[Meskis]

Hello, I have been sent from this thread. I will attach OTL results
Hope someone will help me, because it's getting on my nerves for a really long time, and finally I decided to fix it :/

EDIT: Is there anything wrong?

Attached Files

•  OTL.Txt   78.1KB   106 downloads
•  Extras.Txt   46.71KB   156 downloads

Edited by Meskis, 16 August 2011 - 01:11 PM.

[Advertisements]

Hello Meskis and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

If there is infection we'll find it. Now we're going to conduct series of scans.

Step 1

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Please don't forget to include these items in your reply:

• Combofix log
• GMER log

It would be helpful if you could post each log in separate post

[maliprog]

Hello Meskis and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
• You must reply within 3 days or your topic will be closed

If there is infection we'll find it. Now we're going to conduct series of scans.

Step 1

Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

• Disconnect from the Internet and close all running programs.
• Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
• Click on this link to see a list of programs that should be disabled.
• Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
• Allow the driver to load if asked.
• You may be prompted to scan immediately if it detects rootkit activity.
• If you are prompted to scan your system click "No", save the log and post back the results.
• If not prompted, click the "Rootkit/Malware" tab.
• On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
• Select all drives that are connected to your system to be scanned.
• Click the Scan button to begin. (Please be patient as it can take some time to complete)
• When the scan is finished, click Save to save the scan results to your Desktop.
• Save the file as Results.log and copy/paste the contents in your next reply.
• Exit the program and re-enable all active protection when done.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Please don't forget to include these items in your reply:

• Combofix log
• GMER log

It would be helpful if you could post each log in separate post

[Meskis]

GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-25 13:50:48
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: 0v84oyy5.exe; Driver: C:\DOCUME~1\Vytene\LOCALS~1\Temp\kxtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT            87482C90                                                                                                                                                  ZwAssignProcessToJobObject
SSDT            87483200                                                                                                                                                  ZwDebugActiveProcess
SSDT            874832F0                                                                                                                                                  ZwDuplicateObject
SSDT            87482590                                                                                                                                                  ZwOpenProcess
SSDT            87482800                                                                                                                                                  ZwOpenThread
SSDT            87482FD0                                                                                                                                                  ZwProtectVirtualMemory
SSDT            874830E0                                                                                                                                                  ZwQueueApcThread
SSDT            87482EC0                                                                                                                                                  ZwSetContextThread
SSDT            87482D90                                                                                                                                                  ZwSetInformationThread
SSDT            8747FDA0                                                                                                                                                  ZwSetSecurityObject
SSDT            87482B90                                                                                                                                                  ZwSuspendProcess
SSDT            87482A80                                                                                                                                                  ZwSuspendThread
SSDT            874826E0                                                                                                                                                  ZwTerminateProcess
SSDT            87482A50                                                                                                                                                  ZwTerminateThread
SSDT            874836D0                                                                                                                                                  ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\drivers\oreans32.sys                                                                                                                  section is writeable [0x9B78E280, 0x7B1C, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\Explorer.EXE[312] SHELL32.dll!SHFileOperationW                                                                                                 7CA708A0 5 Bytes  JMP 01851102 C:\Program Files\Unlocker\UnlockerHook.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1732] kernel32.dll!SetUnhandledExceptionFilter                                                        7C84495D 4 Bytes  [C2, 04, 00, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA]                                                                034CA371
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW]                                                               034CA184
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                                                                034C5BD0
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                                                                  034C67A9
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle]                                                                   034C8543
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary]                                                                   034C6F75
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                                                                  034C698E
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW]                                                                   034C7DBE
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock]                                                                  034C9A18
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock]                                                                    034C9A48
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap]                                                                034CA58B
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW]                                                                034C9772
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle]                                                               034C84D3
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread]                                                                  034C7625
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                                                                034C6D89
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW]                                                        034C72D1
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent]                                                             034CA8B7
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile]                                                                      034C7FBD
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer]                                                                034C83CF
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx]                                                               034C8B01
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW]                                                            034C87F1
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile]                                                                 034C8AAF
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW]                                                              034C90EE
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile]                                                               034C8C22
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]                                                                034C6B9D
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess]                                                              034C7580
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc]                                                                   034C9AF3
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile]                                                               034C88B3
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize]                                                                   034C8486
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile]                                                                     034C81FA
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType]                                                                   034C85C2
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP]                                                                        034CA597
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA]                                                            034C8788
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW]                                                                       034CA71C
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW]                                                                     034CA6EA
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW]                                                              034CA83F
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW]                                                                 034CA89B
IAT             C:\WINDOWS\Explorer.EXE[312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW]                                                                     034CA788
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!InitializeSecurityDescriptor]                            [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetSecurityDescriptorLength]                             [77DD74BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetSecurityDescriptorControl]                            [77DE4BB9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!IsValidSecurityDescriptor]                               [77DE4C11] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!ImpersonateNamedPipeClient]                              [77DD7426] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyW]                                             [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegisterEventSourceW]                                    [77DF803C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!ReportEventW]                                            [77DF3681] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!DeregisterEventSource]                                   [77DF79D3] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegDeleteKeyA]                                           [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA]                                         [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA]                                          [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenSCManagerW]                                          [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenServiceW]                                            [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!QueryServiceStatus]                                      [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!StartServiceW]                                           [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!CloseServiceHandle]                                      [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!IsValidSid]                                              [77DDF219] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!EqualSid]                                                [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetLengthSid]                                            [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!CopySid]                                                 [77DDF0E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SystemFunction040]                                       [77DF7014] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SystemFunction041]                                       [77DEE4D2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetSecurityDescriptorDacl]                               [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!MakeSelfRelativeSD]                                      [77DD745E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!InitializeAcl]                                           [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!AddAccessAllowedAce]                                     [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SetSecurityDescriptorDacl]                               [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!LookupAccountNameW]                                      [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SystemFunction036]                                       [77DD82A2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueW]                                           [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegEnumValueA]                                           [77DF9BBF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryInfoKeyA]                                        [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExW]                                        [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA]                                           [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegQueryValueExA]                                        [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCloseKey]                                             [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW]                                           [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!TraceMessage]                                            [77E2B355] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!LookupAccountSidW]                                       [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RevertToSelf]                                            [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenProcessToken]                                        [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!SetThreadToken]                                          [77DDF193] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!GetTokenInformation]                                     [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenThreadToken]                                         [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW]                                         [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaOpenPolicy]                                          [77DE1E27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaQueryInformationPolicy]                              [77DE2E07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaFreeMemory]                                          [77DE2DDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!LsaClose]                                               [77DE1EF4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW]                                        [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegCloseKey]                                            [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!SystemFunction035]                                      [77DE8185] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegDeleteKeyW]                                          [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegEnumValueW]                                          [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegQueryInfoKeyW]                                       [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegQueryValueExW]                                       [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW]                                          [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExA]                                         [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA]                                           [77DFBB8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AccessCheck]                                              [77DD73A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LookupAccountNameW]                                       [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA]                                            [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW]                                          [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumValueW]                                            [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyA]                                              [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyA]                                            [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!DuplicateEncryptionInfoFile]                              [77E135EA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AllocateLocallyUniqueId]                                  [77DD748C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW]                                           [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegDeleteKeyW]                                            [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueW]                                             [77E36116] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueExW]                                         [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueW]                                           [77DDD87A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCloseKey]                                              [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW]                                            [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!InstallApplication]                                       [77E1D7B7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyA]                                              [77DDEFC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyW]                                              [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!SetThreadToken]                                           [77DDF193] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!OpenThreadToken]                                          [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AccessCheckByType]                                        [77DDF1C9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSecurityDescriptorDacl]                                [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!EqualSid]                                                 [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetTokenInformation]                                      [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RevertToSelf]                                             [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!ImpersonateAnonymousToken]                                [77DE4C5B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSecurityDescriptorLength]                              [77DD74BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!DuplicateToken]                                           [77DD8211] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!OpenProcessToken]                                         [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptReleaseContext]                                      [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptAcquireContextW]                                     [77DE7F99] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!IsValidSecurityDescriptor]                                [77DE4C11] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetLengthSid]                                             [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LookupAccountSidW]                                        [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaClose]                                                 [77DE1EF4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaFreeMemory]                                            [77DE2DDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaQueryInformationPolicy]                                [77DE2E07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!LsaOpenPolicy]                                            [77DE1E27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!MakeSelfRelativeSD]                                       [77DD745E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!SetServiceStatus]                                         [77DF3251] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegisterServiceCtrlHandlerW]                              [77DF3E77] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!StartServiceCtrlDispatcherW]                              [77DF359D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CopySid]                                                  [77DDF0E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!SetSecurityDescriptorDacl]                                [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!FreeSid]                                                  [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AddAccessAllowedAce]                                      [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!InitializeAcl]                                            [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!AllocateAndInitializeSid]                                 [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!InitializeSecurityDescriptor]                             [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!DeregisterEventSource]                                    [77DF79D3] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!ReportEventW]                                             [77DF3681] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegisterEventSourceW]                                     [77DF803C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegEnumKeyW]                                              [77DDD5E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetAce]                                                   [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSidSubAuthority]                                       [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSidSubAuthorityCount]                                  [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!GetSidIdentifierAuthority]                                [77DDF23B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!IsValidSid]                                               [77DDF219] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenUserClassesRoot]                                   [77DFB461] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CommandLineFromMsiDescriptor]                             [77DFBE16] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue]                                  [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyW]                                         [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegSetValueA]                                             [77DFC79E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW]                                          [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryInfoKeyA]                                         [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey]                                            [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetCurrentHwProfileA]                                   [77E0CA61] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!OpenThreadToken]                                        [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW]                                          [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW]                                         [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueW]                                           [77E36116] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueA]                                           [77DFC79E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW]                                       [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW]                                         [77DDD87A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueA]                                         [77DFBB8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW]                                       [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW]                                          [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyW]                                            [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyA]                                            [77DDEFC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA]                                          [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA]                                       [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA]                                        [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA]                                          [77DF9BBF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA]                                            [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA]                                         [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA]                                        [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA]                                          [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA]                                       [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetTokenInformation]                                    [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!OpenProcessToken]                                       [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetAce]                                                 [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!FreeSid]                                                [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!SetSecurityDescriptorDacl]                              [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!InitializeSecurityDescriptor]                           [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!AddAccessDeniedAce]                                     [77DF814F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!AddAccessAllowedAce]                                    [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!InitializeAcl]                                          [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetLengthSid]                                           [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!AllocateAndInitializeSid]                               [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetUserNameA]                                           [77DE54C4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!GetUserNameW]                                           [77DE496D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyA]                                          [77DFBCF3] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyW]                                          [77DFBA55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW]                                        [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW]                                          [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW]                                        [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW]                                            [77DDD5E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW]                                          [77DD7BD9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA]                                          [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey]                                            [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AllocateAndInitializeSid]                               [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExW]                                       [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW]                                        [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW]                                         [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!MakeSelfRelativeSD]                                     [77DD745E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorLength]                            [77DD74BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!EqualSid]                                               [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorDacl]                              [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorOwner]                             [77DE4B55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetFileSecurityW]                                       [77DFC003] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW]                                        [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW]                                          [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!FreeSid]                                                [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetAce]                                                 [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AddAccessAllowedAce]                                    [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!InitializeAcl]                                          [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue]                                [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW]                                          [77DFBA55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetSecurityDescriptorControl]                           [77DE4BB9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!EncryptFileW]                                           [77E13390] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!DecryptFileW]                                           [77E133CF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ChangeServiceConfigW]                                   [77E37001] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!StartServiceW]                                          [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ControlService]                                         [77DF4A09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenSCManagerW]                                         [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenServiceW]                                           [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!QueryServiceStatus]                                     [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CloseServiceHandle]                                     [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetNamedSecurityInfoW]                                  [77DE4FE6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ConvertSidToStringSidW]                                 [77DDF10F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenCurrentUser]                                     [77DD811B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!LookupAccountNameW]                                     [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW]                                  [77DF0CF5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessWithLogonW]                                [77E15FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW]                                   [77DEA8A9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferGetPolicyInformation]                              [77DF99DD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferiIsExecutableFileType]                             [77DF98AB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferIdentifyLevel]                                     [77DD9EC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferRecordEventLogEntry]                               [77E1F78D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferGetLevelInformation]                               [77DEFCF0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!InstallApplication]                                     [77E1D7B7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferCreateLevel]                                       [77E1E9C5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferComputeTokenFromLevel]                             [77DDAB3D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SaferCloseLevel]                                        [77DDAF98] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueW]                                         [77DDD87A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenThreadToken]                                        [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CheckTokenMembership]                                   [77DD7FCA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!LookupPrivilegeValueW]                                  [77DFB8DF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges]                                  [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CommandLineFromMsiDescriptor]                           [77DFBE16] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetKeySecurity]                                      [77DF3AFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryInfoKeyW]                                       [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetUserNameW]                                           [77DE496D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyExW]                                          [77DD7BD9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteKeyW]                                          [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumValueW]                                          [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW]                                       [77DEA3E1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!TreeResetNamedSecurityInfoW]                            [77E223DF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegEnumKeyW]                                            [77DDD5E4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyW]                                            [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW]                                           [77E36116] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!LookupAccountSidW]                                      [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetTokenInformation]                                    [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenProcessToken]                                       [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegQueryValueExA]                                       [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA]                                          [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!GetLengthSid]                                           [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptAcquireContextA]                                   [77DE793D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSignHashA]                                         [77E11FE1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptVerifySignatureA]                                  [77DFC841] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetProviderA]                                      [77E12161] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCloseKey]                                            [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryInfoKeyA]                                       [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA]                                        [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExW]                                        [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyA]                                          [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteKeyW]                                          [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumKeyExA]                                          [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumKeyExW]                                          [77DD7BD9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumValueA]                                          [77DF9BBF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumValueW]                                          [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteValueA]                                        [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegDeleteValueW]                                        [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExA]                                       [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW]                                       [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExA]                                         [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetValueExW]                                         [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryInfoKeyW]                                       [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA]                                          [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExW]                                          [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegConnectRegistryA]                                    [77E3512A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegConnectRegistryW]                                    [77DF817A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSidSubAuthority]                                     [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSidSubAuthorityCount]                                [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSidIdentifierAuthority]                              [77DDF23B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!IsValidSid]                                             [77DDF219] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CopySid]                                                [77DDF0E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetLengthSid]                                           [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetTokenInformation]                                    [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenProcessToken]                                       [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenThreadToken]                                        [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptReleaseContext]                                    [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetProvParam]                                      [77E110F1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetProvParam]                                      [77DF1339] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDestroyHash]                                       [77DE9BCC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetHashParam]                                      [77DE9DB4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptHashData]                                          [77DE9A9E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptCreateHash]                                        [77DE9C71] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetKeyParam]                                       [77DF1298] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptExportKey]                                         [77E11BF9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDestroyKey]                                        [77DE9EBC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetUserKey]                                        [77E11B21] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptImportKey]                                         [77DEA1F1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGenKey]                                            [77E11849] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue]                                [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegEnumKeyA]                                            [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AllocateAndInitializeSid]                               [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!FreeSid]                                                [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegGetKeySecurity]                                      [77DF3918] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetAce]                                                 [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSecurityDescriptorDacl]                              [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!EqualSid]                                               [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetSecurityDescriptorOwner]                             [77DE4B55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges]                                  [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!LookupPrivilegeValueA]                                  [77DFC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegSetKeySecurity]                                      [77DF3AFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorOwner]                             [77DE4B05] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!InitializeSecurityDescriptor]                           [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorSacl]                              [77DF4E8E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorDacl]                              [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AddAccessAllowedAce]                                    [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!InitializeAcl]                                          [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SetSecurityDescriptorGroup]                             [77DE4B2D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetKeyParam]                                       [77E11A51] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGenRandom]                                         [77DFB3F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptSetHashParam]                                      [77E12091] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDeriveKey]                                         [77DE9FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptEncrypt]                                           [77DEE360] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptDecrypt]                                           [77DEA129] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CryptGetDefaultProviderW]                               [77E12D89] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!SystemFunction041]                                      [77DEE4D2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!StartServiceW]                                          [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!UnlockServiceDatabase]                                  [77E37CE9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ChangeServiceConfigA]                                   [77E36E69] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!LockServiceDatabase]                                    [77E37919] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!QueryServiceConfigA]                                    [77DF1596] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenServiceW]                                           [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!OpenSCManagerW]                                         [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!ControlService]                                         [77DF4A09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!StartServiceA]                                          [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!CloseServiceHandle]                                     [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!QueryServiceStatus]                                     [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetUserNameA]                                           [77DE54C4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!GetUserNameW]                                           [77DE496D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyW]                                           [77DD7946] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW]                                      [77DEA3E1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!GetFileSecurityW]                                      [77DFC003] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!IsValidSecurityDescriptor]                             [77DE4C11] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA]                                         [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExA]                                      [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ConvertSidToStringSidW]                                [77DDF10F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW]  [77DE2F06] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LookupAccountNameW]                                    [77DE5B59] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ConvertSecurityDescriptorToStringSecurityDescriptorW]  [77E14A45] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegSetKeySecurity]                                     [77DF3AFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegGetKeySecurity]                                     [77DF3918] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!AllocateAndInitializeSid]                              [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!FreeSid]                                               [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!EnumServicesStatusW]                                   [77E37D61] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!EqualSid]                                              [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaLookupNames2]                                       [77DE5CEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaGetUserName]                                        [77DEE2D2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaLookupSids]                                         [77DE58BB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CredUnmarshalCredentialW]                              [77DF6EDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CredFree]                                              [77DEDF8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction034]                                     [77DEDDC6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!MD5Init]                                               [77DE7078] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!MD5Update]                                             [77DE7152] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!MD5Final]                                              [77DE70B2] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerA]                                        [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenServiceA]                                          [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!StartServiceA]                                         [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction007]                                     [77DF52AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction001]                                     [77DED7BA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryInfoKeyW]                                      [77DE49CE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegFlushKey]                                           [77DF4CE0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegEnumValueW]                                         [77DD7EED] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ChangeServiceConfigW]                                  [77E37001] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!StartServiceW]                                         [77DF3E94] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!EnumDependentServicesW]                                [77E375E1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!ControlService]                                        [77DF4A09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenSCManagerW]                                        [77DE6F55] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenServiceW]                                          [77DE6FFD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!QueryServiceConfigW]                                   [77DF6F92] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!QueryServiceStatus]                                    [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CloseServiceHandle]                                    [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RevertToSelf]                                          [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetThreadToken]                                        [77DDF193] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaCreateSecret]                                       [77E1B991] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaQuerySecret]                                        [77E1BF8D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaSetSecret]                                          [77E1BE29] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaDelete]                                             [77E1B201] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaSetInformationPolicy]                               [77E1AFA9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegDeleteKeyW]                                         [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW]                                       [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptAcquireContextW]                                  [77DE7F99] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptGenRandom]                                        [77DFB3F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptReleaseContext]                                   [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LookupAccountSidW]                                     [77DE5707] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!GetSidSubAuthorityCount]                               [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!GetSidSubAuthority]                                    [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW]                                        [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaOpenSecret]                                         [77E1BDB9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegConnectRegistryW]                                   [77DF817A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW]                                         [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaOpenPolicy]                                         [77DE1E27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaQueryInformationPolicy]                             [77DE2E07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaFreeMemory]                                         [77DE2DDE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!LsaClose]                                              [77DE1EF4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegQueryValueExW]                                      [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegCloseKey]                                           [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!OpenThreadToken]                                       [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck]                                           [77DD73A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction016]                                     [77E1711F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction006]                                     [77DF5387] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SystemFunction012]                                     [77E17091] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteValueW]                                        [77DDEDF1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExW]                                       [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptAcquireContextA]                                   [77DE793D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptGenRandom]                                         [77DFB3F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptReleaseContext]                                    [77DE7EEE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyA]                                            [77DDEFC8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegEnumKeyA]                                            [77DE53B8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExW]                                         [77DDD767] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExW]                                        [77DD776C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyW]                                          [77DE559B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!TraceEvent]                                             [77E2A901] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!DuplicateTokenEx]                                       [77DD819E] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateWellKnownSid]                                     [77DF519D] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!SetTokenInformation]                                    [77E0CBCF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA]                                   [77E10CE8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorA]   [77E14D51] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetSidSubAuthorityCount]                                [77DE5582] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetSidSubAuthority]                                     [77DE5550] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!AllocateAndInitializeSid]                               [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CheckTokenMembership]                                   [77DD7FCA] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!FreeSid]                                                [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteValueA]                                        [77DDECE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenThreadToken]                                        [77DD72CC] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenProcessToken]                                       [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTokenInformation]                                    [77DD7305] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExW]                                          [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegDeleteKeyA]                                          [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!UnregisterTraceGuids]                                   [77DF56DD] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegisterTraceGuidsA]                                    [77DF95A1] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!ConvertSidToStringSidW]                                 [77DDF10F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!ConvertStringSecurityDescriptorToSecurityDescriptorW]   [77DE2F06] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptAcquireContextW]                                   [77DE7F99] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CryptGetProvParam]                                      [77DF1339] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTraceLoggerHandle]                                   [77E2AC89] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTraceEnableLevel]                                    [77E2AD41] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetTraceEnableFlags]                                    [77E2AD86] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA]                                        [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegSetValueExA]                                         [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA]                                          [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA]                                       [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryInfoKeyA]                                       [77DE4332] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegEnumKeyExA]                                          [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCloseKey]                                            [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!GetUserNameA]                                           [77DE54C4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenSCManagerA]                                         [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!OpenServiceA]                                           [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CloseServiceHandle]                                     [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!QueryServiceStatus]                                     [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA]                                         [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExW]                                         [77DD6AAF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegCloseKey]                                           [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegQueryValueExA]                                      [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!OpenSCManagerA]                                        [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!CloseServiceHandle]                                    [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!OpenProcessToken]                                      [77DD798B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!LookupPrivilegeValueA]                                 [77DFC238] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges]                                 [77DDF00C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegSetValueExA]                                        [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!OpenServiceA]                                          [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!StartServiceA]                                         [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegQueryValueExW]                                      [77DD6FFF] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegNotifyChangeKeyValue]                                 [77DDD8FE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegDeleteKeyA]                                           [77DE42A0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegSetValueExA]                                          [77DDEAE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegQueryValueExA]                                        [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA]                                           [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA]                                         [77DDE9F4] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCloseKey]                                             [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegEnumKeyExA]                                           [77DE51B6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!AllocateAndInitializeSid]                               [77DD7CC9] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!FreeSid]                                                [77DD7CB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetLengthSid]                                           [77DD7D5C] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetAclInformation]                                      [77DF7E78] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetAce]                                                 [77DE4C33] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!EqualSid]                                               [77DDF07A] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!InitializeSecurityDescriptor]                           [77DD79C6] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!InitializeAcl]                                          [77DD7D09] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!AddAccessDeniedAce]                                     [77DF814F] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!AddAccessAllowedAce]                                    [77DD7D31] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!SetSecurityDescriptorDacl]                              [77DD79EB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegGetKeySecurity]                                      [77DF3918] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA]                                          [77DD7852] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegQueryValueExA]                                       [77DD7ABB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegCloseKey]                                            [77DD6C27] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA]                                         [77E37211] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!ChangeServiceConfigA]                                   [77E36E69] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RevertToSelf]                                           [77DD7338] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!OpenSCManagerA]                                         [77DF69AE] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!QueryServiceStatus]                                     [77DE6D50] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!StartServiceA]                                          [77DEFB58] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CloseServiceHandle]                                     [77DE6CE5] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!OpenServiceA]                                           [77DF4C66] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT             C:\Program Files\Windows Sidebar\sidebar.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!GetSecurityDescriptorDacl]                              [77DD73E7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                    eamon.sys (Amon monitor/ESET)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                 epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                                                                        15
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                                                                           10000
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                                                                         yes
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                                                                        
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                                                                        90
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                                                                          10000
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs                                                                                1

---- EOF - GMER 1.0.15 ----

Edited by Meskis, 25 August 2011 - 05:31 AM.

[Meskis]

ComboFix log:

ComboFix 11-08-24.06 - Vytene 2011.08.25  14:08:02.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.2195 [GMT 3:00]
Running from: c:\documents and settings\Vytene\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\documents and settings\Vytene\Application Data\EurekaLog
c:\documents and settings\Vytene\Application Data\facemoods.com
c:\documents and settings\Vytene\Application Data\PriceGong
c:\documents and settings\Vytene\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Vytene\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Vytene\Application Data\Vytenelog.dat
c:\documents and settings\Vytene\WINDOWS
c:\program files\RelevantKnowledge
c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbar.dll
d:\recycler\S-1-5-18\Dd3\dotnetfx30\wic_x86_enu.exe
d:\recycler\S-1-5-18\Dd3\dotnetfx30\xpsepsc-x86-en-us.exe
d:\recycler\S-1-5-18\Dd3\dotnetfx35\x86\netfx35_x86.exe
d:\recycler\S-1-5-18\Dd3\tools\clwireg.exe
d:\recycler\S-1-5-18\Dd4\dotnetfx30\wic_x86_enu.exe
d:\recycler\S-1-5-18\Dd4\dotnetfx30\xpsepsc-x86-en-us.exe
d:\recycler\S-1-5-18\Dd4\dotnetfx35\x86\netfx35_x86.exe
d:\recycler\S-1-5-18\Dd4\tools\clwireg.exe
d:\recycler\S-1-5-18\Dd5\amd64\filterpipelineprintproc.dll
d:\recycler\S-1-5-18\Dd5\amd64\mxdwdrv.dll
d:\recycler\S-1-5-18\Dd5\amd64\xpssvcs.dll
d:\recycler\S-1-5-18\Dd5\i386\filterpipelineprintproc.dll
d:\recycler\S-1-5-18\Dd5\i386\mxdwdrv.dll
d:\recycler\S-1-5-18\Dd5\i386\xpssvcs.dll
d:\recycler\S-1-5-18\Dd6\dotnetfx30\wic_x86_enu.exe
d:\recycler\S-1-5-18\Dd6\dotnetfx30\xpsepsc-x86-en-us.exe
d:\recycler\S-1-5-18\Dd6\dotnetfx35\x86\netfx35_x86.exe
d:\recycler\S-1-5-18\Dd6\tools\clwireg.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
(((((((((((((((((((((((((   Files Created from 2011-07-25 to 2011-08-25  )))))))))))))))))))))))))))))))
.
.
2011-08-25 11:22 . 2011-08-25 11:22	--------	d-----w-	c:\windows\system32\xircom
2011-08-25 11:22 . 2011-08-25 11:22	--------	d-----w-	c:\windows\system32\wbem\snmp
2011-08-25 11:22 . 2011-08-25 11:22	--------	d-----w-	c:\program files\microsoft frontpage
2011-08-25 06:05 . 2011-08-25 06:05	302592	----a-w-	C:\0v84oyy5.exe
2011-08-24 23:50 . 2011-08-24 23:50	--------	d-----w-	c:\program files\AVAST Software
2011-08-24 13:22 . 2011-08-24 13:23	--------	d-----w-	c:\program files\Common Files\3DO Shared
2011-08-24 13:22 . 2011-08-24 13:22	--------	d-----w-	c:\program files\3DO
2011-08-24 10:20 . 2011-08-25 05:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVAST Software
2011-08-19 07:20 . 2011-08-20 10:31	--------	d-----w-	c:\program files\SweetIM
2011-08-19 07:20 . 2011-08-19 07:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\SweetIM
2011-08-19 07:16 . 2011-08-19 07:16	--------	d-----w-	c:\program files\2YourFace
2011-08-19 07:16 . 2011-08-12 06:28	785368	----a-w-	c:\program files\Mozilla Firefox\sqlite3.dll
2011-08-19 07:16 . 2011-08-19 07:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\Premium
2011-08-19 07:16 . 2011-08-19 07:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\InstallMate
2011-08-18 05:39 . 2011-08-12 05:57	134104	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-18 05:39 . 2011-08-12 05:57	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-08-18 05:39 . 2011-08-12 05:57	785368	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-18 05:39 . 2011-08-12 05:57	478168	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-18 05:39 . 2011-08-12 05:57	1846232	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-08-18 05:39 . 2011-08-12 05:57	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-18 05:39 . 2011-08-12 03:16	2106216	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-18 05:39 . 2011-08-12 03:16	1998168	----a-w-	c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-15 13:49 . 2011-08-15 13:49	111960	----a-w-	c:\windows\dxsdkuninst.exe
2011-08-15 10:44 . 2011-08-15 10:44	--------	d-----w-	c:\documents and settings\Vytene\Application Data\ImgBurn
2011-08-15 10:42 . 2011-08-15 10:42	--------	d-----w-	c:\program files\ImgBurn
2011-08-12 15:21 . 2011-08-12 15:21	--------	d-----w-	c:\documents and settings\Vytene\Application Data\Auslogics
2011-08-12 15:21 . 2011-08-12 15:21	--------	d-----w-	c:\program files\Auslogics
2011-08-09 18:20 . 2011-08-16 08:02	--------	d-----w-	c:\program files\WhoCrashed
2011-07-27 10:41 . 2011-08-16 21:58	--------	d-----w-	c:\documents and settings\Vytene\riotsGamesLogs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-04 21:46 . 2011-05-19 09:09	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 16:24 . 2011-06-16 20:06	53312	----a-w-	c:\windows\system32\drivers\pssdklbf.sys
2011-06-20 16:24 . 2011-06-16 20:06	36928	----a-w-	c:\windows\system32\drivers\pssdk40.sys
2011-08-12 05:57 . 2011-08-18 05:39	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . CD00787894008369F56153B91FC28847 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-19 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}]
2011-08-09 08:18	78848	----a-w-	c:\program files\2YourFace\bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-23 1271808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-08 15872]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-06-02 114992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Vytene\Start Menu\Programs\Startup\
Live Redemption Checker.lnk - c:\program files\eC\LRC\LRC.exe [2011-3-19 2034176]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-19 113664]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"d:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\zMule\\zmule.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8373:TCP"= 8373:TCP:League of Legends Launcher
"8373:UDP"= 8373:UDP:League of Legends Launcher
"8374:TCP"= 8374:TCP:League of Legends Launcher
"8374:UDP"= 8374:UDP:League of Legends Launcher
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6888:TCP"= 6888:TCP:League of Legends Launcher
"6888:UDP"= 6888:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6931:TCP"= 6931:TCP:League of Legends Launcher
"6931:UDP"= 6931:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6889:TCP"= 6889:TCP:League of Legends Launcher
"6889:UDP"= 6889:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"6892:TCP"= 6892:TCP:League of Legends Launcher
"6892:UDP"= 6892:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher
.
R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2008.06.19 23:56 308248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011.02.04 15:00 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009.09.29 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009.09.29 13:05 96408]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2011.04.03 14:06 33824]
R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006.11.10 16:08 24064]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009.09.29 13:03 735960]
S2 gupdate;„Google“ atnaujinimo paslauga (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011.03.04 16:18 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010.09.20 16:20 1691480]
S3 GTMM Device Service;GTMM Device Service;c:\program files\Option\GlobeTrotter Mobility Manager\GtmmDeviceService.exe [2007.06.06 16:45 106496]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007.04.14 05:06 37120]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011.03.04 16:18 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [2011.06.16 23:06 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2011.06.16 23:06 53312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 01:32	128512	----a-w-	c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 13:18]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 13:18]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-838170752-1417001333-1004Core.job
- c:\documents and settings\Vytene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 13:18]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-838170752-1417001333-1004UA.job
- c:\documents and settings\Vytene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 13:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.lt/
mStart Page = hxxp://home.sweetim.com/?st=1
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Išsaugoti formas - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Pritaikyti meniu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RoboForm irankiu juosta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Užpildyti formas - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
TCP: DhcpNameServer = 217.17.85.1 217.17.85.2
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\documents and settings\Vytene\Application Data\Mozilla\Firefox\Profiles\7188euru.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.lt/firefox
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-10 - (no file)
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
AddRemove-Cradle Of Persia_is1 - d:\program files\Cradle Of Persia\ReflexiveArcade\unins000.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\uninstall.exe
AddRemove-IconPackager - c:\progra~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe
AddRemove-Jane's Hotel_is1 - c:\jane's hotel\unins000.exe
AddRemove-ZP--LineageII - d:\program files\LineageII_rusai\4GameUninstaller.exe LineageII  LineageII.exe system\l2.bin
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\relevantknowledge\rlvknlg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 14:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 6.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 6.0\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1772)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\LClock\LC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\RTHDCPL.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\MySQL\MySQL Server 6.0\bin\mysqld-nt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-08-25  14:27:18 - machine was rebooted
ComboFix-quarantined-files.txt  2011-08-25 11:27
.
Pre-Run: 2.776.186.880 bytes free
Post-Run: 2.772.586.496 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E3AA615A2559C815F5824AED08D9D2D7

How can I disable what it installed, shows up while PC is turning on

Edited by Meskis, 25 August 2011 - 05:33 AM.

[maliprog]

Hi Meskis,

How can I disable what it installed, shows up while PC is turning on

I don't know what are you referring on. If it's something from Combofix we will uninstall it after we clean your PC.




1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[Meskis]

I had to coppy only this:

c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

?

ComboFix 11-08-24.06 - Vytene 2011.08.25  19:42:09.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.2392 [GMT 3:00]
Running from: c:\documents and settings\Vytene\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Vytene\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\comct332.ocx
c:\windows\system32\zip32.dll
.
.
(((((((((((((((((((((((((   Files Created from 2011-07-25 to 2011-08-25  )))))))))))))))))))))))))))))))
.
.
2011-08-25 11:22 . 2011-08-25 11:22	--------	d-----w-	c:\windows\system32\xircom
2011-08-25 11:22 . 2011-08-25 11:22	--------	d-----w-	c:\windows\system32\wbem\snmp
2011-08-25 11:22 . 2011-08-25 11:22	--------	d-----w-	c:\program files\microsoft frontpage
2011-08-25 06:05 . 2011-08-25 06:05	302592	----a-w-	C:\0v84oyy5.exe
2011-08-24 23:50 . 2011-08-24 23:50	--------	d-----w-	c:\program files\AVAST Software
2011-08-24 13:22 . 2011-08-24 13:23	--------	d-----w-	c:\program files\Common Files\3DO Shared
2011-08-24 13:22 . 2011-08-24 13:22	--------	d-----w-	c:\program files\3DO
2011-08-24 10:20 . 2011-08-25 05:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVAST Software
2011-08-19 07:20 . 2011-08-20 10:31	--------	d-----w-	c:\program files\SweetIM
2011-08-19 07:20 . 2011-08-19 07:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\SweetIM
2011-08-19 07:16 . 2011-08-19 07:16	--------	d-----w-	c:\program files\2YourFace
2011-08-19 07:16 . 2011-08-12 06:28	785368	----a-w-	c:\program files\Mozilla Firefox\sqlite3.dll
2011-08-19 07:16 . 2011-08-19 07:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\Premium
2011-08-19 07:16 . 2011-08-19 07:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\InstallMate
2011-08-18 05:39 . 2011-08-12 05:57	134104	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-18 05:39 . 2011-08-12 05:57	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-08-18 05:39 . 2011-08-12 05:57	785368	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-18 05:39 . 2011-08-12 05:57	478168	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-18 05:39 . 2011-08-12 05:57	1846232	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-08-18 05:39 . 2011-08-12 05:57	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-18 05:39 . 2011-08-12 03:16	2106216	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-18 05:39 . 2011-08-12 03:16	1998168	----a-w-	c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-15 13:49 . 2011-08-15 13:49	111960	----a-w-	c:\windows\dxsdkuninst.exe
2011-08-15 10:44 . 2011-08-15 10:44	--------	d-----w-	c:\documents and settings\Vytene\Application Data\ImgBurn
2011-08-15 10:42 . 2011-08-15 10:42	--------	d-----w-	c:\program files\ImgBurn
2011-08-12 15:21 . 2011-08-12 15:21	--------	d-----w-	c:\documents and settings\Vytene\Application Data\Auslogics
2011-08-12 15:21 . 2011-08-12 15:21	--------	d-----w-	c:\program files\Auslogics
2011-08-09 18:20 . 2011-08-16 08:02	--------	d-----w-	c:\program files\WhoCrashed
2011-07-27 10:41 . 2011-08-16 21:58	--------	d-----w-	c:\documents and settings\Vytene\riotsGamesLogs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-04 21:46 . 2011-05-19 09:09	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 16:24 . 2011-06-16 20:06	53312	----a-w-	c:\windows\system32\drivers\pssdklbf.sys
2011-06-20 16:24 . 2011-06-16 20:06	36928	----a-w-	c:\windows\system32\drivers\pssdk40.sys
2011-08-12 05:57 . 2011-08-18 05:39	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . CD00787894008369F56153B91FC28847 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-19 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
(((((((((((((((((((((((((((((   SnapShot@2011-08-25_11.23.37   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-25 16:17 . 2011-08-25 16:17	16384              c:\windows\Temp\Perflib_Perfdata_304.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}]
2011-08-09 08:18	78848	----a-w-	c:\program files\2YourFace\bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-23 1271808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-08 15872]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-06-02 114992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Vytene\Start Menu\Programs\Startup\
Live Redemption Checker.lnk - c:\program files\eC\LRC\LRC.exe [2011-3-19 2034176]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-19 113664]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"d:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\zMule\\zmule.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8373:TCP"= 8373:TCP:League of Legends Launcher
"8373:UDP"= 8373:UDP:League of Legends Launcher
"8374:TCP"= 8374:TCP:League of Legends Launcher
"8374:UDP"= 8374:UDP:League of Legends Launcher
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6888:TCP"= 6888:TCP:League of Legends Launcher
"6888:UDP"= 6888:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6931:TCP"= 6931:TCP:League of Legends Launcher
"6931:UDP"= 6931:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6889:TCP"= 6889:TCP:League of Legends Launcher
"6889:UDP"= 6889:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"6892:TCP"= 6892:TCP:League of Legends Launcher
"6892:UDP"= 6892:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher
.
R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2008.06.19 23:56 308248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009.09.29 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009.09.29 13:05 96408]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2011.04.03 14:06 33824]
R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006.11.10 16:08 24064]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009.09.29 13:03 735960]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011.02.04 15:00 218688]
S2 gupdate;„Google“ atnaujinimo paslauga (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011.03.04 16:18 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010.09.20 16:20 1691480]
S3 GTMM Device Service;GTMM Device Service;c:\program files\Option\GlobeTrotter Mobility Manager\GtmmDeviceService.exe [2007.06.06 16:45 106496]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007.04.14 05:06 37120]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011.03.04 16:18 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [2011.06.16 23:06 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2011.06.16 23:06 53312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 01:32	128512	----a-w-	c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 13:18]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 13:18]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-838170752-1417001333-1004Core.job
- c:\documents and settings\Vytene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 13:18]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-838170752-1417001333-1004UA.job
- c:\documents and settings\Vytene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 13:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.lt/
mStart Page = hxxp://home.sweetim.com/?st=1
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Išsaugoti formas - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Pritaikyti meniu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RoboForm irankiu juosta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Užpildyti formas - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
TCP: DhcpNameServer = 217.17.85.1 217.17.85.2
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\documents and settings\Vytene\Application Data\Mozilla\Firefox\Profiles\7188euru.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.lt/firefox
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 19:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 6.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 6.0\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2011-08-25  19:50:02
ComboFix-quarantined-files.txt  2011-08-25 16:50
.
Pre-Run: 1.281.921.024 bytes free
Post-Run: 1.278.386.176 bytes free
.
- - End Of File - - F114322004018C513450AFDA09C97071

[maliprog]

Please don't run any scans if you are not clear what to do. You should copy and past TWO lines:

FCopy::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Please do last step again and post log.

[Meskis]

Sorry :/

ComboFix 11-08-25.01 - Vytene 2011.08.25  23:19:57.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.2334 [GMT 3:00]
Running from: c:\documents and settings\Vytene\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Vytene\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((   Files Created from 2011-07-25 to 2011-08-25  )))))))))))))))))))))))))))))))
.
.
2011-08-25 11:22 . 2011-08-25 11:22	--------	d-----w-	c:\windows\system32\xircom
2011-08-25 11:22 . 2011-08-25 11:22	--------	d-----w-	c:\windows\system32\wbem\snmp
2011-08-25 11:22 . 2011-08-25 11:22	--------	d-----w-	c:\program files\microsoft frontpage
2011-08-25 06:05 . 2011-08-25 06:05	302592	----a-w-	C:\0v84oyy5.exe
2011-08-24 23:50 . 2011-08-24 23:50	--------	d-----w-	c:\program files\AVAST Software
2011-08-24 13:22 . 2011-08-24 13:23	--------	d-----w-	c:\program files\Common Files\3DO Shared
2011-08-24 13:22 . 2011-08-24 13:22	--------	d-----w-	c:\program files\3DO
2011-08-24 10:20 . 2011-08-25 05:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVAST Software
2011-08-19 07:20 . 2011-08-20 10:31	--------	d-----w-	c:\program files\SweetIM
2011-08-19 07:20 . 2011-08-19 07:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\SweetIM
2011-08-19 07:16 . 2011-08-19 07:16	--------	d-----w-	c:\program files\2YourFace
2011-08-19 07:16 . 2011-08-12 06:28	785368	----a-w-	c:\program files\Mozilla Firefox\sqlite3.dll
2011-08-19 07:16 . 2011-08-19 07:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\Premium
2011-08-19 07:16 . 2011-08-19 07:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\InstallMate
2011-08-18 05:39 . 2011-08-12 05:57	134104	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-18 05:39 . 2011-08-12 05:57	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-08-18 05:39 . 2011-08-12 05:57	785368	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-18 05:39 . 2011-08-12 05:57	478168	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-18 05:39 . 2011-08-12 05:57	1846232	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-08-18 05:39 . 2011-08-12 05:57	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-18 05:39 . 2011-08-12 03:16	2106216	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-18 05:39 . 2011-08-12 03:16	1998168	----a-w-	c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-15 13:49 . 2011-08-15 13:49	111960	----a-w-	c:\windows\dxsdkuninst.exe
2011-08-15 10:44 . 2011-08-15 10:44	--------	d-----w-	c:\documents and settings\Vytene\Application Data\ImgBurn
2011-08-15 10:42 . 2011-08-15 10:42	--------	d-----w-	c:\program files\ImgBurn
2011-08-12 15:21 . 2011-08-12 15:21	--------	d-----w-	c:\documents and settings\Vytene\Application Data\Auslogics
2011-08-12 15:21 . 2011-08-12 15:21	--------	d-----w-	c:\program files\Auslogics
2011-08-09 18:20 . 2011-08-16 08:02	--------	d-----w-	c:\program files\WhoCrashed
2011-07-27 10:41 . 2011-08-16 21:58	--------	d-----w-	c:\documents and settings\Vytene\riotsGamesLogs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-04 21:46 . 2011-05-19 09:09	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-20 16:24 . 2011-06-16 20:06	53312	----a-w-	c:\windows\system32\drivers\pssdklbf.sys
2011-06-20 16:24 . 2011-06-16 20:06	36928	----a-w-	c:\windows\system32\drivers\pssdk40.sys
2011-08-12 05:57 . 2011-08-18 05:39	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-08-25_11.23.37   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-25 17:39 . 2011-08-25 17:39	16384              c:\windows\Temp\Perflib_Perfdata_374.dat
+ 2008-06-19 20:43 . 2008-06-20 11:51	361600              c:\windows\system32\dllcache\tcpip.sys
- 2008-06-20 11:51 . 2008-06-20 11:51	361600              c:\windows\system32\dllcache\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}]
2011-08-09 08:18	78848	----a-w-	c:\program files\2YourFace\bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-23 1271808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\LClock\LClock.exe" [2004-09-19 65536]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-08 15872]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-06-02 114992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\Vytene\Start Menu\Programs\Startup\
Live Redemption Checker.lnk - c:\program files\eC\LRC\LRC.exe [2011-3-19 2034176]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-19 113664]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"d:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\zMule\\zmule.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8373:TCP"= 8373:TCP:League of Legends Launcher
"8373:UDP"= 8373:UDP:League of Legends Launcher
"8374:TCP"= 8374:TCP:League of Legends Launcher
"8374:UDP"= 8374:UDP:League of Legends Launcher
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6888:TCP"= 6888:TCP:League of Legends Launcher
"6888:UDP"= 6888:UDP:League of Legends Launcher
"6957:TCP"= 6957:TCP:League of Legends Launcher
"6957:UDP"= 6957:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6931:TCP"= 6931:TCP:League of Legends Launcher
"6931:UDP"= 6931:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6889:TCP"= 6889:TCP:League of Legends Launcher
"6889:UDP"= 6889:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"6892:TCP"= 6892:TCP:League of Legends Launcher
"6892:UDP"= 6892:UDP:League of Legends Launcher
"6882:TCP"= 6882:TCP:League of Legends Launcher
"6882:UDP"= 6882:UDP:League of Legends Launcher
.
R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2008.06.19 23:56 308248]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009.09.29 13:02 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009.09.29 13:05 96408]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2011.04.03 14:06 33824]
R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006.11.10 16:08 24064]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009.09.29 13:03 735960]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011.02.04 15:00 218688]
S2 gupdate;„Google“ atnaujinimo paslauga (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011.03.04 16:18 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010.09.20 16:20 1691480]
S3 GTMM Device Service;GTMM Device Service;c:\program files\Option\GlobeTrotter Mobility Manager\GtmmDeviceService.exe [2007.06.06 16:45 106496]
S3 GTUQBUS;GT UQ BUS;c:\windows\system32\drivers\gtuqbus.sys [2007.04.14 05:06 37120]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011.03.04 16:18 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk40;PsSdk40;c:\windows\system32\drivers\pssdk40.sys [2011.06.16 23:06 36928]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.sys [2011.06.16 23:06 53312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 01:32	128512	----a-w-	c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 13:18]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-04 13:18]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-838170752-1417001333-1004Core.job
- c:\documents and settings\Vytene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 13:18]
.
2011-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-838170752-1417001333-1004UA.job
- c:\documents and settings\Vytene\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-23 13:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.lt/
mStart Page = hxxp://home.sweetim.com/?st=1
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Išsaugoti formas - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Pritaikyti meniu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RoboForm irankiu juosta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Užpildyti formas - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
TCP: DhcpNameServer = 217.17.85.1 217.17.85.2
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\documents and settings\Vytene\Application Data\Mozilla\Firefox\Profiles\7188euru.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.lt/firefox
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 23:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 6.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 6.0\my.ini\" MySQL"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2364)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\LClock\LC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-25  23:27:45
ComboFix-quarantined-files.txt  2011-08-25 20:27
.
Pre-Run: 1.286.295.552 bytes free
Post-Run: 1.277.177.856 bytes free
.
- - End Of File - - 1A3A28343EB852B009243000EE3BFC46

[maliprog]

Hi Meskis,

Good job! How is your system now? Problems?

[Meskis]

Will write if get any BSOD

[maliprog]

OK. Test it for one day but don't forget to come back with results

[Meskis]

Well, now when uTorrent is on, internet speed is much lower, that didn't used to be. What to do? I don't want to change anything

[maliprog]

We don't offer help on P2P software. In fact I would ask that you uninstall uTorrent.

Here is a good reason to remove them:

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

If you don't have any problem I would remove my programs from your system and clean it up.

[Meskis]

Still get BSOD from that annoying igxpdx32.DLL :/

[maliprog]

Hi Meskis,

I guess you have shared memory on your notebook. Let's try to change the size in BIOS. You can enter BIOS by typing DEL, F2 or F10 after you restart your system. You'll get message something like: Press F2 to run Settup.

The Video Aperture is located in your BIOS settings. On modern computer the aperture ranges from 32mb to 256mb in size. Make the Aperture no larger than ¼ the size of your System Memory (RAM). Example: If you have 512MB of RAM then the Aperture should not be larger than 128MB in size.

Can you try to change this settings in BIOS and try if you get BSOD again.