GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-12-28 12:01:28 Windows 5.1.2600 Dodatek Service Pack 3 Running: mgt5oidw.exe; Driver: C:\TMP\pxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xF499A610] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xF499AC10] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xF499A730] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xF499A4B0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xF499A570] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xF499A6D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xF499A790] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xF499A690] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xF499A650] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xF499A7D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xF499A510] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xF499A590] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xF499A4D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xF499A5D0] SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xF499A750] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\PeerBlock\peerblock.exe[416] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes JMP 004314E0 C:\Program Files\PeerBlock\peerblock.exe (PeerBlock/PeerBlock, LLC) .text C:\Program Files\PeerBlock\peerblock.exe[416] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 00B28770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\PeerBlock\peerblock.exe[416] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00B28130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\PeerBlock\peerblock.exe[416] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00B283E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\WINDOWS\system32\wisptis.exe[436] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 01048770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\WINDOWS\system32\wisptis.exe[436] ws2_32.dll!connect 71A54A07 5 Bytes JMP 01048130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\WINDOWS\system32\wisptis.exe[436] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 010483E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\CometBird\CometBird.exe[1324] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0040131E C:\Program Files\CometBird\CometBird.exe (CometBird/CometNetwork) .text C:\Program Files\CometBird\CometBird.exe[1324] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 00ED8770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\CometBird\CometBird.exe[1324] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00ED8130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\CometBird\CometBird.exe[1324] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00ED83E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\WINDOWS\Explorer.EXE[1332] SHELL32.dll!SHFileOperationW 7CA708E4 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\WINDOWS\Explorer.EXE[1332] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 02748770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\WINDOWS\Explorer.EXE[1332] ws2_32.dll!connect 71A54A07 5 Bytes JMP 02748130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\WINDOWS\Explorer.EXE[1332] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 027483E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1604] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00DC8770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1604] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00DC8130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1604] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00DC83E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1612] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00FD8770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1612] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00FD8130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1612] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00FD83E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1628] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00958770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1628] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00958130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Unlocker\UnlockerAssistant.exe[1628] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 009583E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1636] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 009B8770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1636] ws2_32.dll!connect 71A54A07 5 Bytes JMP 009B8130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1636] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 009B83E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1664] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 012E8770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1664] WS2_32.dll!connect 71A54A07 5 Bytes JMP 012E8130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[1664] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 012E83E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[1672] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 01658770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[1672] ws2_32.dll!connect 71A54A07 5 Bytes JMP 01658130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ID-Blaster Plus\idblasterplus.exe[1672] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 016583E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\BeFaster\befaster4.exe[1684] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 018F8770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\BeFaster\befaster4.exe[1684] ws2_32.dll!connect 71A54A07 5 Bytes JMP 018F8130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\BeFaster\befaster4.exe[1684] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 018F83E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\LClock\lclock.exe[1696] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00A28770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\LClock\lclock.exe[1696] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00A28130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\LClock\lclock.exe[1696] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00A283E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1728] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 06F08770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1728] WS2_32.dll!connect 71A54A07 5 Bytes JMP 06F08130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1728] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 06F083E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1792] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Hotspot Shield\bin\openvpntray.exe[3180] WS2_32.dll!getsockname 71A53D10 5 Bytes JMP 00DE8770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Hotspot Shield\bin\openvpntray.exe[3180] WS2_32.dll!connect 71A54A07 5 Bytes JMP 00DE8130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text C:\Program Files\Hotspot Shield\bin\openvpntray.exe[3180] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00DE83E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text F:\Programy\ANTYVIRUSY\Gmer\mgt5oidw.exe[3204] ws2_32.dll!getsockname 71A53D10 5 Bytes JMP 00B18770 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text F:\Programy\ANTYVIRUSY\Gmer\mgt5oidw.exe[3204] ws2_32.dll!connect 71A54A07 5 Bytes JMP 00B18130 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) .text F:\Programy\ANTYVIRUSY\Gmer\mgt5oidw.exe[3204] ws2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 00B183E0 C:\Program Files\Ad Muncher\AM32-32300.dll (Ad Muncher 32-bit Hook DLL/Murray Hurps Corp Pty Ltd) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [02355760] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [02354BA0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [023557B0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [023556D0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [02355690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [02355800] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [02355690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [023556D0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [02355800] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [02354BA0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [02355690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [023556D0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [02355800] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [02353F10] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [02355800] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [02355690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [023556D0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [02354BA0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [02355760] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [02355710] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [02354F80] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [02354DF0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [02353EB0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [02354550] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [02354D20] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [02354720] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [02355800] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [02355690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [023557B0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [02354BA0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [02353F10] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [023557B0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [02355710] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [02355760] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [023556D0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [02354BA0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [02355690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [02355800] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [02354690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [02354720] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [02353EB0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [02355490] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [02355540] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [02354C50] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [02354D20] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [02354F80] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [02354550] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [023545F0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [02354DF0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [02353F10] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [023557B0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [02355690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [023556D0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [02355800] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [02354BA0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [02355760] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [02355710] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [02355110] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [02355540] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [02354690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [02354DF0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [02353EB0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [02354720] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [02354D20] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [02353F60] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [02355270] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [02355380] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [02355300] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [02354F80] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [02355490] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [023541A0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [02354550] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [02354070] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [02355800] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [02355690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!CreateThread] [02354BA0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [023557B0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [02355690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [02354BA0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [02355800] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [02355800] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [02355690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [02355710] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [02355760] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [02354BA0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [023557B0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [02354DF0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [02355690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [02355800] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [023556D0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [02355690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [02355800] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [02354BA0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [023556D0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [02355710] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateThread] [02354BA0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [02355800] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [02355690] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) IAT C:\Program Files\BeFaster\befaster4.exe[1684] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetSystemMetrics] [02354DF0] C:\WINDOWS\system32\SkinFramework.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@ProductId 88288-OEM-1463899-85537 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{525730A3-8128-66D8-F485-6ECE223F6752} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{525730A3-8128-66D8-F485-6ECE223F6752}@abfdkjecmkjclnkkiennaodlphnocencma 0x65 0x62 0x66 0x64 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{525730A3-8128-66D8-F485-6ECE223F6752}@bbfdkjecmkjclnkkieinpogcbdpnjidbmjgb 0x61 0x62 0x6B 0x69 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CF541853-9B4B-EC0C-62BF-E661F698DBC7} Reg HKCU\Software\Microsoft\Windows Media\WMSDK\General@UniqueID {67313963-1138-4007-8616-584823836862} ---- EOF - GMER 1.0.15 ----