys [.text] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2296] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef599741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2296] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef5995f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2296] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef5995674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2296] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef5995e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2296] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef5997f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2296] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef5996a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2296] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef5996ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2296] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef5997b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2296] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef5997ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2296] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef59978b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2296] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef5994fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2296] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef5995d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2296] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef5997584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Devices - GMER 2.1 ---- Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-6 fffffa80069e42c0 Device \Driver\atapi \Device\Ide\IdePort0 fffffa80069e42c0 Device \Driver\atapi \Device\Ide\IdePort1 fffffa80069e42c0 Device \Driver\atapi \Device\Ide\IdePort2 fffffa80069e42c0 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 fffffa80069e42c0 Device \Driver\atapi \Device\Ide\IdePort3 fffffa80069e42c0 Device \Driver\VClone \Device\Scsi\VClone1Port4Path0Target0Lun0 fffffa80083422c0 Device \Driver\VClone \Device\Scsi\VClone1 fffffa80083422c0 Device \Driver\aknqtpjr \Device\Scsi\aknqtpjr1 fffffa80081bd2c0 Device \Driver\aknqtpjr \Device\Scsi\aknqtpjr1Port5Path0Target0Lun0 fffffa80081bd2c0 Device \FileSystem\Ntfs \Ntfs fffffa80069e82c0 Device \Driver\usbohci \Device\USBPDO-5 fffffa80080f52c0 Device \Driver\usbehci \Device\USBFDO-3 fffffa80081342c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{6D9FC2E3-9361-4E36-959E-394197F6296E} fffffa8007da52c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa80081342c0 Device \Driver\cdrom \Device\CdRom0 fffffa8007cb82c0 Device \Driver\cdrom \Device\CdRom1 fffffa8007cb82c0 Device \Driver\cdrom \Device\CdRom2 fffffa8007cb82c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{FA6AD2FB-6A7E-499F-8318-6571B34B08CC} fffffa8007da52c0 Device \Driver\usbehci \Device\USBPDO-6 fffffa80081342c0 Device \Driver\usbohci \Device\USBFDO-4 fffffa80080f52c0 Device \Driver\usbohci \Device\USBPDO-2 fffffa80080f52c0 Device \Driver\usbohci \Device\USBFDO-0 fffffa80080f52c0 Device \Driver\usbohci \Device\USBFDO-5 fffffa80080f52c0 Device \Driver\usbehci \Device\USBPDO-3 fffffa80081342c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa80081342c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{2D923FB9-F737-4FD9-B42B-A42990E89EC5} fffffa8007da52c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007da52c0 Device \Driver\usbehci \Device\USBFDO-6 fffffa80081342c0 Device \Driver\usbohci \Device\USBPDO-4 fffffa80080f52c0 Device \Driver\usbohci \Device\USBFDO-2 fffffa80080f52c0 Device \Driver\atapi \Device\ScsiPort0 fffffa80069e42c0 Device \Driver\usbohci \Device\USBPDO-0 fffffa80080f52c0 Device \Driver\atapi \Device\ScsiPort1 fffffa80069e42c0 Device \Driver\atapi \Device\ScsiPort2 fffffa80069e42c0 Device \Driver\atapi \Device\ScsiPort3 fffffa80069e42c0 Device \Driver\VClone \Device\ScsiPort4 fffffa80083422c0 Device \Driver\aknqtpjr \Device\ScsiPort5 fffffa80081bd2c0 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80069e42c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80069e42c0 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007af4060] fffffa8007af4060 Trace 3 CLASSPNP.SYS[fffff88001b8e43f] -> nt!IofCallDriver -> [0xfffffa800781e520] fffffa800781e520 Trace 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8007820060] fffffa8007820060 Trace \Driver\atapi[0xfffffa8006b826b0] -> IRP_MJ_CREATE -> 0xfffffa80069e42c0 fffffa80069e42c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\aknqtpjr.SYS fffff88004b54000-fffff88004ba5000 (331776 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167728c77 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0x37 0xDB 0x5C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x84 0xEA 0x06 0xD1 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEE 0x53 0x37 0x9A ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167728c77 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0x37 0xDB 0x5C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x84 0xEA 0x06 0xD1 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEE 0x53 0x37 0x9A ... Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6D9FC2E3-9361-4E36-959E-394197F6296E}@LeaseObtainedTime 1383765698 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6D9FC2E3-9361-4E36-959E-394197F6296E}@T1 1383765825 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6D9FC2E3-9361-4E36-959E-394197F6296E}@T2 1383765921 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6D9FC2E3-9361-4E36-959E-394197F6296E}@LeaseTerminatesTime 1383765953 Reg HKLM\SYSTEM\ControlSet004\services\BTHPORT\Parameters\Keys\001167728c77 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0x37 0xDB 0x5C ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x84 0xEA 0x06 0xD1 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEE 0x53 0x37 0x9A ... ---- EOF - GMER 2.1 ----