Hope someone will help me, because it's getting on my nerves for a really long time, and finally I decided to fix it :/
EDIT: Is there anything wrong?
Attached Files
Edited by Meskis, 16 August 2011 - 01:11 PM.
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Edited by Meskis, 16 August 2011 - 01:11 PM.
GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-08-25 13:50:48 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 Running: 0v84oyy5.exe; Driver: C:\DOCUME~1\Vytene\LOCALS~1\Temp\kxtdqpod.sys ---- System - GMER 1.0.15 ---- SSDT 87482C90 ZwAssignProcessToJobObject SSDT 87483200 ZwDebugActiveProcess SSDT 874832F0 ZwDuplicateObject SSDT 87482590 ZwOpenProcess SSDT 87482800 ZwOpenThread SSDT 87482FD0 ZwProtectVirtualMemory SSDT 874830E0 ZwQueueApcThread SSDT 87482EC0 ZwSetContextThread SSDT 87482D90 ZwSetInformationThread SSDT 8747FDA0 ZwSetSecurityObject SSDT 87482B90 ZwSuspendProcess SSDT 87482A80 ZwSuspendThread SSDT 874826E0 ZwTerminateProcess SSDT 87482A50 ZwTerminateThread SSDT 874836D0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0x9B78E280, 0x7B1C, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[312] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 01851102 C:\Program Files\Unlocker\UnlockerHook.dll .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1732] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 034CA371 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 034CA184 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 034C5BD0 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 034C67A9 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 034C8543 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 034C6F75 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 034C698E IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 034C7DBE IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 034C9A18 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 034C9A48 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 034CA58B IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 034C9772 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 034C84D3 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 034C7625 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 034C6D89 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 034C72D1 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 034CA8B7 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 034C7FBD IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 034C83CF IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 034C8B01 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 034C87F1 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 034C8AAF IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 034C90EE IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 034C8C22 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 034C6B9D IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 034C7580 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 034C9AF3 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 034C88B3 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 034C8486 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 034C81FA IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 034C85C2 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 034CA597 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 034C8788 IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 034CA71C IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 034CA6EA IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 034CA83F IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 034CA89B IAT C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 034CA788 IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetSecurityDescriptorLength] [77DD74BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetSecurityDescriptorControl] [77DE4BB9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!IsValidSecurityDescriptor] [77DE4C11] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!ImpersonateNamedPipeClient] [77DD7426] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegisterEventSourceW] [77DF803C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!ReportEventW] [77DF3681] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!DeregisterEventSource] [77DF79D3] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenSCManagerW] [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenServiceW] [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!StartServiceW] [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!IsValidSid] [77DDF219] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!CopySid] [77DDF0E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SystemFunction040] [77DF7014] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SystemFunction041] [77DEE4D2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!MakeSelfRelativeSD] [77DD745E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!LookupAccountNameW] [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SystemFunction036] [77DD82A2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueA] [77DF9BBF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!TraceMessage] [77E2B355] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!LookupAccountSidW] [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RevertToSelf] [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SetThreadToken] [77DDF193] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaOpenPolicy] [77DE1E27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaQueryInformationPolicy] [77DE2E07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaFreeMemory] [77DE2DDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaClose] [77DE1EF4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!SystemFunction035] [77DE8185] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] [77DFBB8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [77DD73A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LookupAccountNameW] [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA] [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!DuplicateEncryptionInfoFile] [77E135EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AllocateLocallyUniqueId] [77DD748C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [77E36116] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW] [77DDD87A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!InstallApplication] [77E1D7B7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyA] [77DDEFC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!SetThreadToken] [77DDF193] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AccessCheckByType] [77DDF1C9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RevertToSelf] [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!ImpersonateAnonymousToken] [77DE4C5B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSecurityDescriptorLength] [77DD74BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!DuplicateToken] [77DD8211] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptReleaseContext] [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptAcquireContextW] [77DE7F99] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!IsValidSecurityDescriptor] [77DE4C11] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LookupAccountSidW] [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaClose] [77DE1EF4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaFreeMemory] [77DE2DDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaQueryInformationPolicy] [77DE2E07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaOpenPolicy] [77DE1E27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!MakeSelfRelativeSD] [77DD745E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!SetServiceStatus] [77DF3251] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [77DF3E77] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!StartServiceCtrlDispatcherW] [77DF359D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CopySid] [77DDF0E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!DeregisterEventSource] [77DF79D3] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!ReportEventW] [77DF3681] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegisterEventSourceW] [77DF803C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW] [77DDD5E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSidSubAuthority] [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSidSubAuthorityCount] [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSidIdentifierAuthority] [77DDF23B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!IsValidSid] [77DDF219] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenUserClassesRoot] [77DFB461] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CommandLineFromMsiDescriptor] [77DFBE16] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueA] [77DFC79E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetCurrentHwProfileA] [77E0CA61] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueW] [77E36116] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueA] [77DFC79E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [77DDD87A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueA] [77DFBB8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyA] [77DDEFC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [77DF9BBF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!AddAccessDeniedAce] [77DF814F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetUserNameA] [77DE54C4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetUserNameW] [77DE496D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyA] [77DFBCF3] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyW] [77DFBA55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [77DDD5E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [77DD7BD9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!MakeSelfRelativeSD] [77DD745E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorLength] [77DD74BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorOwner] [77DE4B55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetFileSecurityW] [77DFC003] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [77DFBA55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorControl] [77DE4BB9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!EncryptFileW] [77E13390] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!DecryptFileW] [77E133CF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ChangeServiceConfigW] [77E37001] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!StartServiceW] [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ControlService] [77DF4A09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW] [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenServiceW] [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetNamedSecurityInfoW] [77DE4FE6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ConvertSidToStringSidW] [77DDF10F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenCurrentUser] [77DD811B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!LookupAccountNameW] [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [77DF0CF5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessWithLogonW] [77E15FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77DEA8A9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferGetPolicyInformation] [77DF99DD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferiIsExecutableFileType] [77DF98AB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferIdentifyLevel] [77DD9EC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferRecordEventLogEntry] [77E1F78D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferGetLevelInformation] [77DEFCF0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!InstallApplication] [77E1D7B7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferCreateLevel] [77E1E9C5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferComputeTokenFromLevel] [77DDAB3D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferCloseLevel] [77DDAF98] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW] [77DDD87A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CheckTokenMembership] [77DD7FCA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!LookupPrivilegeValueW] [77DFB8DF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CommandLineFromMsiDescriptor] [77DFBE16] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetKeySecurity] [77DF3AFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetUserNameW] [77DE496D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW] [77DD7BD9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [77DEA3E1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!TreeResetNamedSecurityInfoW] [77E223DF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW] [77DDD5E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [77E36116] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!LookupAccountSidW] [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptAcquireContextA] [77DE793D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSignHashA] [77E11FE1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptVerifySignatureA] [77DFC841] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetProviderA] [77E12161] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumKeyExA] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumKeyExW] [77DD7BD9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumValueA] [77DF9BBF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteValueA] [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegConnectRegistryA] [77E3512A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegConnectRegistryW] [77DF817A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSidSubAuthority] [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSidSubAuthorityCount] [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSidIdentifierAuthority] [77DDF23B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!IsValidSid] [77DDF219] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CopySid] [77DDF0E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptReleaseContext] [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetProvParam] [77E110F1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetProvParam] [77DF1339] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDestroyHash] [77DE9BCC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetHashParam] [77DE9DB4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptHashData] [77DE9A9E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptCreateHash] [77DE9C71] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetKeyParam] [77DF1298] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptExportKey] [77E11BF9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDestroyKey] [77DE9EBC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetUserKey] [77E11B21] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptImportKey] [77DEA1F1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGenKey] [77E11849] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumKeyA] [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegGetKeySecurity] [77DF3918] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSecurityDescriptorOwner] [77DE4B55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!LookupPrivilegeValueA] [77DFC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetKeySecurity] [77DF3AFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DE4B05] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorSacl] [77DF4E8E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DE4B2D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetKeyParam] [77E11A51] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGenRandom] [77DFB3F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetHashParam] [77E12091] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDeriveKey] [77DE9FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptEncrypt] [77DEE360] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDecrypt] [77DEA129] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetDefaultProviderW] [77E12D89] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SystemFunction041] [77DEE4D2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!StartServiceW] [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!UnlockServiceDatabase] [77E37CE9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ChangeServiceConfigA] [77E36E69] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!LockServiceDatabase] [77E37919] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!QueryServiceConfigA] [77DF1596] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenServiceW] [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW] [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ControlService] [77DF4A09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!StartServiceA] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetUserNameA] [77DE54C4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetUserNameW] [77DE496D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyW] [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [77DEA3E1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!GetFileSecurityW] [77DFC003] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!IsValidSecurityDescriptor] [77DE4C11] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ConvertSidToStringSidW] [77DDF10F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW] [77DE2F06] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LookupAccountNameW] [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ConvertSecurityDescriptorToStringSecurityDescriptorW] [77E14A45] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegSetKeySecurity] [77DF3AFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegGetKeySecurity] [77DF3918] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!EnumServicesStatusW] [77E37D61] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaLookupNames2] [77DE5CEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaGetUserName] [77DEE2D2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaLookupSids] [77DE58BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CredUnmarshalCredentialW] [77DF6EDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CredFree] [77DEDF8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction034] [77DEDDC6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!MD5Init] [77DE7078] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!MD5Update] [77DE7152] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!MD5Final] [77DE70B2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenServiceA] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!StartServiceA] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction007] [77DF52AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction001] [77DED7BA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegFlushKey] [77DF4CE0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegEnumValueW] [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ChangeServiceConfigW] [77E37001] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!StartServiceW] [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!EnumDependentServicesW] [77E375E1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ControlService] [77DF4A09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW] [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenServiceW] [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!QueryServiceConfigW] [77DF6F92] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RevertToSelf] [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetThreadToken] [77DDF193] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaCreateSecret] [77E1B991] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaQuerySecret] [77E1BF8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaSetSecret] [77E1BE29] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaDelete] [77E1B201] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaSetInformationPolicy] [77E1AFA9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptAcquireContextW] [77DE7F99] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptGenRandom] [77DFB3F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptReleaseContext] [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LookupAccountSidW] [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!GetSidSubAuthorityCount] [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!GetSidSubAuthority] [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaOpenSecret] [77E1BDB9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegConnectRegistryW] [77DF817A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaOpenPolicy] [77DE1E27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaQueryInformationPolicy] [77DE2E07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaFreeMemory] [77DE2DDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaClose] [77DE1EF4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [77DD73A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction016] [77E1711F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction006] [77DF5387] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction012] [77E17091] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteValueW] [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptAcquireContextA] [77DE793D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptGenRandom] [77DFB3F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptReleaseContext] [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyA] [77DDEFC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegEnumKeyA] [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW] [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExW] [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW] [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!TraceEvent] [77E2A901] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!DuplicateTokenEx] [77DD819E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateWellKnownSid] [77DF519D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!SetTokenInformation] [77E0CBCF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E10CE8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorA] [77E14D51] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetSidSubAuthorityCount] [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetSidSubAuthority] [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CheckTokenMembership] [77DD7FCA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteValueA] [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenThreadToken] [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTokenInformation] [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!UnregisterTraceGuids] [77DF56DD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegisterTraceGuidsA] [77DF95A1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!ConvertSidToStringSidW] [77DDF10F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW] [77DE2F06] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptAcquireContextW] [77DE7F99] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptGetProvParam] [77DF1339] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTraceLoggerHandle] [77E2AC89] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTraceEnableLevel] [77E2AD41] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTraceEnableFlags] [77E2AD86] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryInfoKeyA] [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegEnumKeyExA] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetUserNameA] [77DE54C4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenServiceA] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExW] [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!OpenSCManagerA] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!OpenProcessToken] [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!LookupPrivilegeValueA] [77DFC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges] [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!OpenServiceA] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!StartServiceA] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegQueryValueExW] [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue] [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegDeleteKeyA] [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA] [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegEnumKeyExA] [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!AllocateAndInitializeSid] [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!FreeSid] [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetLengthSid] [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetAclInformation] [77DF7E78] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetAce] [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!EqualSid] [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!InitializeAcl] [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!AddAccessDeniedAce] [77DF814F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!AddAccessAllowedAce] [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegGetKeySecurity] [77DF3918] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegQueryValueExA] [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegCloseKey] [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] [77E37211] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!ChangeServiceConfigA] [77E36E69] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RevertToSelf] [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!OpenSCManagerA] [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!QueryServiceStatus] [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!StartServiceA] [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CloseServiceHandle] [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!OpenServiceA] [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetSecurityDescriptorDacl] [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1 ---- EOF - GMER 1.0.15 ----
Edited by Meskis, 25 August 2011 - 05:31 AM.
ComboFix 11-08-24.06 - Vytene 2011.08.25 14:08:02.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2195 [GMT 3:00] Running from: c:\documents and settings\Vytene\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk c:\documents and settings\Vytene\Application Data\EurekaLog c:\documents and settings\Vytene\Application Data\facemoods.com c:\documents and settings\Vytene\Application Data\PriceGong c:\documents and settings\Vytene\Application Data\PriceGong\Data\1.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\a.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\b.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\c.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\d.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\e.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\f.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\g.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\h.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\i.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\y.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\J.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\k.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\l.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\m.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\n.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\o.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\p.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\q.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\r.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\s.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\t.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\u.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\v.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\w.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\x.xml c:\documents and settings\Vytene\Application Data\PriceGong\Data\z.xml c:\documents and settings\Vytene\Application Data\Vytenelog.dat c:\documents and settings\Vytene\WINDOWS c:\program files\RelevantKnowledge c:\program files\Search Toolbar c:\program files\Search Toolbar\SearchToolbar.dll d:\recycler\S-1-5-18\Dd3\dotnetfx30\wic_x86_enu.exe d:\recycler\S-1-5-18\Dd3\dotnetfx30\xpsepsc-x86-en-us.exe d:\recycler\S-1-5-18\Dd3\dotnetfx35\x86\netfx35_x86.exe d:\recycler\S-1-5-18\Dd3\tools\clwireg.exe d:\recycler\S-1-5-18\Dd4\dotnetfx30\wic_x86_enu.exe d:\recycler\S-1-5-18\Dd4\dotnetfx30\xpsepsc-x86-en-us.exe d:\recycler\S-1-5-18\Dd4\dotnetfx35\x86\netfx35_x86.exe d:\recycler\S-1-5-18\Dd4\tools\clwireg.exe d:\recycler\S-1-5-18\Dd5\amd64\filterpipelineprintproc.dll d:\recycler\S-1-5-18\Dd5\amd64\mxdwdrv.dll d:\recycler\S-1-5-18\Dd5\amd64\xpssvcs.dll d:\recycler\S-1-5-18\Dd5\i386\filterpipelineprintproc.dll d:\recycler\S-1-5-18\Dd5\i386\mxdwdrv.dll d:\recycler\S-1-5-18\Dd5\i386\xpssvcs.dll d:\recycler\S-1-5-18\Dd6\dotnetfx30\wic_x86_enu.exe d:\recycler\S-1-5-18\Dd6\dotnetfx30\xpsepsc-x86-en-us.exe d:\recycler\S-1-5-18\Dd6\dotnetfx35\x86\netfx35_x86.exe d:\recycler\S-1-5-18\Dd6\tools\clwireg.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_SSHNAS . . ((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 ))))))))))))))))))))))))))))))) . . 2011-08-25 11:22 . 2011-08-25 11:22 -------- d-----w- c:\windows\system32\xircom 2011-08-25 11:22 . 2011-08-25 11:22 -------- d-----w- c:\windows\system32\wbem\snmp 2011-08-25 11:22 . 2011-08-25 11:22 -------- d-----w- c:\program files\microsoft frontpage 2011-08-25 06:05 . 2011-08-25 06:05 302592 ----a-w- C:\0v84oyy5.exe 2011-08-24 23:50 . 2011-08-24 23:50 -------- d-----w- c:\program files\AVAST Software 2011-08-24 13:22 . 2011-08-24 13:23 -------- d-----w- c:\program files\Common Files\3DO Shared 2011-08-24 13:22 . 2011-08-24 13:22 -------- d-----w- c:\program files\3DO 2011-08-24 10:20 . 2011-08-25 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-08-19 07:20 . 2011-08-20 10:31 -------- d-----w- c:\program files\SweetIM 2011-08-19 07:20 . 2011-08-19 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM 2011-08-19 07:16 . 2011-08-19 07:16 -------- d-----w- c:\program files\2YourFace 2011-08-19 07:16 . 2011-08-12 06:28 785368 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll 2011-08-19 07:16 . 2011-08-19 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium 2011-08-19 07:16 . 2011-08-19 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate 2011-08-18 05:39 . 2011-08-12 05:57 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-08-18 05:39 . 2011-08-12 05:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-08-18 05:39 . 2011-08-12 05:57 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-08-18 05:39 . 2011-08-12 05:57 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-08-18 05:39 . 2011-08-12 05:57 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-08-18 05:39 . 2011-08-12 05:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-08-18 05:39 . 2011-08-12 03:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-08-18 05:39 . 2011-08-12 03:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-08-15 13:49 . 2011-08-15 13:49 111960 ----a-w- c:\windows\dxsdkuninst.exe 2011-08-15 10:44 . 2011-08-15 10:44 -------- d-----w- c:\documents and settings\Vytene\Application Data\ImgBurn 2011-08-15 10:42 . 2011-08-15 10:42 -------- d-----w- c:\program files\ImgBurn 2011-08-12 15:21 . 2011-08-12 15:21 -------- d-----w- c:\documents and settings\Vytene\Application Data\Auslogics 2011-08-12 15:21 . 2011-08-12 15:21 -------- d-----w- c:\program files\Auslogics 2011-08-09 18:20 . 2011-08-16 08:02 -------- d-----w- c:\program files\WhoCrashed 2011-07-27 10:41 . 2011-08-16 21:58 -------- d-----w- c:\documents and settings\Vytene\riotsGamesLogs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-04 21:46 . 2011-05-19 09:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-20 16:24 . 2011-06-16 20:06 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys 2011-06-20 16:24 . 2011-06-16 20:06 36928 ----a-w- c:\windows\system32\drivers\pssdk40.sys 2011-08-12 05:57 . 2011-08-18 05:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . CD00787894008369F56153B91FC28847 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-19 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}] 2011-08-09 08:18 78848 ----a-w- c:\program files\2YourFace\bho.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-23 1271808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-08 15872] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-06-02 114992] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\Vytene\Start Menu\Programs\Startup\ Live Redemption Checker.lnk - c:\program files\eC\LRC\LRC.exe [2011-3-19 2034176] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-19 113664] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\ApexDC++\\ApexDC.exe"= "d:\\Program Files\\ApexDC++\\ApexDC.exe"= "c:\\zMule\\zmule.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8370:TCP"= 8370:TCP:League of Legends Launcher "8370:UDP"= 8370:UDP:League of Legends Launcher "8371:TCP"= 8371:TCP:League of Legends Launcher "8371:UDP"= 8371:UDP:League of Legends Launcher "8372:TCP"= 8372:TCP:League of Legends Launcher "8372:UDP"= 8372:UDP:League of Legends Launcher "8373:TCP"= 8373:TCP:League of Legends Launcher "8373:UDP"= 8373:UDP:League of Legends Launcher "8374:TCP"= 8374:TCP:League of Legends Launcher "8374:UDP"= 8374:UDP:League of Legends Launcher "8375:TCP"= 8375:TCP:League of Legends Launcher "8375:UDP"= 8375:UDP:League of Legends Launcher "8394:TCP"= 8394:TCP:League of Legends Launcher "8394:UDP"= 8394:UDP:League of Legends Launcher "6888:TCP"= 6888:TCP:League of Legends Launcher "6888:UDP"= 6888:UDP:League of Legends Launcher "6957:TCP"= 6957:TCP:League of Legends Launcher "6957:UDP"= 6957:UDP:League of Legends Launcher "6968:TCP"= 6968:TCP:League of Legends Launcher "6968:UDP"= 6968:UDP:League of Legends Launcher "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "6931:TCP"= 6931:TCP:League of Legends Launcher "6931:UDP"= 6931:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher "6889:TCP"= 6889:TCP:League of Legends Launcher "6889:UDP"= 6889:UDP:League of Legends Launcher "8398:TCP"= 8398:TCP:League of Legends Launcher "8398:UDP"= 8398:UDP:League of Legends Launcher "6892:TCP"= 6892:TCP:League of Legends Launcher "6892:UDP"= 6892:UDP:League of Legends Launcher "6882:TCP"= 6882:TCP:League of Legends Launcher "6882:UDP"= 6882:UDP:League of Legends Launcher . R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2008.06.19 23:56 308248] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011.02.04 15:00 218688] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009.09.29 13:02 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009.09.29 13:05 96408] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2011.04.03 14:06 33824] R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006.11.10 16:08 24064] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009.09.29 13:03 735960] S2 gupdate;„Google“ atnaujinimo paslauga (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011.03.04 16:18 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010.09.20 16:20 1691480] S3 GTMM Device Service;GTMM Device Service;c:\program files\Option\GlobeTrotter Mobility Manager\GtmmDeviceService.exe [2007.06.06 16:45 106496] S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007.04.14 05:06 37120] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011.03.04 16:18 136176] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [2011.06.16 23:06 36928] S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2011.06.16 23:06 53312] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] 2009-03-08 01:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 13:18] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 13:18] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-838170752-1417001333-1004Core.job - c:\documents and settings\Vytene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 13:18] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-838170752-1417001333-1004UA.job - c:\documents and settings\Vytene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 13:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.lt/ mStart Page = hxxp://home.sweetim.com/?st=1 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Išsaugoti formas - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Pritaikyti meniu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: RoboForm irankiu juosta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Užpildyti formas - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html TCP: DhcpNameServer = 217.17.85.1 217.17.85.2 DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab FF - ProfilePath - c:\documents and settings\Vytene\Application Data\Mozilla\Firefox\Profiles\7188euru.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.lt/firefox FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll Toolbar-10 - (no file) Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe AddRemove-Cradle Of Persia_is1 - d:\program files\Cradle Of Persia\ReflexiveArcade\unins000.exe AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\uninstall.exe AddRemove-IconPackager - c:\progra~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe AddRemove-Jane's Hotel_is1 - c:\jane's hotel\unins000.exe AddRemove-ZP--LineageII - d:\program files\LineageII_rusai\4GameUninstaller.exe LineageII LineageII.exe system\l2.bin AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\relevantknowledge\rlvknlg.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-25 14:23 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 6.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 6.0\my.ini\" MySQL" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1772) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\LClock\LC.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\RTHDCPL.EXE c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\MySQL\MySQL Server 6.0\bin\mysqld-nt.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2011-08-25 14:27:18 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-25 11:27 . Pre-Run: 2.776.186.880 bytes free Post-Run: 2.772.586.496 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - E3AA615A2559C815F5824AED08D9D2D7
Edited by Meskis, 25 August 2011 - 05:33 AM.
I don't know what are you referring on. If it's something from Combofix we will uninstall it after we clean your PC.How can I disable what it installed, shows up while PC is turning on
FCopy::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
?c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
ComboFix 11-08-24.06 - Vytene 2011.08.25 19:42:09.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2392 [GMT 3:00] Running from: c:\documents and settings\Vytene\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Vytene\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\system32\comct332.ocx c:\windows\system32\zip32.dll . . ((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 ))))))))))))))))))))))))))))))) . . 2011-08-25 11:22 . 2011-08-25 11:22 -------- d-----w- c:\windows\system32\xircom 2011-08-25 11:22 . 2011-08-25 11:22 -------- d-----w- c:\windows\system32\wbem\snmp 2011-08-25 11:22 . 2011-08-25 11:22 -------- d-----w- c:\program files\microsoft frontpage 2011-08-25 06:05 . 2011-08-25 06:05 302592 ----a-w- C:\0v84oyy5.exe 2011-08-24 23:50 . 2011-08-24 23:50 -------- d-----w- c:\program files\AVAST Software 2011-08-24 13:22 . 2011-08-24 13:23 -------- d-----w- c:\program files\Common Files\3DO Shared 2011-08-24 13:22 . 2011-08-24 13:22 -------- d-----w- c:\program files\3DO 2011-08-24 10:20 . 2011-08-25 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-08-19 07:20 . 2011-08-20 10:31 -------- d-----w- c:\program files\SweetIM 2011-08-19 07:20 . 2011-08-19 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM 2011-08-19 07:16 . 2011-08-19 07:16 -------- d-----w- c:\program files\2YourFace 2011-08-19 07:16 . 2011-08-12 06:28 785368 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll 2011-08-19 07:16 . 2011-08-19 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium 2011-08-19 07:16 . 2011-08-19 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate 2011-08-18 05:39 . 2011-08-12 05:57 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-08-18 05:39 . 2011-08-12 05:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-08-18 05:39 . 2011-08-12 05:57 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-08-18 05:39 . 2011-08-12 05:57 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-08-18 05:39 . 2011-08-12 05:57 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-08-18 05:39 . 2011-08-12 05:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-08-18 05:39 . 2011-08-12 03:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-08-18 05:39 . 2011-08-12 03:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-08-15 13:49 . 2011-08-15 13:49 111960 ----a-w- c:\windows\dxsdkuninst.exe 2011-08-15 10:44 . 2011-08-15 10:44 -------- d-----w- c:\documents and settings\Vytene\Application Data\ImgBurn 2011-08-15 10:42 . 2011-08-15 10:42 -------- d-----w- c:\program files\ImgBurn 2011-08-12 15:21 . 2011-08-12 15:21 -------- d-----w- c:\documents and settings\Vytene\Application Data\Auslogics 2011-08-12 15:21 . 2011-08-12 15:21 -------- d-----w- c:\program files\Auslogics 2011-08-09 18:20 . 2011-08-16 08:02 -------- d-----w- c:\program files\WhoCrashed 2011-07-27 10:41 . 2011-08-16 21:58 -------- d-----w- c:\documents and settings\Vytene\riotsGamesLogs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-04 21:46 . 2011-05-19 09:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-20 16:24 . 2011-06-16 20:06 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys 2011-06-20 16:24 . 2011-06-16 20:06 36928 ----a-w- c:\windows\system32\drivers\pssdk40.sys 2011-08-12 05:57 . 2011-08-18 05:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . CD00787894008369F56153B91FC28847 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-19 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2011-08-25_11.23.37 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-25 16:17 . 2011-08-25 16:17 16384 c:\windows\Temp\Perflib_Perfdata_304.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}] 2011-08-09 08:18 78848 ----a-w- c:\program files\2YourFace\bho.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-23 1271808] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-08 15872] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-06-02 114992] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\Vytene\Start Menu\Programs\Startup\ Live Redemption Checker.lnk - c:\program files\eC\LRC\LRC.exe [2011-3-19 2034176] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-19 113664] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\ApexDC++\\ApexDC.exe"= "d:\\Program Files\\ApexDC++\\ApexDC.exe"= "c:\\zMule\\zmule.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8370:TCP"= 8370:TCP:League of Legends Launcher "8370:UDP"= 8370:UDP:League of Legends Launcher "8371:TCP"= 8371:TCP:League of Legends Launcher "8371:UDP"= 8371:UDP:League of Legends Launcher "8372:TCP"= 8372:TCP:League of Legends Launcher "8372:UDP"= 8372:UDP:League of Legends Launcher "8373:TCP"= 8373:TCP:League of Legends Launcher "8373:UDP"= 8373:UDP:League of Legends Launcher "8374:TCP"= 8374:TCP:League of Legends Launcher "8374:UDP"= 8374:UDP:League of Legends Launcher "8375:TCP"= 8375:TCP:League of Legends Launcher "8375:UDP"= 8375:UDP:League of Legends Launcher "8394:TCP"= 8394:TCP:League of Legends Launcher "8394:UDP"= 8394:UDP:League of Legends Launcher "6888:TCP"= 6888:TCP:League of Legends Launcher "6888:UDP"= 6888:UDP:League of Legends Launcher "6957:TCP"= 6957:TCP:League of Legends Launcher "6957:UDP"= 6957:UDP:League of Legends Launcher "6968:TCP"= 6968:TCP:League of Legends Launcher "6968:UDP"= 6968:UDP:League of Legends Launcher "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "6931:TCP"= 6931:TCP:League of Legends Launcher "6931:UDP"= 6931:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher "6889:TCP"= 6889:TCP:League of Legends Launcher "6889:UDP"= 6889:UDP:League of Legends Launcher "8398:TCP"= 8398:TCP:League of Legends Launcher "8398:UDP"= 8398:UDP:League of Legends Launcher "6892:TCP"= 6892:TCP:League of Legends Launcher "6892:UDP"= 6892:UDP:League of Legends Launcher "6882:TCP"= 6882:TCP:League of Legends Launcher "6882:UDP"= 6882:UDP:League of Legends Launcher . R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2008.06.19 23:56 308248] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009.09.29 13:02 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009.09.29 13:05 96408] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2011.04.03 14:06 33824] R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006.11.10 16:08 24064] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009.09.29 13:03 735960] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011.02.04 15:00 218688] S2 gupdate;„Google“ atnaujinimo paslauga (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011.03.04 16:18 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010.09.20 16:20 1691480] S3 GTMM Device Service;GTMM Device Service;c:\program files\Option\GlobeTrotter Mobility Manager\GtmmDeviceService.exe [2007.06.06 16:45 106496] S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007.04.14 05:06 37120] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011.03.04 16:18 136176] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [2011.06.16 23:06 36928] S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2011.06.16 23:06 53312] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] 2009-03-08 01:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 13:18] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 13:18] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-838170752-1417001333-1004Core.job - c:\documents and settings\Vytene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 13:18] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-838170752-1417001333-1004UA.job - c:\documents and settings\Vytene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 13:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.lt/ mStart Page = hxxp://home.sweetim.com/?st=1 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Išsaugoti formas - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Pritaikyti meniu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: RoboForm irankiu juosta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Užpildyti formas - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html TCP: DhcpNameServer = 217.17.85.1 217.17.85.2 DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab FF - ProfilePath - c:\documents and settings\Vytene\Application Data\Mozilla\Firefox\Profiles\7188euru.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.lt/firefox FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-25 19:48 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 6.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 6.0\my.ini\" MySQL" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . Completion time: 2011-08-25 19:50:02 ComboFix-quarantined-files.txt 2011-08-25 16:50 . Pre-Run: 1.281.921.024 bytes free Post-Run: 1.278.386.176 bytes free . - - End Of File - - F114322004018C513450AFDA09C97071
FCopy:: c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
ComboFix 11-08-25.01 - Vytene 2011.08.25 23:19:57.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2334 [GMT 3:00] Running from: c:\documents and settings\Vytene\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Vytene\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((( Files Created from 2011-07-25 to 2011-08-25 ))))))))))))))))))))))))))))))) . . 2011-08-25 11:22 . 2011-08-25 11:22 -------- d-----w- c:\windows\system32\xircom 2011-08-25 11:22 . 2011-08-25 11:22 -------- d-----w- c:\windows\system32\wbem\snmp 2011-08-25 11:22 . 2011-08-25 11:22 -------- d-----w- c:\program files\microsoft frontpage 2011-08-25 06:05 . 2011-08-25 06:05 302592 ----a-w- C:\0v84oyy5.exe 2011-08-24 23:50 . 2011-08-24 23:50 -------- d-----w- c:\program files\AVAST Software 2011-08-24 13:22 . 2011-08-24 13:23 -------- d-----w- c:\program files\Common Files\3DO Shared 2011-08-24 13:22 . 2011-08-24 13:22 -------- d-----w- c:\program files\3DO 2011-08-24 10:20 . 2011-08-25 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-08-19 07:20 . 2011-08-20 10:31 -------- d-----w- c:\program files\SweetIM 2011-08-19 07:20 . 2011-08-19 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SweetIM 2011-08-19 07:16 . 2011-08-19 07:16 -------- d-----w- c:\program files\2YourFace 2011-08-19 07:16 . 2011-08-12 06:28 785368 ----a-w- c:\program files\Mozilla Firefox\sqlite3.dll 2011-08-19 07:16 . 2011-08-19 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium 2011-08-19 07:16 . 2011-08-19 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate 2011-08-18 05:39 . 2011-08-12 05:57 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-08-18 05:39 . 2011-08-12 05:57 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-08-18 05:39 . 2011-08-12 05:57 785368 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-08-18 05:39 . 2011-08-12 05:57 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-08-18 05:39 . 2011-08-12 05:57 1846232 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-08-18 05:39 . 2011-08-12 05:57 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-08-18 05:39 . 2011-08-12 03:16 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-08-18 05:39 . 2011-08-12 03:16 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-08-15 13:49 . 2011-08-15 13:49 111960 ----a-w- c:\windows\dxsdkuninst.exe 2011-08-15 10:44 . 2011-08-15 10:44 -------- d-----w- c:\documents and settings\Vytene\Application Data\ImgBurn 2011-08-15 10:42 . 2011-08-15 10:42 -------- d-----w- c:\program files\ImgBurn 2011-08-12 15:21 . 2011-08-12 15:21 -------- d-----w- c:\documents and settings\Vytene\Application Data\Auslogics 2011-08-12 15:21 . 2011-08-12 15:21 -------- d-----w- c:\program files\Auslogics 2011-08-09 18:20 . 2011-08-16 08:02 -------- d-----w- c:\program files\WhoCrashed 2011-07-27 10:41 . 2011-08-16 21:58 -------- d-----w- c:\documents and settings\Vytene\riotsGamesLogs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-04 21:46 . 2011-05-19 09:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-20 16:24 . 2011-06-16 20:06 53312 ----a-w- c:\windows\system32\drivers\pssdklbf.sys 2011-06-20 16:24 . 2011-06-16 20:06 36928 ----a-w- c:\windows\system32\drivers\pssdk40.sys 2011-08-12 05:57 . 2011-08-18 05:39 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-25_11.23.37 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-25 17:39 . 2011-08-25 17:39 16384 c:\windows\Temp\Perflib_Perfdata_374.dat + 2008-06-19 20:43 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys - 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}] 2011-08-09 08:18 78848 ----a-w- c:\program files\2YourFace\bho.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-23 1271808] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-08 15872] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-06-02 114992] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "nltide_3"="advpack.dll" [2009-03-08 128512] . c:\documents and settings\Vytene\Start Menu\Programs\Startup\ Live Redemption Checker.lnk - c:\program files\eC\LRC\LRC.exe [2011-3-19 2034176] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-19 113664] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "c:\\Program Files\\ApexDC++\\ApexDC.exe"= "d:\\Program Files\\ApexDC++\\ApexDC.exe"= "c:\\zMule\\zmule.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8370:TCP"= 8370:TCP:League of Legends Launcher "8370:UDP"= 8370:UDP:League of Legends Launcher "8371:TCP"= 8371:TCP:League of Legends Launcher "8371:UDP"= 8371:UDP:League of Legends Launcher "8372:TCP"= 8372:TCP:League of Legends Launcher "8372:UDP"= 8372:UDP:League of Legends Launcher "8373:TCP"= 8373:TCP:League of Legends Launcher "8373:UDP"= 8373:UDP:League of Legends Launcher "8374:TCP"= 8374:TCP:League of Legends Launcher "8374:UDP"= 8374:UDP:League of Legends Launcher "8375:TCP"= 8375:TCP:League of Legends Launcher "8375:UDP"= 8375:UDP:League of Legends Launcher "8394:TCP"= 8394:TCP:League of Legends Launcher "8394:UDP"= 8394:UDP:League of Legends Launcher "6888:TCP"= 6888:TCP:League of Legends Launcher "6888:UDP"= 6888:UDP:League of Legends Launcher "6957:TCP"= 6957:TCP:League of Legends Launcher "6957:UDP"= 6957:UDP:League of Legends Launcher "6968:TCP"= 6968:TCP:League of Legends Launcher "6968:UDP"= 6968:UDP:League of Legends Launcher "8396:TCP"= 8396:TCP:League of Legends Launcher "8396:UDP"= 8396:UDP:League of Legends Launcher "6931:TCP"= 6931:TCP:League of Legends Launcher "6931:UDP"= 6931:UDP:League of Legends Launcher "8397:TCP"= 8397:TCP:League of Legends Launcher "8397:UDP"= 8397:UDP:League of Legends Launcher "6889:TCP"= 6889:TCP:League of Legends Launcher "6889:UDP"= 6889:UDP:League of Legends Launcher "8398:TCP"= 8398:TCP:League of Legends Launcher "8398:UDP"= 8398:UDP:League of Legends Launcher "6892:TCP"= 6892:TCP:League of Legends Launcher "6892:UDP"= 6892:UDP:League of Legends Launcher "6882:TCP"= 6882:TCP:League of Legends Launcher "6882:UDP"= 6882:UDP:League of Legends Launcher . R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2008.06.19 23:56 308248] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009.09.29 13:02 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009.09.29 13:05 96408] R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2011.04.03 14:06 33824] R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006.11.10 16:08 24064] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009.09.29 13:03 735960] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011.02.04 15:00 218688] S2 gupdate;„Google“ atnaujinimo paslauga (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011.03.04 16:18 136176] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010.09.20 16:20 1691480] S3 GTMM Device Service;GTMM Device Service;c:\program files\Option\GlobeTrotter Mobility Manager\GtmmDeviceService.exe [2007.06.06 16:45 106496] S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007.04.14 05:06 37120] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011.03.04 16:18 136176] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [2011.06.16 23:06 36928] S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2011.06.16 23:06 53312] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] 2009-03-08 01:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 13:18] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 13:18] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-838170752-1417001333-1004Core.job - c:\documents and settings\Vytene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 13:18] . 2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-838170752-1417001333-1004UA.job - c:\documents and settings\Vytene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 13:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.lt/ mStart Page = hxxp://home.sweetim.com/?st=1 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Išsaugoti formas - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Pritaikyti meniu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: RoboForm irankiu juosta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Užpildyti formas - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html TCP: DhcpNameServer = 217.17.85.1 217.17.85.2 DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab FF - ProfilePath - c:\documents and settings\Vytene\Application Data\Mozilla\Firefox\Profiles\7188euru.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.lt/firefox FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-25 23:26 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 6.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 6.0\my.ini\" MySQL" . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2364) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\LClock\LC.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-08-25 23:27:45 ComboFix-quarantined-files.txt 2011-08-25 20:27 . Pre-Run: 1.286.295.552 bytes free Post-Run: 1.277.177.856 bytes free . - - End Of File - - 1A3A28343EB852B009243000EE3BFC46
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.