Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With Mdmcls32 And Possibly Malware


  • Please log in to reply
33 replies to this topic

#1 DooDahMan

DooDahMan

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 26 August 2007 - 11:19 AM

Greetings BC! :flowers:

I have this mdmcls32.exe running and I just can't seem to get rid of it. kill comp:
It seems to cause my CPU to use 100% with I look at Windows Task Manager. I use my computer mostly for surfing the web, my son does some gaming and we do a little graphics work on occasion.

When I delete it, it kills my internet connection and opens again. I deleted mdm.exe too(not sure if this was smart or not) and it has not come back.

I have this CA Security Suite that I added an few weeks ago(it was free through my broadband provider)and it is updated,
I ran yesterday or today:

CA Anti-virus
CA Antispyware
Spybot Search and Destory
Adaware
McAfee's Stinger

Windows is updated and all programs except Spyware Blaster is updated but now won't sinc I added CA Firewall

Here is the Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05, on 2007-08-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe

--
End of file - 8058 bytes

Many thanks to those who can help me! :huh: :thumbsup: :huh: :huh:

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 26 August 2007 - 11:53 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum DooDahMan :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.


Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 DooDahMan

DooDahMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 26 August 2007 - 01:32 PM

Hey Richie,

Thanks for the quick reply :flowers:

I did as you asked and here are the reports:
SDFix Report.txt:

SDFix: Version 1.100

Run by Administrator on Sun 08/26/2007 at 02:01 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Local Settings\Temp\FORD.tmp
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Local Settings\Temp\ZTRC.tmp
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Local Settings\Temp\FORD.tmp
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Local Settings\Temp\ZTRC.tmp
C:\Documents and Settings\Owner\My Documents\~WRL0901.tmp

Finished

Combofix Log:
ComboFix 07-08-25.3 - "Owner" 2007-08-26 14:16:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.339 [GMT -4:00]


((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))


2007-08-26 14:00 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-26 13:59 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-26 11:54 <DIR> d-------- C:\DOCUME~1\Owner\WINDOWS
2007-08-26 11:22 <DIR> d-------- C:\WINDOWS\pss
2007-08-25 11:44 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-25 10:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-25 10:42 1,028,096 --a------ C:\WINDOWS\system32\mdmcls32.exe
2007-08-24 18:27 <DIR> d-------- C:\!KillBox
2007-08-24 07:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-21 12:55 <DIR> d-------- C:\DOCUME~1\Nicholas\APPLIC~1\SBTT
2007-08-21 06:42 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-08-19 06:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-18 10:48 <DIR> d-------- C:\DOCUME~1\Nicholas\APPLIC~1\WinRAR
2007-08-18 06:39 <DIR> d-------- C:\Program Files\MassMirror
2007-08-15 09:29 <DIR> d-------- C:\DOCUME~1\Susan\APPLIC~1\Fisher-Price
2007-08-09 08:44 6 --a------ C:\WINDOWS\system32\mkghj.dll
2007-08-09 08:42 <DIR> d-------- C:\Program Files\Your Company Name
2007-08-09 08:41 879,832 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2007-08-09 08:41 108,360 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2007-08-09 08:39 99,904 --a------ C:\WINDOWS\system32\isafeif.dll
2007-08-09 08:39 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2007-08-09 08:39 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2007-08-09 08:39 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-08-09 08:39 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-08-09 08:39 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-08-09 08:39 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-08-09 08:39 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-08-09 08:38 790,528 --a------ C:\WINDOWS\system32\svcprs32.exe
2007-08-09 08:38 7,440 --a------ C:\WINDOWS\system32\sporder.dll
2007-08-09 08:38 2,072,576 --a------ C:\WINDOWS\system32\win32cpr.dll
2007-08-09 08:38 10,924,032 --a------ C:\WINDOWS\cfgmng32.exe
2007-08-09 08:38 1,830,912 --a------ C:\WINDOWS\system32\winsflte.dll
2007-08-09 08:38 1,384,533 --a------ C:\WINDOWS\system32\winsflt.dll
2007-08-09 08:38 <DIR> d-------- C:\WINDOWS\rnapxs
2007-08-09 08:37 <DIR> d-------- C:\Program Files\CA
2007-08-09 08:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-08-06 15:24 <DIR> d-------- C:\Program Files\Disney
2007-08-04 19:23 <DIR> d-------- C:\Program Files\Phantom EFX
2007-08-04 14:22 <DIR> d--h----- C:\DOCUME~1\Cassiday\igLoader Files
2007-08-04 13:07 92,208 --------- C:\WINDOWS\system32\WING.DLL
2007-08-04 13:07 188,960 --------- C:\WINDOWS\system32\WINGDE.DLL
2007-08-04 13:07 12,800 --------- C:\WINDOWS\system32\WING32.DLL
2007-08-04 13:07 <DIR> d-------- C:\Program Files\LEGO Media
2007-08-04 13:06 <DIR> d-------- C:\DOCUME~1\Nicholas\WINDOWS
2007-08-01 20:51 <DIR> d-------- C:\Program Files\3DGroove
2007-08-01 19:41 <DIR> d-------- C:\Program Files\Nick Arcade
2007-07-30 09:03 <DIR> d-------- C:\LOGFILES
2007-07-30 08:56 <DIR> d-------- C:\Program Files\myTrack
2007-07-29 10:06 <DIR> d-------- C:\DOCUME~1\Nicholas\APPLIC~1\Fisher-Price
2007-07-28 10:37 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Fisher-Price
2007-07-26 18:47 <DIR> d-------- C:\Program Files\Activision Value


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-26 13:57 80696 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2007-08-26 13:57 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2007-08-26 13:57 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2007-08-26 13:57 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2007-08-26 13:57 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2007-08-26 13:57 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2007-08-26 13:57 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2007-08-26 13:57 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2007-08-26 11:57 --------- d-------- C:\Program Files\Blaster
2007-08-25 04:34 --------- d-------- C:\Program Files\SpywareBlaster
2007-08-17 13:33 --------- d-------- C:\DOCUME~1\Cassiday\APPLIC~1\minicliptoolbar
2007-08-09 08:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-09 08:25 --------- d-------- C:\Program Files\Symantec
2007-08-09 08:25 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-09 08:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 17:26 --------- d-------- C:\Program Files\MSN Games
2007-07-23 20:28 --------- d-------- C:\Program Files\Atari
2007-07-23 09:19 --------- d-------- C:\Program Files\Fisher-Price
2007-07-23 09:19 --------- d-------- C:\DOCUME~1\Cassiday\APPLIC~1\Fisher-Price
2007-07-23 09:07 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-18 19:14 --------- d-------- C:\Program Files\Disney Interactive
2007-07-11 18:30 --------- d-------- C:\Program Files\Moon Tycoon
2007-07-09 12:10 --------- d-------- C:\Program Files\THQ
2007-07-09 11:50 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-05 11:50 --------- d-------- C:\Program Files\Virtools
2007-07-04 15:58 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
2007-07-03 18:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Knowledge Adventure
2007-07-03 18:17 --------- d-------- C:\Program Files\Common Files\Knowledge Adventure
2007-07-03 18:16 --------- d-------- C:\Program Files\JumpStart
2007-07-02 18:25 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\MINICLIPTOOLBAR
2007-07-02 18:25 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\MINICLIPTOOLBAR
2007-07-02 18:15 --------- d-------- C:\DOCUME~1\Susan\APPLIC~1\vlc
2007-07-02 13:44 --------- d-------- C:\DOCUME~1\Susan\APPLIC~1\MINICLIPTOOLBAR
2007-07-01 09:32 --------- d-------- C:\DOCUME~1\Nicholas\APPLIC~1\MINICLIPTOOLBAR
2007-06-30 17:49 --------- d-------- C:\Program Files\minicliptoolbar
2007-06-27 18:44 --------- d-------- C:\DOCUME~1\Nicholas\APPLIC~1\Leadertech
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-05-31 02:45 524288 --------- C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44 823296 --------- C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823296 --------- C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 802816 --------- C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 740442 --------- C:\WINDOWS\system32\DivX.dll
2007-05-28 16:21 256784 --a------ C:\WINDOWS\system32\UmxSbxw.dll
2007-05-28 16:21 117520 --a------ C:\WINDOWS\system32\UmxSbxExw.dll
2007-05-09 16:22 774144 --a------ C:\Program Files\RngInterstitial.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTPreset"="VTPreset.exe" [2004-02-24 20:17 C:\WINDOWS\system32\VTPreset.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 00:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-05-25 11:47]
"dvHighMem"="C:\WINDOWS\cfgmng32.exe" [2007-04-22 13:41]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-25 11:40]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2007-08-09 08:41]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2007-08-09 08:41]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2007-08-09 08:41]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe" [2007-08-09 08:41]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"SSP Notifier"="C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe" [2006-04-13 14:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-01-31 15:00 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSP Notifier]
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe"
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe"
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe"
R2 WinSvchostManager;WinSock Svchost Manager;C:\WINDOWS\system32\svcprs32.exe
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
S3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe"


Contents of the 'Scheduled Tasks' folder
2007-08-09 13:41:41 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 8 39 AM.job - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 14:21:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-26 14:24:48

--- E O F ---
Hijackthis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:56 PM, on 8/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe

--
End of file - 7949 bytes

Many thanks in advance for your assistance!
:thumbsup:

DooDahMan :huh:

Edited by DooDahMan, 26 August 2007 - 01:34 PM.


#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 26 August 2007 - 05:50 PM

Please disable Spybot S&D’s protection,or it will interfere.
You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Reboot the computer.

If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following blue text inside the quote box below:

Files to delete:
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\system32\mkghj.dll
C:\WINDOWS\system32\svcprs32.exe

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt when you've done.

Also post a new Hijackthis log.
Posted Image
Posted Image

#5 DooDahMan

DooDahMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 27 August 2007 - 07:32 AM

Here is the Avenger Log:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fecvkvrr

*******************

Script file located at: \??\C:\WINDOWS\system32\tehbwrwg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\mdmcls32.exe deleted successfully.
File C:\WINDOWS\system32\mkghj.dll deleted successfully.
File C:\WINDOWS\system32\svcprs32.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Hijackthis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:10 AM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe (file missing)

--
End of file - 7086 bytes

mdmcls32.exe to still be there? :thumbsup: Windows Task Manager shows it 3 times in the processes list.

Perhaps Spybot got in the way? I should try again I think to be sure Spybot was not running?

Thanks again for your help Richie!

DooDahMan

Edited by DooDahMan, 27 August 2007 - 07:36 AM.


#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 27 August 2007 - 08:06 AM

Download and scan with the free 15 day trial of Counterspy V2
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into your next reply.

Please run this online virus scan:Activescan using Internet Explorer.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes,click the See Report button, then Save Report, and save it to your desktop.
Post the Activescan report into your next reply.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#7 DooDahMan

DooDahMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 28 August 2007 - 06:03 AM

I tried the Pandascan and nothing happens when I click on the "Scan Now" button...please help! No error, pop-up blocked window, etc open either. Ideas?

However here is the CounterSpyware Log.

CounterSpyware Log: (I removed all cookies, hotbar, etc.)
Scan History Details
Start Date: 8/27/2007 8:16:41 PM
End Date: 8/27/2007 9:04:46 PM
Total Time: 48 Min 5 Sec
Detected security risks

Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\cassiday\cookies\cassiday@atdmt[2].txt
c:\documents and settings\nicholas\cookies\nicholas@atdmt[2].txt


Cookie: Bluestreak.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\nicholas\cookies\nicholas@bluestreak[2].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\cassiday\cookies\cassiday@doubleclick[1].txt
c:\documents and settings\nicholas\cookies\nicholas@doubleclick[1].txt


Cookie: Hitbox.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\nicholas\cookies\nicholas@hitbox[2].txt


Hotbar Toolbar more information...
Details: Hotbar Web Tools is a collection of browser and system enhancements. The primary application is the Hotbar toolbar, a which is a "skinable" browser toolbar for Internet Explorer.
Status: Deleted

Files detected
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Nicholas\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico


Cookie: Overture.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\nicholas\cookies\nicholas@overture[2].txt
c:\documents and settings\susan\cookies\susan@overture[1].txt


Cookie: Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Deleted

Cookies detected
c:\documents and settings\nicholas\cookies\nicholas@advertising[1].txt


Desktop Weather Potentially Unwanted Program more information...
Status: Deleted

Files detected
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Local Settings\Application Data\The Weather Channel\Desktop Weather\app.swf
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Local Settings\Temp\GLF52.tmp\The_Weather_Channel_Application.exe
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Local Settings\Application Data\The Weather Channel\Desktop Weather\app.swf
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Local Settings\Temp\GLF52.tmp\The_Weather_Channel_Application.exe


Registry Power Cleaner Potentially Unwanted Program more information...
Status: Deleted

Files detected
C:\Documents and Settings\Owner\Desktop\Old Data\Documents and Settings\Susan\Local Settings\Temp\REGISTRYFIX1.exe
C:\Documents and Settings\Owner\Desktop\Old Data\Kleinbauer\Documents and Settings\Susan\Local Settings\Temp\REGISTRYFIX1.exe

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 28 August 2007 - 06:26 AM

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\mdmcls32.exe
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply.

If Jotti's too busy,try here:
http://www.virustotal.com/en/virustotalf.html
Click on the 'Analysis' tab.
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\mdmcls32.exe
Then click on 'Send File'.
Post the results into your next reply.

Also post a new Hijackthis log.
Posted Image
Posted Image

#9 DooDahMan

DooDahMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 28 August 2007 - 06:57 AM

Richie, thanks for prompt reply! :thumbsup:

http://virusscan.jotti.org/ results:
File: mdmcls32.exe
Status:
OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 0fe199ed519a5e8c60df9ed51d8c0278
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 28 Aug 2007 11:50:04 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

VirusTotal Results:
File mdmcls32.exe received on 08.28.2007 13:51:25 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 52 and 75 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.8.28.2 2007.08.28 -
AntiVir 7.4.1.63 2007.08.28 -
Authentium 4.93.8 2007.08.28 -
Avast 4.7.1029.0 2007.08.27 -
AVG 7.5.0.484 2007.08.27 -
BitDefender 7.2 2007.08.28 -
CAT-QuickHeal 9.00 2007.08.25 -
ClamAV 0.91 2007.08.28 -
DrWeb 4.33 2007.08.28 -
eSafe 7.0.15.0 2007.08.26 -
eTrust-Vet 31.1.5091 2007.08.28 -
Ewido 4.0 2007.08.27 -
FileAdvisor 1 2007.08.28 -
Fortinet 2.91.0.0 2007.08.28 -
F-Prot 4.3.2.48 2007.08.28 -
F-Secure 6.70.13030.0 2007.08.28 -
Ikarus T3.1.1.12 2007.08.28 -
Kaspersky 4.0.2.24 2007.08.28 -
McAfee 5106 2007.08.27 -
Microsoft 1.2803 2007.08.28 -
NOD32v2 2488 2007.08.28 -
Norman 5.80.02 2007.08.28 -
Panda 9.0.0.4 2007.08.28 -
Prevx1 V2 2007.08.28 -
Rising 19.38.12.00 2007.08.28 -
Sophos 4.21.0 2007.08.28 -
Sunbelt 2.2.907.0 2007.08.25 -
Symantec 10 2007.08.28 -
TheHacker 6.1.9.175 2007.08.28 -
VBA32 3.12.2.3 2007.08.28 -
VirusBuster 4.3.26:9 2007.08.27 -
Webwasher-Gateway 6.0.1 2007.08.28 -
Additional information
File size: 1028096 bytes
MD5: 0fe199ed519a5e8c60df9ed51d8c0278
SHA1: 7f143d42c86c7146b6b9e576a37a0eb35f3b6b5f

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:38 AM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\RunOnce: [ccube_TrustList] "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /trustlist
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe (file missing)

--
End of file - 7543 bytes

Edited by DooDahMan, 28 August 2007 - 07:01 AM.


#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 28 August 2007 - 08:08 AM

Make sure all hidden files are showing:
- Click 'Start'.
- Open 'My Computer'.
- Select the 'Tools' menu and click 'Folder Options'.
- Select the 'View' tab.
- Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
- Uncheck the 'Hide file extensions for known types' option.
- Uncheck the 'Hide protected operating system files (recommended)' option.
- Click Yes to confirm.
- Click OK.

Press Ctrl+Alt+Delete on your keyboard to open Task Manager.
Under the 'Processes' tab click on 'Image Name',this will place all running processes in alphabetical order.
Right click on mdmcls32.exe select 'End Process'.
Exit Task Manager.

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.bat to your desktop.
Then double click on the fix.bat file on your desktopPosted Image
You'll see a black screen flash,thats normal.

@echo off
sc stop WinSvchostManager
sc delete WinSvchostManager

Restart your pc.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O3 - Toolbar: Miniclip - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - C:\PROGRA~1\MINICL~1\MINICL~1.DLL
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe (file missing)

Exit Hijackthis.

Find and delete if present:
C:\WINDOWS\system32\mdmcls32.exe

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.

Download Systemscan and save it to your desktop.
Double-click on Systemscan.exe to run the tool.
A warning box will appear. Please read and click Ok.
When SystemScan opens, click the "Unselect all" button.
Important: under "Make your choice and than click..." check the boxes next to:
PC accounts
Recent files (60 days)
Hidden Objects

Everything else should be unchecked.
Click "Scan Now".
Another warning box will appear. Please follow the instructions and click Ok.
Systemscan will scan your computer and create a folder at C:\suspectfile to save the log files. Please be patient while the scan is in progress.
When the scan is complete, Notepad will automatically open a log file named report.txt.
This log file will show a list of all user accounts, all files/folders created in the last 60 days and any Hidden files that were found.
Copy and paste the contents of report.txt in your next reply.

Also post a new Hijackthis log.

Edited by RichieUK, 28 August 2007 - 08:11 AM.

Posted Image
Posted Image

#11 DooDahMan

DooDahMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 29 August 2007 - 06:12 AM

I did as you requested, however when you try to end the mdmcls32.exe in the windows task manager, it is back within a few to five seconds, so when you are also trying to delete the file it says it can't as it is is in use, etc.

The first 'SuperAntiSpyware Home Edition Free Version' scan found 212 cookies, most located in a folder called "old data" which was from when I had a HD crash and the tech transfered all the old data files there. Anyway the old cookies were deleted them. The 2nd time I scanned the scanner found no objects.

Also fwiw, last night the CPU usage was at 100% while I was trying to follow your directions making it take fooooooooorever to get anything done. This is my biggest complaint about mdmcls32.exe. It doesnt do this all the time though and some times the CPU is sitting at 0% like now. Then again, since following your advice the computer is much faster, that is, when mdmcls32.exe or whatever else is hogging my CPU. Also, fwiw, there are 2 running processes of mdmcls32.exe shown in the task manager: one for OWNER and one for SYSTEM. Usually they take about 32K of memory.

Ok, back to our regularly scheduled Malware removal :thumbsup:

Here are the logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/28/2007 at 10:32 PM

Application Version : 3.9.1008

Core Rules Database Version : 3294
Trace Rules Database Version: 1305

Scan type : Complete Scan
Total Scan Time : 00:40:24

Memory items scanned : 383
Memory threats detected : 0
Registry items scanned : 5637
Registry threats detected : 0
File items scanned : 36384
File threats detected : 0

SystemScan - www.suspectfile.com - ver. 3.2.0

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 8/29/2007
Time: 6:46:56 AM

Output limited to:
-Recent files
-PC accounts
-Hidden objects

===================== Accounts on this PC =====================


Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
| ASPNET
Yes | Cassiday
| Guest (Disabled)
| HelpAssistant (Disabled)
Yes | Nicholas
Yes | Owner
| SUPPORT_388945a0 (Disabled)
Yes | Susan

### users folders

24/04/2007 18:29:59 (DIR) 0 byte 127 days old -- LocalService
25/04/2007 10:39:51 (DIR) 0 byte 126 days old -- Default User
25/04/2007 10:39:51 (DIR) 0 byte 126 days old -- All Users
21/08/2007 23:52:33 (DIR) 0 byte 8 days old -- NetworkService
26/08/2007 13:59:53 (DIR) 0 byte 3 days old -- Administrator
28/08/2007 08:44:02 (DIR) 0 byte 1 days old -- Susan
28/08/2007 11:00:34 (DIR) 0 byte 1 days old -- Cassiday
28/08/2007 20:24:26 (DIR) 0 byte 1 days old -- Nicholas
28/08/2007 21:41:14 (DIR) 0 byte 1 days old -- Owner

===================== Recent files (60 days old)=====================

----- recent files in C:\
04/08/2007 03:45:00 (DIR) 0 byte 25 days old -- LOGFILES
15/07/2007 11:43:14 (DIR) 0 byte 45 days old -- TPOnline
25/08/2007 07:36:54 (DIR) 0 byte 4 days old -- !KillBox
25/08/2007 10:57:00 (DIR) 0 byte 4 days old -- QooBox
26/08/2007 11:00:35 (DIR) 0 byte 3 days old -- System Volume Information
26/08/2007 11:29:25 211 byte 3 days old -- boot.ini
26/08/2007 14:11:51 (DIR) 0 byte 3 days old -- SDFix
26/08/2007 14:24:48 12060 byte 3 days old -- ComboFix.txt
26/08/2007 14:25:40 (DIR) 0 byte 3 days old -- ComboFix
27/08/2007 08:25:46 (DIR) 0 byte 2 days old -- Documents and Settings
27/08/2007 08:54:06 1856 byte 2 days old -- avenger.txt
27/08/2007 08:55:10 (DIR) 0 byte 2 days old -- avenger
28/08/2007 08:43:13 37695 byte 1 days old -- caisslog.txt
28/08/2007 20:35:35 (DIR) 0 byte 1 days old -- Program Files
28/08/2007 21:31:20 1156816896 byte 1 days old -- pagefile.sys
29/08/2007 05:45:19 (DIR) 0 byte 0 days old -- WINDOWS
29/08/2007 06:46:56 (DIR) 0 byte 0 days old -- suspectfile
09/08/2007 08:38:41 26 byte 20 days old -- testDebug8.log
09/08/2007 08:39:41 35597 byte 20 days old -- caavsetupLog.txt

----- recent files in C:\WINDOWS\
02/08/2007 06:32:01 (DIR) 0 byte 27 days old -- $NtUninstallKB929123$
02/08/2007 06:32:09 10685 byte 27 days old -- KB929123.log
04/08/2007 13:08:01 (DIR) 0 byte 25 days old -- Fonts
04/08/2007 20:31:13 89831 byte 25 days old -- DirectX.log
06/08/2007 15:24:54 (DIR) 0 byte 23 days old -- Downloaded Program Files
18/07/2007 19:14:54 1371 byte 42 days old -- disney.ini
20/07/2007 00:47:22 109056 byte 40 days old -- catchme.exe
26/07/2007 12:20:58 (DIR) 0 byte 34 days old -- .jagex_cache_32
30/07/2007 10:14:10 1416 byte 30 days old -- mozver.dat
30/07/2007 10:17:31 (DIR) 0 byte 30 days old -- Sun
18/08/2007 06:39:36 (DIR) 0 byte 11 days old -- $hf_mig$
19/08/2007 06:49:01 (DIR) 0 byte 10 days old -- $NtUninstallKB936782_WMP11$
19/08/2007 06:49:14 4321 byte 10 days old -- KB936782.log
19/08/2007 06:57:02 (DIR) 0 byte 10 days old -- WinSxS
19/08/2007 06:57:04 291890 byte 10 days old -- msxml4-KB936181-enu.LOG
19/08/2007 06:57:43 11741 byte 10 days old -- KB938127-IE7.log
19/08/2007 06:58:01 (DIR) 0 byte 10 days old -- ie7updates
19/08/2007 06:58:36 22120 byte 10 days old -- KB937143-IE7.log
19/08/2007 06:58:44 (DIR) 0 byte 10 days old -- $NtUninstallKB938829$
19/08/2007 06:58:50 17136 byte 10 days old -- KB938829.log
19/08/2007 06:58:57 (DIR) 0 byte 10 days old -- $NtUninstallKB921503$
19/08/2007 06:59:02 17313 byte 10 days old -- KB921503.log
19/08/2007 06:59:10 (DIR) 0 byte 10 days old -- $NtUninstallKB938828$
19/08/2007 06:59:15 17936 byte 10 days old -- KB938828.log
19/08/2007 06:59:15 1374 byte 10 days old -- imsins.BAK
19/08/2007 06:59:35 (DIR) 0 byte 10 days old -- $NtUninstallKB936021$
19/08/2007 06:59:39 59006 byte 10 days old -- updspapi.log
19/08/2007 06:59:42 33833 byte 10 days old -- msgsocm.log
19/08/2007 06:59:42 330464 byte 10 days old -- ocgen.log
19/08/2007 06:59:42 668794 byte 10 days old -- FaxSetup.log
19/08/2007 06:59:43 259938 byte 10 days old -- tsoc.log
19/08/2007 06:59:43 137919 byte 10 days old -- ntdtcsetup.log
19/08/2007 06:59:43 37176 byte 10 days old -- ocmsn.log
19/08/2007 06:59:43 18563 byte 10 days old -- KB936021.log
19/08/2007 06:59:43 228195 byte 10 days old -- comsetup.log
19/08/2007 06:59:43 1374 byte 10 days old -- imsins.log
19/08/2007 06:59:43 103592 byte 10 days old -- iis6.log
19/08/2007 14:05:44 (DIR) 0 byte 10 days old -- network diagnostic
19/08/2007 20:28:48 39509 byte 10 days old -- spupdsvc.log
21/08/2007 23:52:17 592015 byte 8 days old -- setupapi.log
21/08/2007 23:52:27 (DIR) 0 byte 8 days old -- Help
21/08/2007 23:52:27 (DIR) 0 byte 8 days old -- inf
25/08/2007 07:26:16 43116 byte 4 days old -- wmsetup.log
25/08/2007 10:49:52 (DIR) 0 byte 4 days old -- erdnt
25/08/2007 12:04:18 166074 byte 4 days old -- setupact.log
26/08/2007 11:29:00 (DIR) 0 byte 3 days old -- pss
26/08/2007 11:29:25 243 byte 3 days old -- system.ini
26/08/2007 11:29:25 629 byte 3 days old -- win.ini
26/08/2007 11:57:31 379 byte 3 days old -- KA.INI
26/08/2007 11:57:31 37 byte 3 days old -- wininit.ini
26/08/2007 14:00:04 74522 byte 3 days old -- ntbtlog.txt
26/08/2007 14:00:55 (DIR) 0 byte 3 days old -- ERUNT
28/08/2007 20:35:49 (DIR) 0 byte 1 days old -- Installer
28/08/2007 21:30:15 14584 byte 1 days old -- SchedLgU.Txt
28/08/2007 21:31:24 2048 byte 1 days old -- bootstat.dat
28/08/2007 21:31:45 49 byte 1 days old -- wiaservc.log
28/08/2007 21:31:48 157 byte 1 days old -- wiadebug.log
28/08/2007 21:31:48 1825472 byte 1 days old -- WindowsUpdate.log
28/08/2007 21:31:56 0 byte 1 days old -- 0.log
28/08/2007 21:32:21 (DIR) 0 byte 1 days old -- Temp
28/08/2007 23:53:45 (DIR) 0 byte 1 days old -- CAVTemp
29/08/2007 05:45:19 (DIR) 0 byte 0 days old -- system32
29/08/2007 06:46:57 (DIR) 0 byte 0 days old -- Prefetch
09/08/2007 08:39:17 (DIR) 0 byte 20 days old -- Tasks
09/08/2007 19:54:24 (DIR) 0 byte 20 days old -- rnapxs
11/07/2007 10:21:00 28 byte 49 days old -- lnpth.lnf

----- recent files in C:\WINDOWS\Downloaded Program Files\

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
06/08/2007 06:25:48 272576 byte 23 days old -- FNTCACHE.DAT
19/07/2007 02:59:59 3583488 byte 41 days old -- mshtml.dll
22/07/2007 18:39:27 279552 byte 38 days old -- swreg.exe
30/07/2007 10:13:44 4937 byte 30 days old -- jupdate-1.6.0_02-b06.log
30/07/2007 19:18:14 20312 byte 30 days old -- wuaueng.dll.mui
30/07/2007 19:18:40 33624 byte 30 days old -- wups.dll
30/07/2007 19:18:44 34136 byte 30 days old -- wucltui.dll.mui
30/07/2007 19:19:02 25944 byte 30 days old -- wuapi.dll.mui
30/07/2007 19:19:12 43352 byte 30 days old -- wups2.dll
30/07/2007 19:19:16 53080 byte 30 days old -- wuauclt.exe
30/07/2007 19:19:20 92504 byte 30 days old -- cdm.dll
30/07/2007 19:19:28 216408 byte 30 days old -- wuaucpl.cpl
30/07/2007 19:19:28 203096 byte 30 days old -- wuweb.dll
30/07/2007 19:19:32 325976 byte 30 days old -- wucltui.dll
30/07/2007 19:19:32 25944 byte 30 days old -- wuaucpl.cpl.mui
30/07/2007 19:19:36 549720 byte 30 days old -- wuapi.dll
30/07/2007 19:19:42 1712984 byte 30 days old -- wuaueng.dll
23/08/2007 07:10:30 (DIR) 0 byte 6 days old -- dllcache
27/08/2007 08:55:06 1028096 byte 2 days old -- mdmcls32.exe
27/08/2007 18:29:19 0 byte 2 days old -- SBRC.dat
27/08/2007 18:29:19 0 byte 2 days old -- SBFC.dat
28/08/2007 21:30:14 (DIR) 0 byte 1 days old -- CatRoot2
28/08/2007 21:31:58 (DIR) 0 byte 1 days old -- drivers
28/08/2007 21:36:33 13646 byte 1 days old -- wpa.dbl
09/08/2007 08:38:41 2072576 byte 20 days old -- win32cpr.dll
09/08/2007 08:38:41 1384533 byte 20 days old -- winsflt.dll
12/07/2007 01:22:00 135168 byte 48 days old -- java.exe
12/07/2007 01:22:04 135168 byte 48 days old -- javaw.exe
12/07/2007 02:22:36 69632 byte 48 days old -- javacpl.cpl
12/07/2007 02:22:38 139264 byte 48 days old -- javaws.exe

----- recent files in C:\WINDOWS\system32\drivers\
24/07/2007 17:00:08 134160 byte 36 days old -- KmxCF.sys
26/08/2007 14:02:16 (DIR) 0 byte 3 days old -- etc
27/08/2007 15:32:19 15544 byte 2 days old -- sbhr.sys
28/08/2007 21:30:34 64 byte 1 days old -- kmxcfg.u2k5
28/08/2007 21:30:34 64 byte 1 days old -- kmxcfg.u2k6
28/08/2007 21:30:34 64 byte 1 days old -- kmxcfg.u2k7
28/08/2007 21:30:34 64 byte 1 days old -- kmxcfg.u2k4
28/08/2007 21:30:34 64 byte 1 days old -- kmxcfg.u2k1
28/08/2007 21:30:34 84176 byte 1 days old -- kmxcfg.u2k0
28/08/2007 21:30:34 64 byte 1 days old -- kmxcfg.u2k3
28/08/2007 21:30:34 64 byte 1 days old -- kmxcfg.u2k2
09/08/2007 08:41:25 879832 byte 20 days old -- vetefile.sys
09/08/2007 08:41:25 108360 byte 20 days old -- veteboot.sys

----- recent files in C:\WINDOWS\temp\
26/08/2007 14:13:16 16384 byte 3 days old -- Perflib_Perfdata_858.dat
27/08/2007 07:49:14 16384 byte 2 days old -- Perflib_Perfdata_160.dat
28/08/2007 07:12:21 149144 byte 1 days old -- Q-Setup.log
28/08/2007 21:38:46 409 byte 1 days old -- WGANotify.settings
29/08/2007 06:35:54 255 byte 0 days old -- WGAErrLog.txt

----- recent files in C:\Program Files\
01/08/2007 20:51:52 (DIR) 0 byte 28 days old -- 3DGroove
02/08/2007 06:32:03 (DIR) 0 byte 27 days old -- Outlook Express
03/07/2007 18:16:51 (DIR) 0 byte 57 days old -- JumpStart
04/08/2007 13:07:04 (DIR) 0 byte 25 days old -- LEGO Media
04/08/2007 19:23:06 (DIR) 0 byte 25 days old -- Phantom EFX
05/07/2007 11:50:18 (DIR) 0 byte 55 days old -- Virtools
06/08/2007 15:24:55 (DIR) 0 byte 23 days old -- Disney
18/07/2007 19:14:37 (DIR) 0 byte 42 days old -- Disney Interactive
23/07/2007 09:19:00 (DIR) 0 byte 37 days old -- Fisher-Price
23/07/2007 20:28:04 (DIR) 0 byte 37 days old -- Atari
26/07/2007 17:26:23 (DIR) 0 byte 34 days old -- MSN Games
26/07/2007 18:47:07 (DIR) 0 byte 34 days old -- Activision Value
30/07/2007 10:13:44 (DIR) 0 byte 30 days old -- Java
08/08/2007 07:53:25 (DIR) 0 byte 21 days old -- Mozilla Firefox
19/08/2007 06:58:17 (DIR) 0 byte 10 days old -- Internet Explorer
21/08/2007 12:54:13 (DIR) 0 byte 8 days old -- Nick Arcade
24/08/2007 08:20:21 (DIR) 0 byte 5 days old -- Spybot - Search & Destroy
25/08/2007 11:44:30 (DIR) 0 byte 4 days old -- Trend Micro
26/08/2007 11:53:57 (DIR) 0 byte 3 days old -- MassMirror
26/08/2007 11:57:31 (DIR) 0 byte 3 days old -- Blaster
27/08/2007 09:26:55 (DIR) 0 byte 2 days old -- SpywareBlaster
27/08/2007 15:16:11 (DIR) 0 byte 2 days old -- Sunbelt Software
27/08/2007 15:34:17 (DIR) 0 byte 2 days old -- myTrack
28/08/2007 20:34:40 (DIR) 0 byte 1 days old -- Common Files
28/08/2007 21:46:48 (DIR) 0 byte 1 days old -- minicliptoolbar
28/08/2007 21:47:10 (DIR) 0 byte 1 days old -- SUPERAntiSpyware
09/07/2007 12:10:18 (DIR) 0 byte 51 days old -- THQ
09/08/2007 08:25:55 (DIR) 0 byte 20 days old -- Symantec
09/08/2007 08:38:33 (DIR) 0 byte 20 days old -- InstallShield Installation Information
09/08/2007 08:39:09 (DIR) 0 byte 20 days old -- CA
09/08/2007 08:42:01 (DIR) 0 byte 20 days old -- Your Company Name
11/07/2007 18:30:56 (DIR) 0 byte 49 days old -- Moon Tycoon

----- recent files in C:\Program Files\Common Files\
02/08/2007 06:32:03 (DIR) 0 byte 27 days old -- System
03/07/2007 18:17:37 (DIR) 0 byte 57 days old -- Knowledge Adventure
23/07/2007 09:07:02 (DIR) 0 byte 37 days old -- InstallShield
30/07/2007 10:12:28 (DIR) 0 byte 30 days old -- Java
28/08/2007 20:34:40 (DIR) 0 byte 1 days old -- Wise Installation Wizard
09/08/2007 08:25:56 (DIR) 0 byte 20 days old -- Symantec Shared
09/08/2007 08:39:09 (DIR) 0 byte 20 days old -- Scanner

----- recent files in C:\Documents and Settings\Owner\Application Data\
02/07/2007 18:25:56 (DIR) 0 byte 58 days old -- MINICLIPTOOLBAR
28/07/2007 10:37:28 (DIR) 0 byte 32 days old -- Fisher-Price
30/07/2007 10:17:31 (DIR) 0 byte 30 days old -- Sun
27/08/2007 15:28:17 (DIR) 0 byte 2 days old -- Sunbelt Software
28/08/2007 20:35:35 (DIR) 0 byte 1 days old -- SUPERAntiSpyware.com

----- recent files in C:\DOCUME~1\Owner\LOCALS~1\Temp\
24/08/2007 13:26:36 122 byte 5 days old -- 8A56EAB7.TMP
26/08/2007 14:08:19 147456 byte 3 days old -- ~DF91E9.tmp
26/08/2007 14:12:40 147456 byte 3 days old -- ~DFDDD4.tmp
26/08/2007 14:12:44 147456 byte 3 days old -- ~DF6A6.tmp
26/08/2007 14:12:45 147456 byte 3 days old -- ~DFE52.tmp
26/08/2007 14:23:06 1097728 byte 3 days old -- ~DFC460.tmp
26/08/2007 14:28:30 147456 byte 3 days old -- ~DFADCC.tmp
26/08/2007 16:13:02 (DIR) 0 byte 3 days old -- VBE
27/08/2007 07:20:41 0 byte 2 days old -- fbo19.tmp
27/08/2007 07:34:27 0 byte 2 days old -- ii31A.tmp
27/08/2007 07:37:42 1436 byte 2 days old -- wmplog00.sqm
27/08/2007 07:48:16 147456 byte 2 days old -- ~DFC076.tmp
27/08/2007 07:48:19 147456 byte 2 days old -- ~DF193F.tmp
27/08/2007 07:48:22 147456 byte 2 days old -- ~DF6BB1.tmp
27/08/2007 07:48:39 147456 byte 2 days old -- ~DF1737.tmp
27/08/2007 07:58:53 1097728 byte 2 days old -- ~DFA2D8.tmp
27/08/2007 08:22:43 147456 byte 2 days old -- ~DF1DDA.tmp
27/08/2007 08:22:45 147456 byte 2 days old -- ~DF4779.tmp
27/08/2007 08:22:47 147456 byte 2 days old -- ~DF72C6.tmp
27/08/2007 08:22:59 966656 byte 2 days old -- ~DFFA37.tmp
27/08/2007 08:23:02 147456 byte 2 days old -- ~DFB5D.tmp
27/08/2007 08:28:57 147456 byte 2 days old -- ~DFD6E0.tmp
27/08/2007 08:28:59 147456 byte 2 days old -- ~DF68F.tmp
27/08/2007 08:29:09 147456 byte 2 days old -- ~DF4F63.tmp
27/08/2007 08:29:11 147456 byte 2 days old -- ~DF8581.tmp
27/08/2007 08:39:29 1097728 byte 2 days old -- ~DFA0E5.tmp
27/08/2007 08:55:03 147456 byte 2 days old -- ~DFB08D.tmp
27/08/2007 08:55:04 147456 byte 2 days old -- ~DF28C.tmp
27/08/2007 08:55:09 147456 byte 2 days old -- ~DF9C04.tmp
27/08/2007 08:55:18 147456 byte 2 days old -- ~DF901D.tmp
27/08/2007 09:05:28 1097728 byte 2 days old -- ~DF9D46.tmp
27/08/2007 15:01:07 147456 byte 2 days old -- ~DF7A17.tmp
27/08/2007 15:01:29 147456 byte 2 days old -- ~DF367C.tmp
27/08/2007 15:01:31 147456 byte 2 days old -- ~DF487A.tmp
27/08/2007 15:01:36 147456 byte 2 days old -- ~DF6EC6.tmp
27/08/2007 15:10:17 0 byte 2 days old -- pdjC.tmp
27/08/2007 15:11:28 1097728 byte 2 days old -- ~DF106D.tmp
27/08/2007 15:13:15 0 byte 2 days old -- dqcE.tmp
27/08/2007 15:19:59 0 byte 2 days old -- c6b1B.tmp
27/08/2007 15:28:14 147456 byte 2 days old -- ~DFE3A9.tmp
27/08/2007 15:28:26 0 byte 2 days old -- aax1E.tmp
27/08/2007 15:28:26 (DIR) 0 byte 2 days old -- mod1D.tmp
27/08/2007 15:28:28 0 byte 2 days old -- aax1F.tmp
27/08/2007 15:29:49 0 byte 2 days old -- aax20.tmp
27/08/2007 20:22:30 393216 byte 2 days old -- ~DFA248.tmp
28/08/2007 07:09:36 1328 byte 1 days old -- wmplog01.sqm
28/08/2007 07:11:47 0 byte 1 days old -- myr31.tmp
28/08/2007 07:12:49 (DIR) 0 byte 1 days old -- _ASpyTmp
28/08/2007 07:13:35 (DIR) 0 byte 1 days old -- 0xAC2AF0C8
28/08/2007 07:25:45 0 byte 1 days old -- ati33.tmp
28/08/2007 07:31:26 (DIR) 0 byte 1 days old -- mod34.tmp
28/08/2007 07:31:26 0 byte 1 days old -- aax35.tmp
28/08/2007 07:31:29 0 byte 1 days old -- aax36.tmp
28/08/2007 07:38:08 0 byte 1 days old -- aax37.tmp
28/08/2007 07:56:01 114688 byte 1 days old -- ~DFA0B3.tmp
28/08/2007 17:38:01 (DIR) 0 byte 1 days old -- _CAFW_AppTmp
28/08/2007 20:00:34 147456 byte 1 days old -- ~DF2A1A.tmp
28/08/2007 20:00:37 147456 byte 1 days old -- ~DF7136.tmp
28/08/2007 20:01:02 147456 byte 1 days old -- ~DF2CD9.tmp
28/08/2007 20:01:29 147456 byte 1 days old -- ~DFA208.tmp
28/08/2007 20:11:04 1245184 byte 1 days old -- ~DFFCF3.tmp
28/08/2007 20:26:19 147456 byte 1 days old -- ~DF27C8.tmp
28/08/2007 20:26:21 147456 byte 1 days old -- ~DF6682.tmp
28/08/2007 20:27:11 147456 byte 1 days old -- ~DFD549.tmp
28/08/2007 20:31:03 1272 byte 1 days old -- wmplog02.sqm
28/08/2007 20:36:05 147456 byte 1 days old -- ~DF53AC.tmp
28/08/2007 20:37:27 1245184 byte 1 days old -- ~DFFA5F.tmp
28/08/2007 21:32:03 (DIR) 0 byte 1 days old -- WPDNSE
28/08/2007 21:32:25 147456 byte 1 days old -- ~DF9A02.tmp
28/08/2007 21:32:43 147456 byte 1 days old -- ~DFFC4D.tmp
28/08/2007 21:37:13 1197 byte 1 days old -- jusched.log
28/08/2007 21:39:42 147456 byte 1 days old -- ~DF633E.tmp
28/08/2007 21:39:54 147456 byte 1 days old -- ~DFBEF.tmp
28/08/2007 21:48:02 147456 byte 1 days old -- ~DF7676.tmp
28/08/2007 21:49:53 1245184 byte 1 days old -- ~DF2E4C.tmp
29/08/2007 06:44:39 34 byte 0 days old -- PPGUID.txt
29/08/2007 06:44:40 688128 byte 0 days old -- ~DF53F2.tmp
29/08/2007 06:44:45 278528 byte 0 days old -- ~DFA30D.tmp
29/08/2007 06:45:27 294912 byte 0 days old -- ~DF1F51.tmp
29/08/2007 06:46:13 16384 byte 0 days old -- ~DF78C9.tmp
29/08/2007 06:46:57 (DIR) 0 byte 0 days old -- nsk8.tmp

===================== Hidden Objects =====================

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-29 06:48:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


===================== Checking Rustock rootkit =====================



==========================================
Scan completed in 4.5 minutes
End of report

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 29 August 2007 - 06:32 AM

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\win32cpr.dll
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply.

If Jotti's too busy,try here:
http://www.virustotal.com/en/virustotalf.html
Click on the 'Analysis' tab.
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\win32cpr.dll
Then click on 'Send File'.
Post the results into your next reply.

Download/unzip GMER to your desktop:
http://www.gmer.net/gmer.zip
Start the program,then click on the 'Rootkit' tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on 'Scan'.
When the scan has completed,copy and paste the results into your next reply.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#13 DooDahMan

DooDahMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 29 August 2007 - 11:43 AM

Hey Richie,

I followed your instructions, downloaded DrWeb, rebooted in Safe Mode, but I can only choose between 2 users: Administrator and my Daughter's User...my, my wife's and son's don't show up, so I log in as Admin.

DrWeb scanned, found 4 files which were deleted or moved, but then I rebooted in Normal Mode by accident(not sure if you wanted me in Safe or Normal), then I rebooted in Safe Mode and tried using Firefox Safe Mode and IE. Neither was able to connect to the internet so I rebooted in Normal Mode.

I couldn't find the Dr. Web .cvs file and opened Dr. Web, looked at the reports and found none.

So what should I do?

Here is what I have so far for you from your last request:

I uploaded the win32cpr.dll into both Jotti and Virus Total and the results will be below.

I downloaded and ran gmer per your instructions and log posted(hijack this was run during the gmer scan and HJT log posted below


Virus Total Results (One suspicious file found at Panda):

File win32cpr.dll received on 08.29.2007 18:20:36 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 1/32 (3.13%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 37 and 53 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.8.29.0 2007.08.29 -
AntiVir 7.4.1.63 2007.08.29 -
Authentium 4.93.8 2007.08.29 -
Avast 4.7.1029.0 2007.08.29 -
AVG 7.5.0.484 2007.08.28 -
BitDefender 7.2 2007.08.29 -
CAT-QuickHeal 9.00 2007.08.25 -
ClamAV 0.91.2 2007.08.29 -
DrWeb 4.33 2007.08.29 -
eSafe 7.0.15.0 2007.08.29 -
eTrust-Vet 31.1.5093 2007.08.29 -
Ewido 4.0 2007.08.29 -
FileAdvisor 1 2007.08.29 -
Fortinet 3.11.0.0 2007.08.29 -
F-Prot 4.3.2.48 2007.08.29 -
F-Secure 6.70.13030.0 2007.08.29 -
Ikarus T3.1.1.12 2007.08.29 -
Kaspersky 4.0.2.24 2007.08.29 -
McAfee 5107 2007.08.28 -
Microsoft 1.2803 2007.08.29 -
NOD32v2 2490 2007.08.29 -
Norman 5.80.02 2007.08.29 -
Panda 9.0.0.4 2007.08.29 Suspicious file
Prevx1 V2 2007.08.29 -
Rising 19.38.22.00 2007.08.29 -
Sophos 4.21.0 2007.08.29 -
Sunbelt 2.2.907.0 2007.08.25 -
Symantec 10 2007.08.29 -
TheHacker 6.1.9.175 2007.08.29 -
VBA32 3.12.2.3 2007.08.28 -
VirusBuster 4.3.26:9 2007.08.29 -
Webwasher-Gateway 6.0.1 2007.08.29 -
Additional information
File size: 2072576 bytes
MD5: 1fe51189388d3fa7c4d0a034c02fe709
SHA1: 1fcbe2383c2bd507aeac2c9b2669be31b7de4e1f
packers: BINARYRES


Jotti Results:
Nothing found
File: win32cpr.dll
Status:
OK
MD5: 1fe51189388d3fa7c4d0a034c02fe709
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 29 Aug 2007 16:25:22 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

HijackThis Log (done while gmer was running):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:21 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\WinRarTemp\Rar$EX00.453\gmer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 7434 bytes


Gmer Log:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-08-29 12:47:29
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT sbhr.sys ZwClose
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys ZwCreateSection
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwCreateSymbolicLinkObject
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwMakeTemporaryObject
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwOpenKey
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwOpenSection
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys ZwSetInformationProcess
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys ZwSetSystemInformation
SSDT sbhr.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\drivers\sbapifs.sys The system cannot find the file specified.

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCoSendComplete] [F7615E20] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMSetAttributesEx] [F7617A90] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisInitializeWrapper] [F7617670] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMRegisterMiniport] [F76180C0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisTerminateWrapper] [F7617CA0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F76159B0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisClOpenAddressFamily] [F7615880] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7617570] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7616FC0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCoSendComplete] [F7615E20] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMSetAttributesEx] [F7617A90] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F76159B0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisReturnPackets] [F76166D0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisInitializeWrapper] [F7617670] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisTerminateWrapper] [F7617CA0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7617720] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMRegisterMiniport] [F76180C0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7617720] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7616FC0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisReturnPackets] [F76166D0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7617570] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMSetAttributesEx] [F7617A90] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisTerminateWrapper] [F7617CA0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMRegisterMiniport] [F76180C0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisInitializeWrapper] [F7617670] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMSetAttributesEx] [F7617A90] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisInitializeWrapper] [F7617670] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMRegisterMiniport] [F76180C0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisTerminateWrapper] [F7617CA0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\TDI.SYS[NDIS.SYS!NdisReturnPackets] [F76166D0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisReturnPackets] [F76166D0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisTerminateWrapper] [F7617CA0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisIMAssociateMiniport] [F76179C0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisIMRegisterLayeredMiniport] [F7618170] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F7617720] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisInitializeWrapper] [F7617670] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7616FC0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisClOpenAddressFamily] [F7615880] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisMSetAttributesEx] [F7617A90] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7617570] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisInitializeWrapper] [F7617670] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCoSendComplete] [F7615E20] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMSetAttributesEx] [F7617A90] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F76159B0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMRegisterMiniport] [F76180C0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisTerminateWrapper] [F7617CA0] kmxstart.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7617720] kmxstart.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7617570] kmxstart.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7616FC0] kmxstart.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCmRegisterAddressFamily] [F7615920] kmxstart.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisClOpenAddressFamily] [F7615880] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7617570] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7616FC0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7617720] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisReturnPackets] [F76166D0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisReturnPackets] [F76166D0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7617720] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7616FC0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7617570] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisReturnPackets] [F76166D0] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7617720] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7617570] kmxstart.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7616FC0] kmxstart.sys

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[192] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00D3FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00D3FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00D3FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00D3FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00D3FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00D3FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00D40640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00D3FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00D3FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00D3FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00D3F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00D40640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00D3F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00D3FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00D3FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00D40470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00D40640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00D3F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00D3FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00D3FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [00D400B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00D3FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [00D3FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00D40290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00D40640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00D3FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00D3FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00D3F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00D40290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00D3FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00D3F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00D40640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00D3FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00D3F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\Explorer.EXE[516] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00D3FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00D6FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00D6FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00D6FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00D6FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00D70640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00D6FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00D6FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00D6FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00D6FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00D6FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00D6F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00D70640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00D70290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00D70640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00D6FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00D6FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00D6F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00D6F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00D6FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00D6FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00D70470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00D70640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00D70290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00D6FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00D6F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00D70640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [00D700B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00D6FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [00D6FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00D6FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00D6FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[720] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00D6F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1184] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00BEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00BEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00BEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00BEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00BF0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00BEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00BEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00BEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00BEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00BEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00BEF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00BF0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00BF0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00BF0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00BEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00BEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00BEF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00BEF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00BEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00BEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00BF0470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00BF0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00BF0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00BEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00BEF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00BF0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [00BF0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [00BF0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [00BEF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [00BEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [00BEFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00BEFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00BEFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\svchost.exe[1432] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00BEF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00EAFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00EAFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00EAFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00EAF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00EAFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00EAFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00EB0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00EAFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00EAFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00EAFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00EAFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00EB0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00EAFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00EAF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00EB0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [00EAFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00EAFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00EB0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00EB0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00EAFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00EAFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00EAF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00EAF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00EAFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00EAFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00EB0470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00EB0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00EAFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00EAFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00EAF990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00EB0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [00EB00B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00EAFF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [00EAFBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00EAF810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\winlogon.exe[1488] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00EAFDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1584] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\services.exe[1640] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0298FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0298FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0298FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0298FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [02990640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0298FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0298FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0298FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0298FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0298FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0298F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [02990640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [02990290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [02990640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0298FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0298FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0298F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0298F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0298FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0298FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [02990470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [02990640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [02990290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0298FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0298F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [02990640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0298FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0298FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0298F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0298FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [029900B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [0298FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [0298FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0298FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\System32\svchost.exe[1784] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0298F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [100100B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3452] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll
IAT C:\WINDOWS\system32\taskmgr.exe[3520] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F4EB831A] kmxagent.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7955439] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7955669] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F79554F5] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7955564] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7955620] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F79556BB] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F79553A4] KmxFile.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7B697BC] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7B699A2] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7B69B76] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7B69B76] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7B69D7C] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7B6932C] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7B69E44] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7B69E04] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7B695CE] VET-FILT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F77281DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F77281DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7728454] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F77281DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F771BF4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F75E4DEC] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F75E54C6] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F75E4892] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F75E4810] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F75E4800] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F75E4790] VET-REC.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F75E4790] VET-REC.SYS

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F4D2B900] kmxfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F4D2BA60] kmxfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F4D2C500] kmxfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F4D2C4C0] kmxfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F4D2BAC0] kmxfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F4D2B900] kmxfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F4D2BA60] kmxfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F4D2C500] kmxfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F4D2C4C0] kmxfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F4D2BAC0] kmxfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F4D2B900] kmxfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F4D2BA60] kmxfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F4D2C500] kmxfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F4D2C4C0] kmxfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F4D2BAC0] kmxfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F4D2B900] kmxfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F4D2BA60] kmxfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F4D2C500] kmxfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F4D2C4C0] kmxfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F4D2BAC0] kmxfw.sys
Device \Driver\Modem \Device\0000006b IRP_MJ_WRITE [F4D2AED0] kmxfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F4D2B900] kmxfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F4D2BA60] kmxfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F4D2C500] kmxfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F4D2C4C0] kmxfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F4D2BAC0] kmxfw.sys
Device \Driver\AFD \Device\Afd IRP_MJ_CREATE [EFEEA2F0] KmxCF.sys
Device \Driver\AFD \Device\Afd IRP_MJ_CLOSE [EFEEAAB0] KmxCF.sys
Device \Driver\AFD \Device\Afd IRP_MJ_READ [EFEEAD30] KmxCF.sys
Device \Driver\AFD \Device\Afd IRP_MJ_WRITE [EFEEAB10] KmxCF.sys
Device \Driver\AFD \Device\Afd IRP_MJ_DEVICE_CONTROL [EFEEAD80] KmxCF.sys
Device \Driver\AFD \Device\Afd IRP_MJ_INTERNAL_DEVICE_CONTROL [EFEEA330] KmxCF.sys
Device \Driver\AFD \Device\Afd IRP_MJ_CLEANUP [EFEEAAE0] KmxCF.sys
Device \Driver\AFD \Device\Afd FastIoDeviceControl [EFEEAE80] KmxCF.sys

---- EOF - GMER 1.0.13 ----



Thanks again for your assistance! :thumbsup:

DooDahMan

Edited by DooDahMan, 29 August 2007 - 11:50 AM.


#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 29 August 2007 - 06:03 PM

Post a new Hijackthis log into your next reply.
Posted Image
Posted Image

#15 DooDahMan

DooDahMan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:29 AM

Posted 29 August 2007 - 07:00 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:44 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://www.topproduceronline.com/downloads/msjavx86.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.29.11/ttinst.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (file missing)
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 7382 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users