Hello all

I need to have someone look over this log for me if you will.
Most of my programs are not showing in add/remove only a hand full maybe 8 or so.
here is My log any insight or guidance would be most certainly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 10:28:59 AM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\WINDOWS\system32\umonit.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Matthew\Desktop\HijackThis\hjt.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pages.ebay.com/ebay_toolbar/app/congrats.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143851005685
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: PFW - C:\WINDOWS\SYSTEM32\UmxWnp.Dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BHNXVIFDQ - Unknown owner - C:\DOCUME~1\Matthew\LOCALS~1\Temp\BHNXVIFDQ.exe (file missing)
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Thanks again in adavance


D_N_M

Hi D_N_M,

i see you have a log posted in another forum here: http://pctechforums.com/viewtopic.php?p=38255

I also see that you are a regular over there. I can help you with this log if you want, but you will need to post in the other thread that you are getting help elsewhere. There are too many people needing help with logs to take up the time of mare than one malware removal specialist. I can understand why you might post in different forums but it is very frowned on.

If you still want help here, please post a new log so I can see if anything has changed. If you have not done so already, please do the initial cleanup steps in the following instructions before posting your new log: Preparation Guide For Use Before Posting A Hijackthis Log

A new version of HijackThis has now been released, so before you repost your log please download and install the new version. In order to get some additional information please do this in the following way:

1. Open Add or Remove Programs via Control Panel and uninstall HijackThis 1.99.1
2. Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges and it is best to run DSS from your Desktop.
3. Close all applications and windows.
4. Double-click on dss.exe to run it, and OK the disclaimer.
5. When the screen in the image below appears, click Yes and follow the promts to download the new version of HijackThis. Please tell your firewall to allow this download.



Note that a shortcut to HijackThis will appear on your desktop and you can run it from there when asked for a follow up log.

6. DSS will now scan your computer. If you get a warning from your anit-virus, please allow it as the scan is not harmful.
7. When complete, two text files will open - main.txt that will include a HijackThis log<- this one will be maximized and extra.txt <-this one will be minimized
8. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\DOCUMENTS and Settings\Matthew\LOCAL Settings\Temp\BHNXVIFDQ.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/flash/index_en.html

Note that you may not be able to find this file--if not don't worry about it and just let me know.

hello Papakid and thank you for taking the time to help.
My apologies for posting on different forums was just wanting to know if anyone else had come across this problem.
Anyway I deleted the file several days ago. here is a new log and my apologies again. Thank you D_N_M



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:01 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\WINDOWS\system32\umonit.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Documents and Settings\Matthew\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pages.ebay.com/ebay_toolbar/app/congrats.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143851005685
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8299 bytes

OK--so was the Add/Remove problem solved when you deleted that service?

I just glanced over your other logs in the other forum and saw that randomly named files in your Temp folder were being generated and running as a service--there was some talk it may have been RootkitRevealer doing that, but I will have to read it more closely to get a better idea. Are you running RKR again?

If something else is generating those services and/or causing the issue you describe, we can look closer by running the DSS scan as I already instructed, but instead of clicking Yes to download HijackThis, click Cancel to run the HJT emulator.

Also your Java is outdated. For some reason Sun will also leave older versions of Java behind, which is a security risk, because they are unpatched and still can be called on to run. This also often leads to corruption of Java's cache so please try this:

Download and install CCleaner.
(Starting with v1.27.260, the standard build installs the Yahoo Toolbar as an option which is checkmarked by default during the installation. IF you do NOT want it, remove the checkmark when provided with the option OR download the toolbarfree Basic version instead.)

*After installation, see the Using and Understanding CCleaner Tutorial. Don't run it just yet.

-Go to Start > Control Panel double-click on the Software icon > add/remove programs.
-Search in the list for ALL installed versions of Java. (J2SE Runtime Environment.... )
It should have this icon next to it:
Select each and click Remove.

Run CCleaner to clear out your Java cache and other junk files--I don't trust the issues function, so suggest you leave that button alone for now.

Then Download and install the newest Java version from here: http://www.java.com/en/download/manual.jsp

The random named files being generated was a problem awhile ago it was a trojan generating them. I stiil only have about 9 programs in add/remove the rest are not being listed or gone but my programs run as normal. and I have no remove button in add/remove for the java 5.0 so we'll have to remove it another way it says it 120 mb's .I have the dss and HJT log


Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.50GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 511.3 MiB / 227.29 MiB
Pagefile Memory (total/avail): 1246.42 MiB / 911.48 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1970.78 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 93.15 GiB total, 83.16 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: CA Personal Firewall 9.1.0.33 v9.1.0.33 (CA)
AV: CA Anti-Virus v8.4.0.24 (CA, Inc.)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Matthew\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D_N_M
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Matthew
LOGONSERVER=\\D_N_M
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Matthew\LOCALS~1\Temp
TMP=C:\DOCUME~1\Matthew\LOCALS~1\Temp
tvdumpflags=10
USERDOMAIN=D_N_M
USERNAME=Matthew
USERPROFILE=C:\Documents and Settings\Matthew
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Matthew (admin)
Your Daddy (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
CA Internet Security Suite --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
HijackThis 2.0.2 --> "C:\Documents and Settings\Matthew\Desktop\HijackThis.exe" /uninstall
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}


-- End of Deckard's System Scanner: finished at 2007-07-18 at 05:54:01 ---------



Deckard's System Scanner v20070711.54
Run by Matthew on 2007-07-18 at 05:49:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
82: 2007-07-18 10:49:20 UTC - RP113 - Deckard's System Scanner Restore Point
81: 2007-07-18 10:43:06 UTC - RP112 - Installed Java™ 6 Update 2
80: 2007-07-17 22:36:05 UTC - RP111 - System Checkpoint
79: 2007-07-16 22:10:37 UTC - RP110 - System Checkpoint
78: 2007-07-15 21:58:35 UTC - RP109 - System Checkpoint


-- First Restore Point --
1: 2007-04-19 10:42:19 UTC - RP32 - Software Distribution Service 2.0


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Matthew.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:01 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\WINDOWS\system32\umonit.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Documents and Settings\Matthew\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pages.ebay.com/ebay_toolbar/app/congrats.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143851005685
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8299 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 PavProc (Panda Process Protection Driver) - c:\windows\system32\drivers\pavproc.sys <Not Verified; Panda Software; PandaShield>
R3 KeyScrambler - c:\windows\system32\drivers\keyscrambler.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S2 TICLDXTW - c:\windows\system32\ticldxtw.fjj (file missing)
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 fixustor - c:\windows\system32\drivers\fixustor.sys <Not Verified; Genesys Logic; USB storage patch driver>
S3 xbreader (MaxDrive XBox Driver (xbreader.sys)) - c:\windows\system32\drivers\xbreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 XIRLINK (eVision 123 digital camera) - c:\windows\system32\drivers\ucdnt.sys <Not Verified; Xirlink, Inc; Xirlink Digital Video PC Camera>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 RP_FWS (Verizon Internet Security Suite Firewall) - c:\program files\verizon\verizon internet security suite\fws.exe (file missing)
S3 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>
S4 ARSXCSIJ - c:\docume~1\matthew\locals~1\temp\arsxcsij.exe (file missing)
S4 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)
S4 BHNXVIFDQ - c:\docume~1\matthew\locals~1\temp\bhnxvifdq.exe (file missing)
S4 CBVQOUQLSPHMB - c:\docume~1\matthew\locals~1\temp\cbvqouqlsphmb.exe (file missing)
S4 ERZCXYMIU - c:\docume~1\matthew\locals~1\temp\erzcxymiu.exe (file missing)
S4 GVAA - c:\docume~1\matthew\locals~1\temp\gvaa.exe (file missing)
S4 ISZXTDWMR - c:\docume~1\matthew\locals~1\temp\iszxtdwmr.exe (file missing)
S4 JG - c:\docume~1\matthew\locals~1\temp\jg.exe (file missing)
S4 JOAAHW - c:\docume~1\matthew\locals~1\temp\joaahw.exe (file missing)
S4 KKLERIOXO - c:\docume~1\matthew\locals~1\temp\kklerioxo.exe (file missing)
S4 KMSJCFTNBXBDZJ - c:\docume~1\matthew\locals~1\temp\kmsjcftnbxbdzj.exe (file missing)
S4 QLWTILUIM - c:\docume~1\matthew\locals~1\temp\qlwtiluim.exe (file missing)
S4 WIVCHC - c:\docume~1\matthew\locals~1\temp\wivchc.exe (file missing)
S4 WJRZY - c:\docume~1\matthew\locals~1\temp\wjrzy.exe (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-07-17 21:41:21 518 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Matthew at 8 39 PM.job
2007-07-12 10:11:57 518 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Matthew at 10 11 AM.job


-- Files created between 2007-06-18 and 2007-07-18 -----------------------------

2007-07-12 10:11:35 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2007-07-12 10:11:34 0 d-------- C:\Program Files\CA
2007-07-12 09:16:13 0 d-------- C:\Program Files\Add Remove Pro
2007-07-11 19:19:20 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6
2007-07-04 08:33:32 0 d-------- C:\Documents and Settings\Matthew\Application Data\iWin
2007-07-04 07:23:10 0 d-------- C:\Program Files\Yahoo! Games
2007-07-02 18:42:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-06-28 05:01:40 0 d-------- C:\Documents and Settings\Your Daddy\Application Data\TrojanHunter


-- Find3M Report ---------------------------------------------------------------

2007-07-18 05:44:47 0 d-------- C:\Program Files\Java
2007-07-05 19:57:10 0 d-------- C:\Documents and Settings\Matthew\Application Data\Yahoo!
2007-07-01 13:14:24 0 d-------- C:\Program Files\Yahoo!
2007-06-11 12:55:30 0 d-------- C:\Documents and Settings\Matthew\Application Data\TrojanHunter
2007-06-04 18:19:21 0 d-------- C:\Program Files\Windows Media Connect 2
2007-05-28 15:36:44 0 d-------- C:\Program Files\Common Files\Scanner


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{2B9F5787-88A5-4945-90E7-C4B18563BC5E} C:\Program Files\KeyScrambler\KeyScramblerIE.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"A Verizon App"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\VERIZO~1.EXE"
"UMonit"="C:\\WINDOWS\\system32\\umonit.exe"
"cctray"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""
"cafwc"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\cafw.exe -cl"
"capfasem"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\capfasem.exe"
"capfupgrade"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\capfupgrade.exe"
"QOELOADER"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.1.17.0\\QOELoader.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SanDisk\\SANDIS~1\\SDMONI~1.EXE -r"
"item"="Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fm3032"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 4200 Series\\Fax\\fm3032.exe\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbmbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 4200 Series\\lxbmbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="type32"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ybrwicon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMusicEngine"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe\" -preload"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="yop"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGARCLN


-- End of Deckard's System Scanner: finished at 2007-07-18 at 05:54:01 ---------

Thanks again Papakid

OK, well you do seem to have some malware that I haven't been able to identify yet. This is probably why those services running from the temp folder keep coming back, generating new ones. BTW, those old services you thought you were rid of are still there; it takes more than deleting files and the sc delete command your helper in the other forum used was incorrect to remove them from the registry. They are stopped and the file is gone so shouldn't be doing any harm but we can clear them a little later.

RKR does run as a service from a temp directory, but that is not very well documented and the filepaths for the ones I've seen look a little different. It is still possible that RKR used a different method to conceal its presence from rootkits. This is why I asked if you RKR installed or have run it lately. To rule certain things out and get information obout what exactly is going on I need for you to answer my questions and follow all instructions exactly. No need to apologize, just make it easier for me to guide you thru this.

I still don't see where you've informed the other forum that they can close the thread. I'm not claiming to be better, it is actually a courtesy to them and to me. If you want them to help you that is fine--I'm going to give you some instructions but won't be able to continue after that if you might get pulled off in a different direction by leaving it open.

First I would like for you to answer the following:

1. Can you confirm for me whether or not you did the precelaning steps in the prep guide as I asked earlier?

2. You have signs of previous installs of Norton and Panda, altho the latter could be the result of running their online scanner. There was also some talk in previous threads about having two firewalls installed. Since Add/Remove list is still not right, please list antivirus and Firewall programs you ever had installed and any that may still be installed but have been disabled. Don't worry about online scanners, just let me know if you used Panda's or had tried out a full install before.

To be frank, with the former use of multiple AV's/firewalls and possible rootkit and trojan damage, your best bet may be to reformat and start fresh. Rootkits alone is a good enough reason, as there is no guarantee you will be able to find all elements of it, sensitive (personal) information on your system may already have been lost and malware now causes so much damage that trying to repair it all is an exercise in futility. Plus some of the larger commercial AV's like Norton are known to corrupt systems on their own--moreso when you try to run another AV with them. Reformatting is what I would do if this were my system.

Please read these articles:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Help: I Got Hacked. Now What Do I Do? Part II

If you want to continue, let's do a combination of cleaning, gathering some more information and getting set up for the main fix.

First, put HijackThis into its own folder. When we fix items, a backups folder will be created on your desktop--best to keep them together so the backups don't get accidentally deleted. Right click on your Desktop, choose New>Folder, name it HJT or whatever you like, then drag HijackThis execute into it.

Open HijackThis, do a scan only and put a check next to the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab

Close all other windows--you should only see HijackThis on your Desktop and Taskbar--and then click the "Fix checked" button. Exit HijackThis and reboot.

Please download Combofix to your desktop. If you have run any previous versions of this tool, delete them and C:\QooBox folder. CF must be run from the desktop.

Doubleclick ComboFix.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt. Note that some cleaning may require a reboot, so it won't be finished until that is done.

Post this log in your next reply.

Please perform this online scan: Kaspersky Webscan

Note that you need to run this scan with Internet Explorer for it to work correctly.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. When the scan is complete choose save the results by clicking "Save Report As HTML" Give the Report a name and save it to your desktop. If you have any problem saving the report, copy its text to the clipboard, then paste it into an empty Notepad and save it to your desktop.
9. Post the Kaspersky scan results in your next reply.

If you have any problem running the scan to completion, disable your Antivirus temporarily, just be sure to re-enable when done.

Download Registry Search.

- Create a new folder on your desktop named Regsearch
- Extract regsearch.zip file to the newly created folder.
- Open the Regsearch folder and double click regsearch.exe to start the program.
- Use copy and paste to enter the following bold text to search for and click OK. Note: Enter each search term one at a time so that each one is on a seperate line in RegSearch.

ticldxtw.fjj
co_mon.sys
Uninstall

- Notepad will be opened with text in it (the file will also be saved in the Regsearch folder as well).

Post this text in your next reply.

Please post all the logs and information I've asked for--if the logs are too long for one post, please post more than once. This may not solve the Add/Remove issue yet, but let me know how things are running after this.

Papakid

I did the precleaning as asked
I had Norton installed for about a week and realized what a HEAVY program that was and a resource hog as far as Panda that would have been an online scan
As far as Firewalls the one with Norton there was one in the internet security suite from verizon but that was only active for a week or 2 and discontinued there protection because I bought the etrust internet security suite and have had them for over a year so that is the only firewall running.
here is the combofix log

"Matthew" - 2007-07-18 16:27:05 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\winbl32.dll


((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))


2007-07-18 05:48 <DIR> d-------- C:\Deckard
2007-07-15 21:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-07-12 10:14 630,200 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-12 10:14 108,392 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-12 10:12 99,904 --a------ C:\WINDOWS\system32\isafeif.dll
2007-07-12 10:12 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-07-12 10:12 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-07-12 10:12 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-07-12 10:12 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-07-12 10:12 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-07-12 10:11 <DIR> d-------- C:\Program Files\CA
2007-07-12 10:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-07-12 09:16 <DIR> d-------- C:\Program Files\Add Remove Pro
2007-07-04 08:33 <DIR> d-------- C:\DOCUME~1\Matthew\APPLIC~1\iWin
2007-07-04 07:23 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-06-28 05:01 <DIR> d-------- C:\DOCUME~1\YOURDA~1\APPLIC~1\TrojanHunter


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-16 02:06:00 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-07-16 02:06:00 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-07-16 02:06:00 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-07-16 02:06:00 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-07-16 02:06:00 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-07-16 02:06:00 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-07-16 02:06:00 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-07-16 02:06:00 51,966 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-07-06 00:57:10 -------- d-----w C:\DOCUME~1\Matthew\APPLIC~1\Yahoo!
2007-07-01 18:14:24 -------- d-----w C:\Program Files\Yahoo!
2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-11 17:55:30 -------- d-----w C:\DOCUME~1\Matthew\APPLIC~1\TrojanHunter
2007-06-04 23:19:21 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-31 18:47:06 114,448 ----a-w C:\WINDOWS\system32\drivers\KmxFw.sys
2007-05-31 18:47:04 92,432 ----a-w C:\WINDOWS\system32\drivers\KmxStart.sys
2007-05-31 18:47:04 256,784 ----a-w C:\WINDOWS\system32\UmxSbxw.dll
2007-05-31 18:47:04 126,224 ----a-w C:\WINDOWS\system32\drivers\KmxCF.sys
2007-05-31 18:47:02 117,520 ----a-w C:\WINDOWS\system32\UmxSbxExw.dll
2007-05-28 20:36:44 -------- d-----w C:\Program Files\Common Files\Scanner
2007-05-18 19:30:00 89,096 ----a-w C:\WINDOWS\system32\drivers\KmxCfg.sys
2007-05-18 19:30:00 63,496 ----a-w C:\WINDOWS\system32\drivers\KmxSbx.sys
2007-05-18 19:30:00 61,960 ----a-w C:\WINDOWS\system32\drivers\KmxAgent.sys
2007-05-18 19:30:00 45,064 ----a-w C:\WINDOWS\system32\drivers\KmxFile.sys
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-02 23:48:11 95,760 ----a-w C:\avshlext.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 16:36:06 79,424 ----a-w C:\WINDOWS\system32\vetredir.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2007-05-30 16:18 808472 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
2006-11-25 20:19 705024 --a------ C:\Program Files\KeyScrambler\KeyScramblerIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 00:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 16:20]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-12 12:18]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-06-12 12:32]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-06-01 14:14]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-06-01 14:14]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-06-01 14:07]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe" [2007-07-12 14:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-07-02 18:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll --a------ 2006-11-17 22:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk
backup=C:\WINDOWS\pss\Monitor.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

*Newly Created Service* - AVGARCLN
*Newly Created Service* - AVG_ANTI-ROOTKIT

Contents of the 'Scheduled Tasks' folder
2007-07-12 15:11:57 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Matthew at 10 11 AM.job
2007-07-18 02:41:21 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Matthew at 8 39 PM.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-18 16:32:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-18 16:36:36
C:\ComboFix-quarantined-files.txt ... 2007-07-18 16:36
C:\ComboFix2.txt ... 2007-05-11 00:12
C:\ComboFix3.txt ... 2007-05-10 10:31

--- E O F ---


Kaspersky just simply would not work no matter what I did


Here is the RegSearch log

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 7/18/2007 5:07:46 PM for strings:
; 'ticldxtw.fjj'
; 'co_mon.sys'
; 'uninstall '
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60F6E467-4DEF-11d2-B2D9-00C04F8EEC8C}]
@="Uninstall Prop Bag"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67cf8cbd-e5c0-44f7-9de5-e1d599d626d8}]
@="OS Uninstall Disk Cleaner"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Multimedia\Components\Installed\setup_wmsetsdk10]
"DESCRIPTION"="Windows Media Setup provides AutoUpdate, install, and uninstall capabilities for Windows Media Player. This component must be installed for the software to function."

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Multimedia\Components\Installed\setup_WMSETUP10]
"DESCRIPTION"="Windows Media Setup provides AutoUpdate, install, and uninstall capabilities for Windows Media Player. This component must be installed for the software to function."

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\ath:7.0\UninstCall0]
@="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\faus3270.dll\" OnUninstall "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File11]
@="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Real\\RealPlayer\\Uninstall RealPlayer.lnk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\MSG:7.0\UninstCall0]
@="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\rnms3270.dll\" OnUninstall "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\PlayerUninstBegin:6.0\DisplayName]
@="RealPlayer Uninstall Component 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\PlayerUninstEnd:6.0\DisplayName]
@="RealPlayer Uninstall Component 2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\recordengine:1.0\UninstCall0]
@="\"C:\\Program Files\\Common Files\\Real\\RCAPlugins\\locd3210.dll\" OnUninstall "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\rfxinst:7.0\UninstCall0]
@="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\nprfxins.dll\" EX_Uninstall NoParam"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\RNAdmin:0.1\UninstCall0]
@="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\rnad3201.dll\" OnUninstall "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8E62F83D-3F34-482A-8D51-B695DA69A995}\1.0]
@="VZGUninstall 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup\IEHomePageInfo]
"BackupFileName"="C:\\Program Files\\Uninstall Information\\IEHomePageInfo\\IEHomePageInfo.DAT"
"BackupPath"="C:\\Program Files\\Uninstall Information\\IEHomePageInfo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 2.0\KB917283]
"UninstallCommand"="C:\\WINDOWS\\system32\\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 2.0\KB922770]
"UninstallCommand"="C:\\WINDOWS\\system32\\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Microsoft .NET Framework 2.0\KB928365]
"UninstallCommand"="C:\\WINDOWS\\system32\\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Uninstall Backup Image]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Uninstall Backup Image]
"Description"="These files are needed if you want to uninstall this version of Windows and return back to your previous operating system."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB928365.T1_1ToU569_1]
"UninstallString"="C:\\WINDOWS\\system32\\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\2.0.0.4 (en-US)\Uninstall]
"Uninstall Log Folder"="C:\\Program Files\\Mozilla Firefox\\uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\MailTo]
"UninstallSuccessMsg"="Yahoo! Mail uninstall was completed successfully."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CO_Mon]
; Contents of value:
; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,44,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,43,00,4f,00,5f,00,\
4d,00,6f,00,6e,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TICLDXTW]
; Contents of value:
; \??\C:\WINDOWS\system32\ticldxtw.fjj
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,74,00,69,00,63,00,6c,00,64,00,78,00,74,00,77,00,2e,00,66,00,6a,00,\
6a,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\CO_Mon]
; Contents of value:
; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,44,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,43,00,4f,00,5f,00,\
4d,00,6f,00,6e,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TICLDXTW]
; Contents of value:
; \??\C:\WINDOWS\system32\ticldxtw.fjj
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,74,00,69,00,63,00,6c,00,64,00,78,00,74,00,77,00,2e,00,66,00,6a,00,\
6a,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\CO_Mon]
; Contents of value:
; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,44,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,43,00,4f,00,5f,00,\
4d,00,6f,00,6e,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\TICLDXTW]
; Contents of value:
; \??\C:\WINDOWS\system32\ticldxtw.fjj
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,74,00,69,00,63,00,6c,00,64,00,78,00,74,00,77,00,2e,00,66,00,6a,00,\
6a,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CO_Mon]
; Contents of value:
; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,44,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,43,00,4f,00,5f,00,\
4d,00,6f,00,6e,00,2e,00,73,00,79,00,73,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TICLDXTW]
; Contents of value:
; \??\C:\WINDOWS\system32\ticldxtw.fjj
"ImagePath"=hex(2):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,\
44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,\
00,5c,00,74,00,69,00,63,00,6c,00,64,00,78,00,74,00,77,00,2e,00,66,00,6a,00,\
6a,00,00,00

; End Of The Log...

Will post back with a new HJT log

D_N_M

Here is the HJT log Thanks again for your help and I have asked for the other thread to be closed on the other forum


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:25 PM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\WINDOWS\system32\umonit.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Matthew\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pages.ebay.com/ebay_toolbar/app/congrats.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143851005685
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Unknown owner - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Thanks for posting to the other forums. My apologies for not getting back to you sooner--the board was down for most of the time I have a window for working logs, and I have some others pending that have taken up my time. Unfortunately I haven't had time to look your log over as closely as I would like and have to be off to work soon, so I need to ask that you be patient with me and I will get back to you this evening.

I can tell you that CF did remove some other trojan files, if this has helped let me know.

Also, Norton is known to bork systems, especially when uninstalled. I've been seeing people have problems with Norton Internet Worm Protection, which is basically a frewall imbedded in the AV and leaving leftovers like what is found in your DSS log. This may have something to do with your Add/Remove problem so in the meantime please run the Norton removal tool by following these instructions: http://www.bleepingcomputer.com/forums/topic42247.html

Let me know how that goes.

Hello Papakid
I did the removal but the tool on the link you gave Me is (Expired) but was able to get a current one.And I did the removal and then it restarted the PC and the same popup from the (Windows security shield) said Norton internet worm was disabled ??? So evidently it's still there it also disables My Windows Firewall as well in which I don't really care cause it's a useless Firewall anyway but just thought you might want all the details.

Thanks again I await your next set of instructions
D_N_M

Sorry again for the delay.

Your firewall situation is a bit puzzling. I believe I've Identified the service for Verizon's Norton, altho it is usually associated with RadialPoint, along with another stray Norton service. Not exactly sure why Norton's removal tool didn't help altho I have an idea--and the download link works for me. I'll have you delete the Norton services and we can try to further straighten out later.

Open notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Additonally, ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip
Please submit this file to: http://www.bleepingcomputer.com/submit-malware.php

Print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
• Finally copy and paste the contents of the results file Report.txt in your next reply.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%DoctorWebquarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Post a fresh HijackThis log please.

Let me know how it goes. The add remove problem is a puzzle--did you download Add Remove Pro in an attempt to fix it and if so how did it go? I didn't see what I expected to with the RegSearch.

Hello Papakid
I submitted the file from from combofix to the link
here are the results from SDFix


SDFix: Version 1.92

Run by Matthew on Fri 07/20/2007 at 09:08 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\REGER.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINSRV32.EXE - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\WINDOWS\uccspecb.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished


here is the log from DrWeb

popcaploader.dll;C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files;Program.PopcapLoader;;
Process.exe;C:\SDFix\apps;Tool.Prockill;;

And the add/remove pro was downloaded as an attempt to repair the list but to no avail.

Here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:34 AM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Documents and Settings\Matthew\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pages.ebay.com/ebay_toolbar/app/congrats.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143851005685
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 7553 bytes


Thanks
D_N_M

Please post the CF log from C:\ComboFix.txt as well.

Sorry I missed that one

"Matthew" - 2007-07-20 8:19:07 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Matthew\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Matthew\Application Data\iWin


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ARSXCSIJ
-------\LEGACY_BHNXVIFDQ
-------\LEGACY_CBVQOUQLSPHMB
-------\LEGACY_ERZCXYMIU
-------\LEGACY_GVAA
-------\LEGACY_ISZXTDWMR
-------\LEGACY_JG
-------\LEGACY_JOAAHW
-------\LEGACY_KKLERIOXO
-------\LEGACY_KMSJCFTNBXBDZJ
-------\LEGACY_PAVPROC
-------\LEGACY_QLWTILUIM
-------\LEGACY_RP_FWS
-------\LEGACY_TICLDXTW
-------\LEGACY_WIVCHC
-------\LEGACY_WJRZY
-------\ARSXCSIJ
-------\BHNXVIFDQ
-------\CBVQOUQLSPHMB
-------\ERZCXYMIU
-------\GVAA
-------\ISZXTDWMR
-------\JG
-------\JOAAHW
-------\KKLERIOXO
-------\KMSJCFTNBXBDZJ
-------\PavProc
-------\QLWTILUIM
-------\RP_FWS
-------\TICLDXTW
-------\WIVCHC
-------\WJRZY


((((((((((((((((((((((((( Files Created from 2007-06-20 to 2007-07-20 )))))))))))))))))))))))))))))))


2007-07-18 17:24 <DIR> d-------- C:\Program Files\CCleaner
2007-07-18 05:48 <DIR> d-------- C:\Deckard
2007-07-15 21:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-07-12 10:14 630,200 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-12 10:14 108,392 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-12 10:12 99,904 --a------ C:\WINDOWS\system32\isafeif.dll
2007-07-12 10:12 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-07-12 10:12 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-07-12 10:12 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-07-12 10:12 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-07-12 10:12 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-07-12 10:11 <DIR> d-------- C:\Program Files\CA
2007-07-12 10:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-07-12 09:16 <DIR> d-------- C:\Program Files\Add Remove Pro
2007-07-04 07:23 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-06-28 05:01 <DIR> d-------- C:\DOCUME~1\YOURDA~1\APPLIC~1\TrojanHunter


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 13:24:46 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-07-20 13:24:46 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-07-20 13:24:46 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-07-20 13:24:46 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-07-20 13:24:46 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-07-20 13:24:46 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-07-20 13:24:46 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-07-20 13:24:46 58,046 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-07-19 22:49:37 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-18 22:31:42 -------- d-----w C:\Program Files\ewido anti-malware
2007-07-06 00:57:10 -------- d-----w C:\DOCUME~1\Matthew\APPLIC~1\Yahoo!
2007-07-01 18:14:24 -------- d-----w C:\Program Files\Yahoo!
2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-11 17:55:30 -------- d-----w C:\DOCUME~1\Matthew\APPLIC~1\TrojanHunter
2007-06-04 23:19:21 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-31 18:47:06 114,448 ----a-w C:\WINDOWS\system32\drivers\KmxFw.sys
2007-05-31 18:47:04 92,432 ----a-w C:\WINDOWS\system32\drivers\KmxStart.sys
2007-05-31 18:47:04 256,784 ----a-w C:\WINDOWS\system32\UmxSbxw.dll
2007-05-31 18:47:04 126,224 ----a-w C:\WINDOWS\system32\drivers\KmxCF.sys
2007-05-31 18:47:02 117,520 ----a-w C:\WINDOWS\system32\UmxSbxExw.dll
2007-05-28 20:36:44 -------- d-----w C:\Program Files\Common Files\Scanner
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-02 23:48:11 95,760 ----a-w C:\avshlext.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 16:36:06 79,424 ----a-w C:\WINDOWS\system32\vetredir.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2007-05-30 16:18 808472 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
2006-11-25 20:19 705024 --a------ C:\Program Files\KeyScrambler\KeyScramblerIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 00:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 16:20]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-12 12:18]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-06-12 12:32]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-06-01 14:14]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-06-01 14:14]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-06-01 14:07]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe" [2007-07-12 14:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-07-02 18:40]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk
backup=C:\WINDOWS\pss\Monitor.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart


Contents of the 'Scheduled Tasks' folder
2007-07-12 15:11:57 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Matthew at 10 11 AM.job
2007-07-18 02:41:21 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Matthew at 8 39 PM.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-20 08:41:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-20 8:52:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-20 08:52
C:\ComboFix2.txt ... 2007-07-18 16:36

--- E O F ---

OK, CF was unable to copy CO_Mon.sys to the zip you submitted, apparently because the file no longer exists. With a little more research it looks like it is another Symantec file running as a driver service--we can still clean it up but I want to cover some other things first.

Please run a GMER Rootkit scan:

Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop and start GMER.exe
Click the Rootkit tab.
Make sure the "Show all" checkbox is unchecked and leave it that way.
Click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results here in your next reply.

If you're having problems with running GMER.exe, try it in safe mode. This tool works in safe mode. Most other rootkit revealers don't.

I see you've installed AVG's rootkit scanner. Did it find anything?

Click here to download FindAWF.exe and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to Press any key to continue.
Press a key.
Now press the 1 key and then Enter
FindAWF tool will begin scanning your computer. It may take a few minutes to complete so be patient.
When the scan is finished, a text file in notepad called AWF.txt will automatically be saved to your desktop or whatever location you ran the file from.
Return to this thread and copy and paste the contents of the AWF.txt file in your next reply.

I've been researching a solution for the Add/Remove problem if it is not the result of a rootkitted infection. It appears that the registry keys and values that Add/Remove reads may have been deleted somehow, in which case there probably isn't much you can do. I would like to confirm this be doing the following:

Backing Up Your Registry

1. Go Here and download ERUNT
   (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
   (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
   (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
   (the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Download Registrar Lite 2.0 and install it.

Copy the bold text below and paste it into the Address bar and hit Enter.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

The Uninstall folder should appear in blue in the left pane. If not, stop here and let me know. Click on the icon that looks like a floppie, save the file to your desktop.

Right click the file and choose Edit. Then copy the entire contents of what opens in Notepad and post it in your next reply.

Hello Papakid
Here are the reports

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-22 07:50:58
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys ZwCreateSection
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwCreateSymbolicLinkObject
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwMakeTemporaryObject
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwOpenSection
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys ZwSetInformationProcess
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwSetSystemInformation
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCoSendComplete] [F8604E20] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMSetAttributesEx] [F8606A90] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisInitializeWrapper] [F8606670] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMRegisterMiniport] [F86070C0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisTerminateWrapper] [F8606CA0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F86049B0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisClOpenAddressFamily] [F8604880] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F8606570] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F8605FC0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCoSendComplete] [F8604E20] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMSetAttributesEx] [F8606A90] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F86049B0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisReturnPackets] [F86056D0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisInitializeWrapper] [F8606670] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisTerminateWrapper] [F8606CA0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F8606720] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMRegisterMiniport] [F86070C0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F8606720] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F8605FC0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisReturnPackets] [F86056D0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F8606570] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMSetAttributesEx] [F8606A90] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisTerminateWrapper] [F8606CA0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMRegisterMiniport] [F86070C0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisInitializeWrapper] [F8606670] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMSetAttributesEx] [F8606A90] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisInitializeWrapper] [F8606670] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMRegisterMiniport] [F86070C0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisTerminateWrapper] [F8606CA0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\TDI.SYS[NDIS.SYS!NdisReturnPackets] [F86056D0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisReturnPackets] [F86056D0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisTerminateWrapper] [F8606CA0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisIMAssociateMiniport] [F86069C0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisIMRegisterLayeredMiniport] [F8607170] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F8606720] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisInitializeWrapper] [F8606670] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F8605FC0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisClOpenAddressFamily] [F8604880] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisMSetAttributesEx] [F8606A90] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F8606570] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisInitializeWrapper] [F8606670] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCoSendComplete] [F8604E20] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMSetAttributesEx] [F8606A90] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F86049B0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMRegisterMiniport] [F86070C0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisTerminateWrapper] [F8606CA0] kmxstart.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F8606720] kmxstart.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F8606570] kmxstart.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F8605FC0] kmxstart.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCmRegisterAddressFamily] [F8604920] kmxstart.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisClOpenAddressFamily] [F8604880] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F8606570] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F8605FC0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F8606720] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisReturnPackets] [F86056D0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisReturnPackets] [F86056D0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F8606720] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F8605FC0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F8606570] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisReturnPackets] [F86056D0] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F8606720] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F8606570] kmxstart.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F8605FC0] kmxstart.sys

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0203FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0203FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0203FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0203FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [02040640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0203FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0203FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0203FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0203FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0203FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0203F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [02040640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [02040290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [02040640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0203FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0203FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0203F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0203F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0203FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0203FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [02040470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [02040640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [02040290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0203FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0203F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [02040640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0203FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0203FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0203F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0203FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [0203F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [0203FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0203FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[496] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0203F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1016] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00940640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0093F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00940640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00940290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00940640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0093F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0093F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00940470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00940640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00940290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0093F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00940640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0093F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1048] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1156] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [011AFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [011AFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [011AFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [011AFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [011AFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [011AFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [011B0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [011AFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [011AF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [011AFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [011AFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [011B0470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [011B0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [011B0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [011B0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [011AFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [011AFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [011AF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [011AFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [011AFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [011AF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [011B0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [011AF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [011AFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [011AFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [011AF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [011AFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [011B0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [011AFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [011AF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [011B0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [011AFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [011AF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[1516] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [011AFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1764] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00940640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0093F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00940640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00940290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00940640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0093F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0093F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00940470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00940640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00940290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0093F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00940640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [00940290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [00940640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [0093F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [0093FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0093FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0093FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1976] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0093F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F88DC439] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F88DC669] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F88DC4F5] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F88DC564] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F88DC620] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F88DC6BB] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F841CDEC] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F841D4C6] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F841C892] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F841C810] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F841C800] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F841C790] VET-REC.SYS

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F6E76900] kmxfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F6E76A60] kmxfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F6E77500] kmxfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F6E774C0] kmxfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F6E76AC0] kmxfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F6E76900] kmxfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F6E76A60] kmxfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F6E77500] kmxfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6E774C0] kmxfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F6E76AC0] kmxfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F6E76900] kmxfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F6E76A60] kmxfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F6E77500] kmxfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6E774C0] kmxfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F6E76AC0] kmxfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F6E76900] kmxfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F6E76A60] kmxfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F6E77500] kmxfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6E774C0] kmxfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F6E76AC0] kmxfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F6E76900] kmxfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F6E76A60] kmxfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F6E77500] kmxfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F6E774C0] kmxfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F6E76AC0] kmxfw.sys
Device \Driver\AFD \Device\Afd IRP_MJ_CREATE [F4EAA850] KmxCF.sys
Device \Driver\AFD \Device\Afd IRP_MJ_CLOSE [F4EAB010] KmxCF.sys
Device \Driver\AFD \Device\Afd IRP_MJ_READ [F4EAB290] KmxCF.sys
Device \Driver\AFD \Device\Afd IRP_MJ_WRITE [F4EAB070] KmxCF.sys
Device \Driver\AFD \Device\Afd IRP_MJ_DEVICE_CONTROL [F4EAB2E0] KmxCF.sys
Device \Driver\AFD \Device\Afd IRP_MJ_INTERNAL_DEVICE_CONTROL [F4EAA890] KmxCF.sys
Device \Driver\AFD \Device\Afd IRP_MJ_CLEANUP [F4EAB040] KmxCF.sys
Device \Driver\AFD \Device\Afd FastIoDeviceControl [F4EAB3E0] KmxCF.sys

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F6EE031A] kmxagent.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F88DC439] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F88DC669] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F88DC4F5] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F88DC564] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F88DC620] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F88DC6BB] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F88DC3A4] KmxFile.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F841CDEC] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F841D4C6] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F841C892] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F841C810] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F841C800] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F841C790] VET-REC.SYS
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F841C790] VET-REC.SYS

---- EOF - GMER 1.0.13 ----

Here is the awf report

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report


And the Registrar report

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
"DisplayName"="Adobe Flash Player Plugin"
"DisplayVersion"="9.0.47.0"
"Publisher"="Adobe Systems Incorporated"
"URLInfoAbout"="http://www.adobe.com/go/getflashplayer"
"DisplayIcon"="C:\\WINDOWS\\system32\\Macromed\\Flash\\uninstall_plugin.exe"
"UninstallString"="C:\\WINDOWS\\system32\\Macromed\\Flash\\uninstall_plugin.exe"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVGantiRootkit]
"DisplayName"="AVG Anti-Rootkit Free"
"UninstallString"="C:\\Program Files\\GRISOFT\\AVG Anti-Rootkit Free\\Uninstall.exe"
"InstallLocation"="C:\\Program Files\\GRISOFT\\AVG Anti-Rootkit Free"
"DisplayIcon"="C:\\Program Files\\GRISOFT\\AVG Anti-Rootkit Free\\avgarkt.exe"
"Publisher"="GRISOFT"
"HelpLink"="http://www.grisoft.com"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
"DisplayName"="CCleaner (remove only)"
"UninstallString"="\"C:\\Program Files\\CCleaner\\uninst.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1]
"Inno Setup: Setup Version"="4.2.7"
"Inno Setup: App Path"="C:\\Program Files\\ERUNT"
"InstallLocation"="C:\\Program Files\\ERUNT\\"
"Inno Setup: Icon Group"="ERUNT"
"Inno Setup: User"="Matthew"
"Inno Setup: Selected Tasks"="eruntdesktopicon,ntregoptdesktopicon"
"Inno Setup: Deselected Tasks"="eruntquicklaunchicon,ntregoptquicklaunchicon,installgermanlanguagefiles"
"DisplayName"="ERUNT 1.1j"
"UninstallString"="\"C:\\Program Files\\ERUNT\\unins000.exe\""
"QuietUninstallString"="\"C:\\Program Files\\ERUNT\\unins000.exe\" /SILENT"
"Publisher"="Lars Hederer"
"URLInfoAbout"="http://www.larshederer.homepage.t-online.de"
"HelpLink"="http://www.larshederer.homepage.t-online.de/erunt"
"URLUpdateInfo"="http://www.larshederer.homepage.t-online.de/erunt"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eTrust Suite Personal]
"DisplayName"="CA Internet Security Suite"
"UninstallString"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\caunst.exe\" /u"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="CA, Inc."
"URLInfoAbout"="http://www.my-etrust.com/Redirect/router.aspx?OEM= &prod=PN&app=inclient&lang=en&date=1184267626&link_id=1&dest=homepage&lic=4CZT1ECJGYXKWJLRIRIK&ver=5.1.17.0"
"HelpLink"="http://www.my-etrust.com/Redirect/router.aspx?OEM= &prod=PN&app=inclient&lang=en&date=1184267626&link_id=1&dest=main_support&lic=4CZT1ECJGYXKWJLRIRIK&ver=5.1.17.0"
"DisplayVersion"="3.2.1.14"
"InstallLocation"="C:\\Program Files\\CA\\CA Internet Security Suite"
"DisplayIcon"="C:\\Program Files\\CA\\CA Internet Security Suite\\caunst.exe,-0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eTrust Suite Personal\as]
"DisplayIcon"="C:\\Program Files\\CA\\CA Internet Security Suite\\caunst.exe,-0"
"UninstallString"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\caunst.exe\" /u"
"DisplayName"="CA Anti-Spam"
"Publisher"="CA, Inc."
"HelpLink"="http://www.my-etrust.com/Redirect/router.aspx?OEM= &prod=PN&app=inclient&lang=en&date=1184267664&link_id=1&dest=main_support&lic=4CZT1-ECJGY-XKWJL-RIRIK&ver=5.1.17.0"
"URLInfoAbout"="http://www.my-etrust.com/Redirect/router.aspx?OEM= &prod=PN&app=inclient&lang=en&date=1184267664&link_id=1&dest=homepage&lic=4CZT1-ECJGY-XKWJL-RIRIK&ver=5.1.17.0"
"DisplayVersion"="5.1.17.0"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"InstallLocation"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.1.17.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eTrust Suite Personal\av]
"DisplayName"="CA Anti-Virus"
"UninstallProduct"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\unvet32.exe"
"UninstallString"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\caunst.exe\" /u"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="CA, Inc."
"URLInfoAbout"="http://www.my-etrust.com/Redirect/router.aspx?OEM= &prod=SS&app=inclient&lang=en&date=1184253124&link_id=1&dest=homepage&lic=4CZT1-ECJGY-XKWJL-RIRIK&ver=3.2.1.14"
"HelpLink"="http://www.my-etrust.com/Redirect/router.aspx?OEM= &prod=SS&app=inclient&lang=en&date=1184253124&link_id=1&dest=main_support&lic=4CZT1-ECJGY-XKWJL-RIRIK&ver=3.2.1.14"
"DisplayVersion"="8.4.0.24"
"InstallLocation"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus"
"DisplayIcon"="C:\\Program Files\\CA\\CA Internet Security Suite\\caunst.exe,-0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eTrust Suite Personal\pfw]
"DisplayName"="CA Personal Firewall"
"UninstallProduct"="MsiExec.exe /X{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}"
"UninstallString"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\caunst.exe\" /u"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="CA, Inc."
"URLInfoAbout"="http://www.my-etrust.com/Redirect/router.aspx?OEM= &prod=SS&app=inclient&lang=en&date=1184253153&link_id=1&dest=homepage&lic=4CZT1-ECJGY-XKWJL-RIRIK&ver=3.2.1.14"
"HelpLink"="http://www.my-etrust.com/Redirect/router.aspx?OEM= &prod=SS&app=inclient&lang=en&date=1184253153&link_id=1&dest=main_support&lic=4CZT1-ECJGY-XKWJL-RIRIK&ver=3.2.1.14"
"DisplayVersion"="9.1.0.33"
"InstallLocation"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall"
"DisplayIcon"="C:\\Program Files\\CA\\CA Internet Security Suite\\caunst.exe,-0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eTrust Suite Personal\pp]
"DisplayName"="CA Anti-Spyware"
"UninstallProduct"="MsiExec.exe /X{609B0E8F-0E98-46BF-85F9-7123D1022D84}"
"UninstallString"="\"C:\\Program Files\\CA\\CA Internet Security Suite\\caunst.exe\" /u"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="CA, Inc."
"URLInfoAbout"="http://www.my-etrust.com/Redirect/router.aspx?OEM= &prod=SS&app=inclient&lang=en&date=1184253122&link_id=1&dest=homepage&lic=4CZT1-ECJGY-XKWJL-RIRIK&ver=3.2.1.14"
"HelpLink"="http://www.my-etrust.com/Redirect/router.aspx?OEM= &prod=SS&app=inclient&lang=en&date=1184253122&link_id=1&dest=main_support&lic=4CZT1-ECJGY-XKWJL-RIRIK&ver=3.2.1.14"
"DisplayVersion"="9.1.0.18"
"InstallLocation"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spyware"
"DisplayIcon"="C:\\Program Files\\CA\\CA Internet Security Suite\\caunst.exe,-0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis]
"DisplayName"="HijackThis 2.0.2"
"UninstallString"="\"C:\\Documents and Settings\\Matthew\\Desktop\\HijackThis.exe\" /uninstall"
"DisplayIcon"="C:\\Documents and Settings\\Matthew\\Desktop\\HijackThis.exe"
"DisplayVersion"="2.0.2"
"Publisher"="TrendMicro"
"URLInfoAbout"="http://www.spywareinfo.com/~merijn/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB892130]
"DisplayName"="Windows Genuine Advantage Validation Tool (KB892130)"
"UninstallString"=""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070711"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.microsoft.com?kbid=892130"
"URLInfoAbout"="http://www.microsoft.com/genuine"
"NoRemove"=dword:00000001
"NoRemoveInitialValue"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB928365.T1_1ToU569_1]
"UninstallString"="C:\\WINDOWS\\system32\\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"
"NoModify"=dword:00000001
"EstimatedSize"=dword:00000000
"RegistryLocation"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Updates\\Microsoft .NET Framework 2.0\\KB928365"
"DisplayIcon"="C:\\WINDOWS\\system32\\msiexec.exe"
"DisplayVersion"="2"
"ParentDisplayName"="Microsoft .NET Framework 2.0"
"NoRepair"=dword:00000001
"DisplayName"="Security Update for Microsoft .NET Framework 2.0 (KB928365)"
"ReleaseType"="Security Update"
"Helplink"="http://support.microsoft.com/kb/928365"
"ParentKeyName"="Microsoft .NET Framework 2.0"
"Publisher"="Microsoft Corporation"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB936357]
"DisplayName"="Update for Windows XP (KB936357)"
"UninstallString"="\"C:\\WINDOWS\\$NtUninstallKB936357$\\spuninst\\spuninst.exe\""
"TSAware"=dword:00000001
"NoModify"=dword:00000001
"InstallDate"="20070711"
"Publisher"="Microsoft Corporation"
"NoRepair"=dword:00000001
"HelpLink"="http://support.microsoft.com?kbid=936357"
"URLInfoAbout"="http://support.microsoft.com"
"DisplayVersion"="1"
"ParentKeyName"="OperatingSystem"
"ParentDisplayName"="Windows XP - Software Updates"
"ReleaseType"="Update"
"RegistryLocation"="HKLM\\SOFTWARE\\Microsoft\\Updates\\Windows XP\\SP3\\KB936357"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox (2.0.0.5)]
"Comments"="Mozilla Firefox"
"DisplayIcon"="C:\\PROGRA~1\\Mozilla Firefox\\firefox.exe,0"
"DisplayName"="Mozilla Firefox (2.0.0.5)"
"DisplayVersion"="2.0.0.5 (en-US)"
"InstallLocation"="C:\\PROGRA~1\\Mozilla Firefox"
"Publisher"="Mozilla"
"UninstallString"="C:\\PROGRA~1\\Mozilla Firefox\\uninstall\\helper.exe"
"URLInfoAbout"="http://en-US.www.mozilla.com/en-US/"
"URLUpdateInfo"="http://en-US.www.mozilla.com/en-US/firefox/"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registrar Lite 2.00]
"DisplayName"="Registrar Lite 2.00"
"UninstallString"="\"C:\\Program Files\\Registrar Lite\\unwise.exe\" C:\\PROGRA~1\\REGIST~1\\INSTALL.LOG"
"DisplayIcon"="\"C:\\Program Files\\Registrar Lite\\rl.exe\""
"URLInfoAbout"="http://www.resplendence.com"
"HelpLink"="http://www.resplendence.com"
"Publisher"="Resplendence Software Projects Sp."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VETWIN32Vp5]
"DisplayIcon"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\caav.exe,-0"
"Publisher"="CA, Inc."
"ModifyPath"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus\\caav.exe"
"DisplayVersion"="8.4.0.24"
"InstallLocation"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Virus"
"EstimatedSize"=dword:00006400
"NoModify"=dword:00000000
"NoRepair"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WGA]
"HelpLink"="http://support.microsoft.com?kbid=892130"
"URLInfoAbout"="http://www.microsoft.com/genuine"
"Publisher"="Microsoft Corporation"
"DisplayName"="Windows Genuine Advantage Validation Tool (KB892130)"
"DisplayVersion"="1.7.0036.0"
"VersionMajor"="1"
"VersionMinor"="0"
"ParentKeyName"="OperatingSystem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}]
"DisplayIcon"="C:\\Program Files\\Java\\jre1.6.0_02\\\\bin\\javaws.exe"
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="http://java.com"
"DisplayVersion"="1.6.0.20"
"HelpLink"=hex(2):68,74,74,70,3a,2f,2f,6a,61,76,61,2e,63,6f,6d,00
"HelpTelephone"=""
"InstallDate"="20070718"
"InstallLocation"=""
"InstallSource"="http://javadl.sun.com/webapps/download/GetFile/1.6.0_02-b06/windows-i586/"
"ModifyPath"=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,33,32,34,38,\
46,30,41,38,2d,36,38,31,33,2d,31,31,44,36,2d,41,37,37,42,2d,30,30,42,30,44,\
30,31,36,30,30,32,30,7d,00
"NoRepair"=dword:00000001
"Publisher"="Sun Microsystems, Inc."
"Readme"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,4a,61,76,61,\
5c,6a,72,65,31,2e,36,2e,30,5f,30,32,5c,52,45,41,44,4d,45,2e,74,78,74,00
"Size"=""
"EstimatedSize"=dword:0001bcf2
"UninstallString"=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,49,7b,33,32,34,\
38,46,30,41,38,2d,36,38,31,33,2d,31,31,44,36,2d,41,37,37,42,2d,30,30,42,30,\
44,30,31,36,30,30,32,30,7d,00
"URLInfoAbout"="http://java.com"
"URLUpdateInfo"="http://java.sun.com"
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000006
"WindowsInstaller"=dword:00000001
"Version"=dword:01060000
"Language"=dword:00000000
"DisplayName"="Java™ 6 Update 2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{609B0E8F-0E98-46BF-85F9-7123D1022D84}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="9.1.0.18"
"HelpLink"=hex(2):68,74,74,70,3a,2f,2f,77,77,77,2e,6d,79,2d,65,74,72,75,73,74,\
2e,63,6f,6d,2f,52,65,64,69,72,65,63,74,2f,72,6f,75,74,65,72,2e,61,73,70,78,\
3f,4f,45,4d,3d,26,70,72,6f,64,3d,50,50,26,61,70,70,3d,69,6e,63,6c,69,65,6e,\
74,26,6c,61,6e,67,3d,65,6e,26,64,61,74,65,3d,2d,31,26,6c,69,6e,6b,5f,69,64,\
3d,31,26,64,65,73,74,3d,6d,61,69,6e,5f,73,75,70,70,6f,72,74,26,6c,69,63,3d,\
26,76,65,72,3d,39,2e,31,2e,30,2e,31,38,00
"HelpTelephone"=""
"InstallDate"="20070712"
"InstallLocation"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Anti-Spyware\\"
"InstallSource"="C:\\DOCUME~1\\Matthew\\LOCALS~1\\Temp\\{EE373586-CC8E-4AB6-8A37-37BDB4A3B50E}\\"
"ModifyPath"=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,58,7b,36,30,39,42,\
30,45,38,46,2d,30,45,39,38,2d,34,36,42,46,2d,38,35,46,39,2d,37,31,32,33,44,\
31,30,32,32,44,38,34,7d,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="CA"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00003bb3
"URLInfoAbout"="http://www.ca.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000009
"VersionMinor"=dword:00000001
"WindowsInstaller"=dword:00000000
"Version"=dword:09010000
"Language"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}]
"DisplayIcon"="C:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\ndpsetup.ico"
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="2.0.50727"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20070711"
"InstallLocation"=""
"InstallSource"="C:\\DOCUME~1\\Matthew\\LOCALS~1\\Temp\\IXP000.TMP\\"
"NoModify"=dword:00000001
"NoRemove"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00003f24
"SystemComponent"=dword:00000001
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:00000002
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0200c627
"Language"=dword:00000000
"DisplayName"="Microsoft .NET Framework 2.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="9.1.0.33"
"HelpLink"=hex(2):68,74,74,70,3a,2f,2f,77,77,77,2e,6d,79,2d,65,74,72,75,73,74,\
2e,63,6f,6d,2f,52,65,64,69,72,65,63,74,2f,72,6f,75,74,65,72,2e,61,73,70,78,\
3f,4f,45,4d,3d,26,70,72,6f,64,3d,50,46,26,61,70,70,3d,69,6e,63,6c,69,65,6e,\
74,26,6c,61,6e,67,3d,45,4e,26,64,61,74,65,3d,31,31,38,34,32,35,33,31,33,32,\
26,6c,69,6e,6b,5f,69,64,3d,31,26,64,65,73,74,3d,6d,61,69,6e,5f,73,75,70,70,\
6f,72,74,26,6c,69,63,3d,34,43,5a,54,31,2d,45,43,4a,47,59,2d,58,4b,57,4a,4c,\
2d,52,49,52,49,4b,26,76,65,72,3d,00
"HelpTelephone"=""
"InstallDate"="20070712"
"InstallLocation"="C:\\Program Files\\CA\\CA Internet Security Suite\\CA Personal Firewall\\"
"InstallSource"="C:\\WINDOWS\\Installer\\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\\{FF4C8DE2-6DE9-41D5-8747-060EC7506094}\\"
"ModifyPath"=hex(2):4d,73,69,45,78,65,63,2e,65,78,65,20,2f,58,7b,42,44,42,41,\
41,42,31,42,2d,42,33,36,34,2d,34,36,35,45,2d,39,33,31,44,2d,34,45,32,45,32,\
46,30,45,36,30,39,41,7d,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="CA"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00003621
"URLInfoAbout"="http://www.ca.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000009
"VersionMinor"=dword:00000001
"WindowsInstaller"=dword:00000000
"Version"=dword:09010000
"Language"=dword:00000000

Thanks again

D_N_M

Well, the good news is that your system appears to be clear of malware. The bad news is, as I suspected, it looks like you are missing some reg entries in that key for all your installed programs. A few showed up that didn't in DSS, but there should be more. I'm about to run out of ideas.

Any repair tools that deal with Add/Remove that I know of delete icons from the list, they don't add any, and couldn't in your case because the reg entries aren't there.

Researching this, I've seen that that CA Associates has revamped their software--99% of all those entries in the GMER log belong to them. Security software has become very complex, out of necessity, but I have a hard time believing that there should be that many files. Along with having some old Norton hanging around it could be a symptom of a corrupt install but I can't say for sure. Did you notice the Add/Remove problem around the time you installed CA Internet Security Suite?

Also, have you tried running System Restore? That is the only way I know of to get those reg entries back. Let me know (one) when you noticed this Add/Remvoe problem and (two) the date that you installed CA Internet Security Suite. Depending on how long it's been, after a System Restore will take some work to get the computer back to the way it was and we would have to check again for malware, but I think it would be less work than the alternative.

Hello Papakid

I have not tried system restore as of yet I had that thought but wasn't sure if that would work?
As far as the add/remove programs disappearing it would have been with a day or two of the original post on July 12
And for the ca etrust I have had them for over a year now and as far as the Norton I would REALLY like to lose EVERYTHING Norton on this box so if you want to try from the system restore point I'm game. Just let Me know and we'll go from there and as always thank you for your time and expertise.

D_N_M

Sorry again for the long delay.

You can read how to use System Restore here if you are not familiar with it: Windows XP System Restore Guide.
Pick a Restore Point from two or three days before you noticed the Add/Remove problem.

As I mentioned, the drawback is that SR will not totally uninstall all programs that you have installed after the Restore date. I had some problems with Kaspersky AV and restored to before the problems, but KAV wasn't completely uninstalled--I could open it but there was just a frame that was mostly blank. I had to undo the restoration, uninstall KAV and then do a restore again to get things straightened out. This is because SR backs up mostly registry and some selected, protected files--most files added after the restore date will still be there.

But is why I am asking about CA. It shows up in your uninstall list and reg key along with other programs I've had you install since the problem began. Did you not install an upgrade version around that time? IOW CA Internet Security Suite 2007 appear to be a major upgrade of the previous version--normally you would have to uninstall the previous version to install the upgrade. You've had 2007 version for a year or still running a previous version? Whatever the case I need to know that as it will save you time by uninstalling CA before doing the SR (while off line) as well of other programs you have installed since. If the Restore is successful, you can then reinstall what you want if you have your setup files on disk or CD/DVD, license keys, etc. ready. Otherwise you will have to play around with restoring and undoing.

Does this make sense? If you understand what I mean, and you get System Restore to work, check to see if Add/Remove has been repaired and let me know the specific steps you took. I'll then want to see some more logs to make sure any infected files that were backed up need to be removed, but I want to know if this will work at all first. SR could well be corrupted. I'm still thinking a reformat would be a much easier way to go for you.

Hello Papakid
I went to system restore but made a mistake and now only have a system restore point from yesterday (Sorry I tried to do it when I got home from work and was beat tired and misunderstood it)
And as far as the CA 2007 I did recently upgrade to the 2007 but I uninstalled the previous version before the new one was installed. And as far as a reformat I don't have a cd.
So I'm at a loss here bgut My major concern is that java 1.5 is still in add/remove programs with no option to uninstall as well as a few others no remove option and I know that older versions of java are exploitable and I really would like to not have to have anything vulnerable what so ever I'm certain you know what I mean.
So any input you have I'm ready to hear.But I might add that the new programs that have been re-installed have the option of removing so would a re-install of all my programs I use be the way to go? I don't know but kinda makes sense.
Please let Me know what you think and as always thank you for your time and persistence on helping Me with this problem.
And one more thing if you will I would like to know when the next Malware removal training is going to happen? I would certainly like to attend because I am certainly very interested in the security field

D_N_M

OK, sorry, I should have given you specific steps for System Restore. I take it you purged by turning it off then on again? Could you confirm that please?

There is one other thing I want you to check.

Open Registrar Lite 2.0. I want you to export a couple of reg keys like you did before and post the contents. Remember to open the files by right clicking and choosing Edit, or you can rename the file to change the extension from .reg to .txt

Copy the bold text below and paste it into the Address bar and hit Enter.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall

The Uninstall folder should appear in blue in the left pane. If not, stop here and let me know. Click on the icon that looks like a floppie, name it CUPolicy and save the file to your desktop.

Repeat the process with the following and name the file LMPolicy.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall

Honestly, I'm not optimistic this will work, as the policy restriction values appear to be that all of Add/Remove will be hidden or not, or things like the remove button will be grayed out, but we'll see.

Reinstalling programs that don't appear in the list should reinsert them. The thing is it is better to do a clean install--uninstall first. Some programs it may be OK to install over the top, but your larger programs it just isn't a good idea. Like anitvirus--you are in good shape there since CA is in the list so don't need to mess with it, but with the rest it's sort of like playing Russian Roulette. Those large programs usually use MSI and you will get an error message that the application is already installed.

You can go thru your Start Menu, All Programs and look for uninstallers there. Many will have them, but if not, you can right click on the shortcut that opens the program, choose Properties then Find Target. That will take you to the folder, usually in Program Files, where the main executable resides and you may find an uninstaller executable in the same folder. Look for uninst.exe, unwise.exe or something similar.

Why don't you have a CD for installing Windows?

The old Java is going to be problematic. One because I don't know how many versions you still have installed. Two, I've looked in my Java folder in Program files and don't see anything that looks like an uninstaller. I'll look into some other ways tho, it's just that it is going to be risky and if you have no way to reinstall Windows and things go south you'll have no computer at all.


You can apply at any time:
http://www.bleepingcomputer.com/forums/topic86678.html

Something else I've neglected to mention that is very important. CF and SDFix both removed files from a trojan that steals information.
http://www.sophos.com/security/analyses/trojspydldrf.html
http://www.sophos.com/virusinfo/analyses/trojspydldre.html

If you do any online banking or other financial transactions, you need to change your passwords from a known clean computer. Then inform the banks of the possible compromise--I've already linked you to some articles with more info on this, so please read them carefully. I know I've said you PC appears to be clean, but with these type infections nowdays you can never be 100% sure short of a reformat.

One more thing, try to run Kaspersky online scan again. I still no joy try this one:

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

Hello Papakid
I did turn the system restore off then on again.
The uninstall folder in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall
did not appear so I stopped.
The reason I don't have a CD is because Windows was already installed when the PC was bought I never got any CD's with it we got it off ebay.
And everytime I go to (You can apply at any time:
http://www.bleepingcomputer.com/forums/topic86678.html) it says check back in a few days so I guess I'll keep checking.
As far as online banking My wife does some but were currently in the process of going with a with a whole different bank.
I tried F-Secure online scan but it would not work. it said I don't have sufficient privileges.
I can find the java 1.5.0 folder in Program Files so If we remove that whole file would that take away any chance to exploit it?as there was no uninstall listed.

Thanks as always
D_N_M

Well Papakid it's been 5 days since your last post where do we go from here?
I'm kinda sitting in limbo here

D_N_M

Sorry for the delay. There is not a whole lot I can do for you. It's really in your own best interest to be able to restore your operating system so I would strongly suggest you look into getting a legal Windows CD. If you can't get back with whoever you bought it from, go to the manufacturer's website. You may have a recovery partition or be able to get them to send you restore disks if it's a prebuilt . If nothing else shop around for an XP CD, with Vista out now XP is going to get harder to find and your PC doesn't have enough power to run Vista.

You also need to take the online banking matter seriously. Just as an example of what can happen when you get one of these type of trojans on your system, have a look at this post: http://www.bleepingcomputer.com/forums/topic98418.html

It's a different infection from what you had, but if your passwords and other sensitive information is gone you need to replace those passwords sooner rather than later. Don't wait til your account change goes thru and you need to change passwords for all financial institutions--ebay, paypal, anything. There are trojans out there designed just to steal login info for games like World of Warcraft for various reason, a big one being there is a black market for virtual goods.

There have been some other people reporting the same problem with Add/Remove that you have--the feeling among most of the malware removal specialists is that some reg cleaners may have caused that. Had you used one around the time of the problem? Plus you were using RootKiRevealer and deleting files on your own. I'm just bringing this up because it looks like you are tinkering around with your system, which is fine and a good way to learn, but that is high risk and you really need to be able to recover your system when you make a critical mistake.

OK, well, lecture over and there are a few other things to try. A colleague has given me the uninstall string for the version of Java you have--this procedure should uninstall it, but I advise against just deleting the Java folder. Java needs to be uninstalled properly or the system will be screwed up even worse

START>Run, copy the bold text below, paste it in the Run box and hit enter:

MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

If you get any errors post back the exact error message in its entirety.

Open Notepad and copy/paste the text in the quotebox below into it:



Save this as CFScript.txt




Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

CFScript should get rid of the last driver from Norton that can be found on your system. Possibly it was preventing you from running the online scans, so I want you to try Kaspersky after that. Read the instructions I gave in Post #6. If you still can't run it, try this:

Disable all your security tools, just don't go surfing around while the scan is running. Turn off all of CA's protection, AV, Firewall, HIPS, antispyware--all of it. If you still have TrojanHunter installed, right click on the THGuard in the System tray and choose unload. Do the same for any other such as AVG Anti-Spyware, and even KeyScrambler if it can be toggled on and off.

If still no joy try this--and I'm curious if this will show your other installed programs.

Go to this page and install the Windows Installer CleanUp Utility:
http://support.microsoft.com/kb/290301

Read over the ReadMe then save the setup files to your desktop. Install then open the application. Put checks by any of the programs that you have already uninstalled. If you see anything Norton in there put a check by it.

Then click the Remove button.

Let me know if there are any other programs installed that show up here but not in the Add/Remove list.

DO NOT check and click remove for any program that is currently installed at this point.

If there was anything Norton in there let me know and then try running the KAV can again.

Let me know how all of that goes and post back a fresh HijackThis log as well.

Hello Papakid

Will look into another XP CD
as far as Registry cleaners I have not used any at the time and haven't for a long time.
the uninstall string worked without any problems for the java 1.5
I did the kaspersky scan and it worked after I disabled My antivirus and firewall here's the log.

Monday, August 06, 2007 6:26:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 6/08/2007
Kaspersky Anti-Virus database records: 376190
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 34319
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 00:45:15

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\.housecall6.6\8ball.txt Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\aucfg.ini Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\AU_Log\TmuDump.txt Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\BPMNT.dll Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\ciussi32.dll Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\dsvout.dll Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\engine.stat Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\getMac.exe Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\GetServer.ini Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\jsapi.dll Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\jupdate.dll Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\local.conf Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\log\dsvout.log Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\log\engine0.log Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\log\error0.log Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\log\execution0.log Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\patch.exe Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\PATCHW32.DLL Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\Pattern\lpt$vpn.591 Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\Pattern\tmaptn.507 Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\Pattern\tmvamain.ptn Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\Pattern\tsc.ptn Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\ssapi32.dll Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\ssapiptn.da5 Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\tmcomm.sys Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\TmEngDrv.dll Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\TmUpdate.dll Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\tsc.exe Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\Update\AU_Cache\housecall65.trendmicro.com\ini_xml.zip Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\Update\AU_Cache\housecall65.trendmicro.com\ini_xml.zip.etag Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\Update\AU_Cache\housecall65.trendmicro.com\server.ini Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\Update\AU_Cache\housecall65.trendmicro.com\server.ini.etag Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\usrbl.dat Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\usrwl.dat Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\vsapi32.dll Object is locked skipped
C:\Documents and Settings\Administrator\.housecall6.6\vscan.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1275210071-436374069-1060284298-500\6b29ae44e85efac3c72ff4d1865d73f1_6ed3b6f4-9a16-43cf-aa85-4b1abed6c5d8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1275210071-436374069-1060284298-500\af8e6ff78427fce2a013c3330871749c_6ed3b6f4-9a16-43cf-aa85-4b1abed6c5d8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1275210071-436374069-1060284298-500\0dd0e203-1a49-4943-aca6-5f2dc13c2c0c Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1275210071-436374069-1060284298-500\90822546-73f1-43e4-8bd5-57fd69fa5f7e Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1275210071-436374069-1060284298-500\Preferred Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\pluginreg.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\bookmarkbackups\bookmarks-2006-05-14.html Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\bookmarkbackups\bookmarks-2006-06-22.html Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\bookmarkbackups\bookmarks-2007-07-11.html Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\bookmarks.bak Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\bookmarks.html Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\bookmarks.html.sbsd.bak Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\chrome\userChrome-example.css Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\chrome\userContent-example.css Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\compatibility.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\compreg.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\cookies.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\extensions.cache Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\extensions.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\extensions.rdf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\localstore.rdf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\mimeTypes.rdf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\prefs.js Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\search.rdf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\secmod.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\xpti.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\profiles.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\vmchecker.class-7ac16f10-288d3648.class Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\vmchecker.class-7ac16f10-288d3648.idx Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\hcImpl.jar-50174dc1-63246158.idx Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\hcImpl.jar-50174dc1-63246158.zip Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\log\plugin150_11.trace Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\security\trusted.certs Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\Netdiag 22062006 133318.htm Object is locked skipped
C:\Documents and Settings\Administrator\DoctorWeb\drweb32w.log Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Help\Online Help.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Central\Verizon Central.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Bookmarks.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Briefcase.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Calendar.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Entertainment.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Finance.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Games.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Groups.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Home.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Mail.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Maps.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Member Center\Account(s) & Billing.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Member Center\Help & Customer Care.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Member Center\Products & Services.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Member Center\Verizon Yahoo! Member Center.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Music.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! News.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! People Search.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Photos.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Shopping.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Sports.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Travel.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Verizon Yahoo! Weather.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Yahooligans!.url Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\1A52B413d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\23E6D235d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\50DACF31d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\5C71B545d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\5E2655B2d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\6CBD8831d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\851B7794d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\8B5325C0d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\8C8260ECd01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\94E2D600d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\9F6E93C0d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\AF07CDDBd01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\B29C4124d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\B2AC4124d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\B77B4649d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\E7AD9837d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\F2C4B6FBd01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\XPC.mfl Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5b44rxjz.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012006062220060623\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012006072420060725\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\bye1.tmp\Disk1\data1.cab Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\bye1.tmp\Disk1\data1.hdr Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\bye1.tmp\Disk1\engine32.cab Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\bye1.tmp\Disk1\layout.bin Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\bye1.tmp\Disk1\Setup.bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\bye1.tmp\Disk1\setup.exe Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\bye1.tmp\Disk1\setup.ibt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\bye1.tmp\Disk1\setup.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\bye1.tmp\Disk1\setup.isn Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\DFC5A2B2.TMP Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\fab4.rra Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\isp5.tmp\_Setup.dll Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\ISPackFiles.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\iss2.tmp\setup.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\iss2.tmp\setup.isn Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\java_install_reg.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\PPGUID.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\xx2 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\xx3 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\xx4 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\xx5 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\xx6 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\corecomp.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\avinflst.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\chkbase.dll Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\CleanUp.dll Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\COMCTL32.TXT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\default.pal Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\DrWeb32.reg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\FontData.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\infolist.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\internet.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\isrt.dll Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\License.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\setup.inx Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\StringTable-0009-English.ips Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\WebSchdS.reg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\WebSchdU.reg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\winsock2.txt Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\_IsFunc.dll Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\_IsRes.dll Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\{F7D24180-D742-48D2-B242-EE2DC45EEF7B}\{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}\_ISUser.dll Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF3A2F.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFAB95.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFB1F5.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFDE59.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4VCNM3I7\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4VCNM3I7\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4VCNM3I7\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8RS56N0D\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8RS56N0D\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8RS56N0D\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8RS56N0D\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8RS56N0D\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8RS56N0D\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EZGDQP6J\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EZGDQP6J\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EZGDQP6J\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OTYRWTEB\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OTYRWTEB\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OTYRWTEB\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OTYRWTEB\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OTYRWTEB\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OTYRWTEB\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Internet Radio on Yahoo! Music.url Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Music Videos & More on Yahoo! Music.url Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\Yahoo! Photos.url Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Reports.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Scan report_20060516.lnk Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\a3d6beddaa204aea32244fa155d28c2e_6ed3b6f4-9a16-43cf-aa85-4b1abed6c5d8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\fcb0613aef249227e1e07adf9db76e9e_6ed3b6f4-9a16-43cf-aa85-4b1abed6c5d8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\202dbc25769d77a08ad1fcb4f6f0a266_6ed3b6f4-9a16-43cf-aa85-4b1abed6c5d8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a2cda50236078ea92f936bc8e91f747_6ed3b6f4-9a16-43cf-aa85-4b1abed6c5d8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4c6aa963c342fae00132f91457b445d_6ed3b6f4-9a16-43cf-aa85-4b1abed6c5d8 Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\Desktop\dss.exe Infected: IM-Worm.Win32.Sohanad.aw skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\bbassistant.log Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\~DF369C.tmp Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\~DF3910.tmp Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\~DF8710.tmp Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\~DFD9BC.tmp Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE09B.tmp Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\~DFE841.tmp Object is locked skipped
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matthew\ntuser.dat Object is locked skipped
C:\Documents and Settings\Matthew\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\SharedComponents\PPRT\logs\2007-08-06.csv Object is locked skipped
C:\Program Files\Common Files\Verizon Online\ConnMgr\VZLog Object is locked skipped
C:\Program Files\InstallShield Installation Information\{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{63B8997E-EB2D-41D3-984C-C44D6D67A571}\setup.ilg Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{127D1F9E-585A-41B9-8F5B-85209AB4386C}\RP14\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

"Matthew" - 2007-08-06 16:09:14 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Matthew\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CO_MON


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-07-30 08:10 <DIR> d-------- C:\DOCUME~1\YOURDA~1\APPLIC~1\Yahoo!
2007-07-27 18:04 879,832 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-07-27 18:04 108,360 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-07-27 18:02 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-07-27 18:02 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-07-27 18:02 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-07-27 18:02 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-07-27 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-07-22 08:07 <DIR> d-------- C:\Program Files\Registrar Lite
2007-07-20 09:22 <DIR> d-------- C:\DOCUME~1\Matthew\DoctorWeb
2007-07-20 09:07 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-18 17:24 <DIR> d-------- C:\Program Files\CCleaner
2007-07-18 05:48 <DIR> d-------- C:\Deckard
2007-07-15 21:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-07-12 10:12 99,904 --a------ C:\WINDOWS\system32\isafeif.dll
2007-07-12 10:12 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-07-12 10:11 <DIR> d-------- C:\Program Files\CA
2007-07-12 09:16 <DIR> d-------- C:\Program Files\Add Remove Pro


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-06 21:16:28 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-08-06 21:16:28 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-08-06 21:16:28 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-08-06 21:16:28 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-08-06 21:16:28 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-08-06 21:16:28 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-08-06 21:16:28 64 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-08-06 21:16:28 54,870 ----a-w C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-08-06 16:02:25 -------- d-----w C:\Program Files\KeyScrambler
2007-07-27 23:12:39 79,424 ----a-w C:\WINDOWS\system32\vetredir.dll
2007-07-27 22:27:51 0 ----a-w C:\avshlext.dll
2007-07-19 22:49:37 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-18 22:31:42 -------- d-----w C:\Program Files\ewido anti-malware
2007-07-06 00:57:10 -------- d-----w C:\DOCUME~1\Matthew\APPLIC~1\Yahoo!
2007-07-04 14:34:06 -------- d-----w C:\Program Files\Yahoo! Games
2007-07-01 18:14:24 -------- d-----w C:\Program Files\Yahoo!
2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-11 17:55:30 -------- d-----w C:\DOCUME~1\Matthew\APPLIC~1\TrojanHunter
2007-05-31 18:47:04 256,784 ----a-w C:\WINDOWS\system32\UmxSbxw.dll
2007-05-31 18:47:02 117,520 ----a-w C:\WINDOWS\system32\UmxSbxExw.dll
2007-05-18 19:30:00 79,368 ----a-w C:\WINDOWS\system32\UmxWNP.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2007-05-30 16:18 808472 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
2007-07-31 20:14 716384 --a------ C:\Program Files\KeyScrambler\KeyScramblerIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 00:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-07-12 04:00 501136 --a------ C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"A Verizon App"="C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE" [2005-05-23 16:20]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-05-25 09:14]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-07-27 18:12]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-07-27 18:12]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe" [2007-07-27 18:12]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-07-27 18:12]
"@"="" []
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-07-27 18:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-07-02 18:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll --a------ 2007-05-18 14:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor.lnk
backup=C:\WINDOWS\pss\Monitor.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer4_in_1]
"C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 4200 Series]
"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart


Contents of the 'Scheduled Tasks' folder
2007-07-12 15:11:57 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Matthew at 10 11 AM.job
2007-07-28 00:32:37 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Matthew at 6 32 PM.job
2007-07-18 02:41:21 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Matthew at 8 39 PM.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 16:18:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-06 16:31:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-06 16:31
C:\ComboFix2.txt ... 2007-07-20 08:52
C:\ComboFix3.txt ... 2007-07-18 16:36

--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:38 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\Program Files\Common Files\MotiveBrowser\MotiveBrowser.exe
C:\Documents and Settings\Matthew\Desktop\hijackthis\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pages.ebay.com/ebay_toolbar/app/congrats.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [A Verizon App] C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143851005685
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 7393 bytes

the windows cleanup utility shows the same as add/remove and I didn't see anything norton in there

Thanks again for your time and patience I will wait to hear from you to see where we go from here.

Well, your logs all look clean as far as being free from malware. There is really not much more I can do for you. When those entries disappear from the registry that populates the Add/Remove list--well, when they're gone they're gone. About all you can do is rebuild it like we talked about earlier. Go thru your start menu and Program Files folders and look for uninstallers so you can do a clean install of your programs. If you can't find the uninstaller for it, contact support and ask for an uninstall string that you can throw in the Run box like you did with Java. Some can be found in the Uninstall Programs Database but it is missing a lot of the legitimate programs and is more for malware that can be unisntalled the easy way.

We try to keep the HJT forum just for cleaning up malware as there are so many people who need help badly. So if you want more help with getting your programs reinstalled try starting a new topic in the Windows XP Home and Professional forum. Link back to this thread so anyone who wants can see your specs and logs with their wealth of info.

To further secure your system, read over the following topic and use the advice that applies to you:



SpywareBlaster and using Secunia Software Inspector are highly recommended if you haven't done so already.