Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspect rootkit or Trojan


  • This topic is locked This topic is locked
18 replies to this topic

#1 no_enuf_2b_dangerous

no_enuf_2b_dangerous

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 16 September 2009 - 10:00 PM

Hello,

XP Pro, SP3, 1 GB RAM
This is the evidence:

- Unbidden context menus appear on the desktop after logon
- When opening one window from another, the second window appears behind the first
- It can take over the mouse and keyboard; it seems to know AV and BB sites. (I'm posting from a clean computer because I couldn't move my mouse pointer to the logon link)
- It's level of control varies. Sometimes you must hit Esc before each keystroke, only to suddenly regain control and be thrown from the active window. (Happens most annoyingly when saving files.)
- The Switch Program window has an empty space.
- Command line work is unaffected, although applications called from the command line (edit) are.
- The more windows open, the easier it is to work.
- There was a file with no icon on the desktop whose name began with an apostrophe and the words "TICK TICK"

Attached are the requested logs, plus a LOG.TXT file that contains errors I received when opening Rootkit Revealer.

I look forward to taking the next step. Thanks in advance for your help.

no_enuf_2b_dangerous

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 PM

Posted 01 October 2009 - 04:45 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 no_enuf_2b_dangerous

no_enuf_2b_dangerous
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 03 October 2009 - 04:21 PM

Hello Syler,

Thanks for your help. I appreciate how time-consuming incidents like these can be, having once supported end users myself.

I have avoided using the infected machine as much as possible while awaiting your reply. When I booted up today to get these logs, most of the symptoms I described in my first post were not in evidence. (I had deleted the funnily-named file I mentioned just before the first post and nothing similar has appeared. However, two boots after that deletion the unbidden context menus were back.)

One sign remains: Whenever I start Windows Explorer, the window displays, then part of the right panel momentarily clears to reveal the desktop. This area contains both horizontal and vertical scroll bars. I believe this represents the malware loading. I further believe that the more file management tasks I perform, the more active it becomes, leading to where I can barely control my mouse and keyboard.

Attached are the logs you requested. I took the liberty of choosing the three-month option because I'm not exactly sure when this thing hit, originally believing the issues to be driver-related.

Thanks again
no_enuf...

Attached Files

  • Attached File  info.txt   25.9KB   9 downloads
  • Attached File  log.txt   38.42KB   5 downloads


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 PM

Posted 04 October 2009 - 03:21 PM

Hello no_enuf,

It looks like what ever you had has pretty much gone just some bits that can be cleaned up , but lets make sure nothing else is lurking first.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 PM

Posted 08 October 2009 - 07:58 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 PM

Posted 14 October 2009 - 09:27 PM

Topic reopened at OP request.

unite.jpg


#7 no_enuf_2b_dangerous

no_enuf_2b_dangerous
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 October 2009 - 06:34 PM

Malwarebytes' Anti-Malware 1.41
Database version: 2921
Windows 5.1.2600 Service Pack 3

10/7/2009 3:49:32 PM
mbam-log-2009-10-07 (15-49-32).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 250366
Time elapsed: 2 hour(s), 2 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of random's system information tool 1.06 (written by random/random)
Run by phil.schawillie at 2009-10-07 22:10:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (31%) free of 57 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:57 PM, on 10/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\soundman.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrotray.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\NETGEAR\WAG511 Configuration Utility\wlancfg3.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\phil.schawillie\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\phil.schawillie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WAG511 Smart Wizard.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1219287096876
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://bccsoftware.webex.com/client/T25L10...bex/ieatgpc.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - AppInit_DLLs: acaptuser32.dll UmxSbxExw.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 11246 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BD965113-43A8-4673-A149-9EDE5C8D4C8B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBF2401B-7447-4727-BE5D-C19B2075CA84}]
CA Toolbar Helper - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll [2009-06-23 345528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - CA Toolbar - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll [2009-06-23 345528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"SoundMan"=C:\WINDOWS\soundman.exe [2002-03-21 46592]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrobat_sl.exe [2008-10-15 45936]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrotray.exe [2008-10-14 623992]
""= []
"PC Pitstop Optimize Reminder"=C:\Program Files\PCPitstop\Optimize2\Reminder.exe [2008-08-27 203504]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\casc.exe [2009-08-05 374000]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2009-07-16 271600]
"CAPPActiveProtection"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe [2009-06-23 333040]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe [2009-09-07 14064]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2009-07-15 636144]
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2009-07-15 337136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-10-03 323392]
"Aim6"= []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NETGEAR WAG511 Smart Wizard.lnk - C:\Program Files\NETGEAR\WAG511 Configuration Utility\wlancfg3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="acaptuser32.dll UmxSbxExw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2009-03-27 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"=C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll [2009-06-23 1422776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"EnableShellExecuteHooks"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\temp\HP_WebRelease\Setup\HPZnet01.exe"="C:\temp\HP_WebRelease\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\zh-TW
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\zh-HK
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\tr-TR
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\sv-SE
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\pt-BR
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\nl-NL
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\nb-NO
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\ko-KR
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\it-IT
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\he-IL
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\fr-FR
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\fi-FI
2009-10-03 16:36:50 ----D---- C:\WINDOWS\system32\es-ES
2009-10-03 16:36:50 ----D---- C:\WINDOWS\system32\el-GR
2009-10-03 16:36:50 ----D---- C:\WINDOWS\system32\de-DE
2009-10-03 16:36:50 ----D---- C:\WINDOWS\system32\da-DK
2009-10-03 16:36:50 ----D---- C:\WINDOWS\system32\ar-SA
2009-10-03 16:30:55 ----D---- C:\rsit
2009-09-16 22:08:22 ----A---- C:\RootRepeal report 09-16-09 (22-08-22).txt
2009-09-16 10:53:48 ----A---- C:\RootRepeal report 09-16-09 (10-53-48).txt
2009-09-16 09:04:39 ----A---- C:\RootRepeal report 09-16-09 (09-04-39).txt
2009-09-15 18:33:24 ----A---- C:\RootRepeal report 09-15-09 (18-33-24).txt
2009-09-09 22:54:09 ----A---- C:\WINDOWS\wininit.ini
2009-09-09 19:55:03 ----D---- C:\WINDOWS\Minidump
2009-09-09 12:17:28 ----D---- C:\WINDOWS\PIF
2009-09-09 03:02:51 ----DC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 03:01:35 ----DC---- C:\WINDOWS\$NtUninstallKB956844$

======List of files/folders modified in the last 1 months======

2009-10-07 22:08:10 ----D---- C:\Program Files\DNA
2009-10-07 22:08:10 ----D---- C:\Documents and Settings\phil.schawillie\Application Data\DNA
2009-10-07 22:07:41 ----D---- C:\WINDOWS\Temp
2009-10-07 22:05:36 ----D---- C:\WINDOWS\Prefetch
2009-10-07 22:05:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-07 22:02:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-07 15:56:37 ----D---- C:\WINDOWS\system32
2009-10-07 15:56:37 ----D---- C:\WINDOWS
2009-10-07 15:12:03 ----D---- C:\WINDOWS\CAVTemp
2009-10-07 13:34:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-07 13:33:57 ----D---- C:\WINDOWS\system32\drivers
2009-10-03 16:36:54 ----SHD---- C:\WINDOWS\Installer
2009-10-03 16:36:53 ----HD---- C:\Config.msi
2009-10-03 16:36:52 ----SD---- C:\WINDOWS\Tasks
2009-10-03 16:36:50 ----D---- C:\WINDOWS\system32\en-us
2009-09-17 22:15:17 ----D---- C:\Documents and Settings\phil.schawillie\Application Data\CallingID
2009-09-17 21:40:38 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-16 21:09:01 ----D---- C:\Program Files\Mozilla Firefox
2009-09-15 22:17:02 ----D---- C:\xpsp2iso
2009-09-15 22:15:53 ----D---- C:\xpsp1a
2009-09-15 22:14:52 ----D---- C:\xpsourcedisk
2009-09-15 22:11:13 ----D---- C:\xp
2009-09-15 22:06:38 ----D---- C:\jobs2005
2009-09-15 22:06:38 ----D---- C:\I386
2009-09-12 17:29:57 ----D---- C:\Program Files\Common Files\AOL
2009-09-12 17:29:44 ----D---- C:\Program Files
2009-09-09 22:54:28 ----D---- C:\Program Files\Yahoo!
2009-09-09 22:52:33 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-09-09 22:33:32 ----D---- C:\Program Files\Panda Security
2009-09-09 22:22:21 ----D---- C:\Program Files\Winamp
2009-09-09 10:03:15 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-09 10:01:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-09 03:15:22 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-09 03:02:56 ----D---- C:\WINDOWS\inf
2009-09-09 03:02:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-09 03:01:42 ----A---- C:\WINDOWS\imsins.BAK
2009-09-09 03:01:33 ----D---- C:\WINDOWS\$hf_mig$
2009-09-09 03:00:49 ----D---- C:\WINDOWS\ie8updates
2009-09-08 22:54:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-08 06:05:39 ----D---- C:\SetupFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2009-04-01 73720]
R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2009-04-28 55288]
R1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2009-06-08 115704]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2009-07-16 880512]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2009-07-16 21488]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2009-07-16 26352]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2009-07-16 161008]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2009-07-16 21104]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-12 17801]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\fallback.sys [2002-02-14 310739]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\fsksnt.sys [2002-02-14 127373]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\k56nt.sys [2002-02-14 427199]
R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2009-06-08 145912]
R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2009-03-27 58872]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2001-09-17 17744]
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\faxnt.sys [2002-02-14 217019]
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\tonesnt.sys [2002-02-14 56639]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\v124nt.sys [2002-02-14 534669]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2001-12-17 265143]
R3 AR5211;NETGEAR Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wag51nd5.sys [2006-09-28 455936]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2001-12-24 372352]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
R3 Ich;Ich; C:\WINDOWS\system32\DRIVERS\Ich.sys [2002-02-14 67164]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2009-04-01 205304]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-08-28 47360]
R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\rksample.sys [2002-02-14 68518]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2001-08-02 239056]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2009-07-16 108320]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2002-02-14 584816]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S1 Wbutton;Wbutton; C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\PROGRA~1\NETGEAR\WAG511~1\PCANDIS5.SYS []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-04 1029456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-10 651720]
S2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-12-04 144696]
S2 ccSchedulerSVC;CA Common Scheduler Service; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-07-30 128240]
S2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2009-07-29 283888]
S2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-04-01 875000]
S2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2009-06-15 760664]
S2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2009-06-08 154104]
S2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2009-04-01 207352]
S2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2009-07-16 292080]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2009-07-30 259312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2009-06-23 222448]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2001-11-28 102400]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by phil.schawillie at 2009-10-15 18:36:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (31%) free of 57 GB
Total RAM: 1023 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:58 PM, on 10/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\soundman.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrotray.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\NETGEAR\WAG511 Configuration Utility\wlancfg3.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\phil.schawillie\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\phil.schawillie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Reminder] C:\Program Files\PCPitstop\Optimize2\Reminder.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WAG511 Smart Wizard.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1219287096876
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://bccsoftware.webex.com/client/T25L10...bex/ieatgpc.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O20 - AppInit_DLLs: acaptuser32.dll UmxSbxExw.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 11327 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BD965113-43A8-4673-A149-9EDE5C8D4C8B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBF2401B-7447-4727-BE5D-C19B2075CA84}]
CA Toolbar Helper - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll [2009-06-23 345528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - CA Toolbar - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\Toolbar\CallingIDIE.dll [2009-06-23 345528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"SoundMan"=C:\WINDOWS\soundman.exe [2002-03-21 46592]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrobat_sl.exe [2008-10-15 45936]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8\Acrobat\Acrotray.exe [2008-10-14 623992]
""= []
"PC Pitstop Optimize Reminder"=C:\Program Files\PCPitstop\Optimize2\Reminder.exe [2008-08-27 203504]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\casc.exe [2009-08-05 374000]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2009-07-16 271600]
"CAPPActiveProtection"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe [2009-06-23 333040]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe [2009-09-07 14064]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2009-07-15 636144]
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2009-07-15 337136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-10-03 323392]
"Aim6"= []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NETGEAR WAG511 Smart Wizard.lnk - C:\Program Files\NETGEAR\WAG511 Configuration Utility\wlancfg3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="acaptuser32.dll UmxSbxExw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\system32\UmxWnp.Dll [2009-03-27 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"=C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll [2009-06-23 1422776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"EnableShellExecuteHooks"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\temp\HP_WebRelease\Setup\HPZnet01.exe"="C:\temp\HP_WebRelease\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\zh-TW
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\zh-HK
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\tr-TR
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\sv-SE
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\pt-BR
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\nl-NL
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\nb-NO
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\ko-KR
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\it-IT
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\he-IL
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\fr-FR
2009-10-03 16:36:51 ----D---- C:\WINDOWS\system32\fi-FI
2009-10-03 16:36:50 ----D---- C:\WINDOWS\system32\es-ES
2009-10-03 16:36:50 ----D---- C:\WINDOWS\system32\el-GR
2009-10-03 16:36:50 ----D---- C:\WINDOWS\system32\de-DE
2009-10-03 16:36:50 ----D---- C:\WINDOWS\system32\da-DK
2009-10-03 16:36:50 ----D---- C:\WINDOWS\system32\ar-SA
2009-10-03 16:30:55 ----D---- C:\rsit
2009-09-16 22:08:22 ----A---- C:\RootRepeal report 09-16-09 (22-08-22).txt
2009-09-16 10:53:48 ----A---- C:\RootRepeal report 09-16-09 (10-53-48).txt
2009-09-16 09:04:39 ----A---- C:\RootRepeal report 09-16-09 (09-04-39).txt

======List of files/folders modified in the last 1 months======

2009-10-15 18:36:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-15 18:33:37 ----D---- C:\Program Files\DNA
2009-10-15 18:33:37 ----D---- C:\Documents and Settings\phil.schawillie\Application Data\DNA
2009-10-15 18:32:51 ----D---- C:\WINDOWS\Temp
2009-10-15 18:32:40 ----D---- C:\WINDOWS\Prefetch
2009-10-15 18:31:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-08 06:15:39 ----D---- C:\WINDOWS\system32
2009-10-08 06:15:39 ----D---- C:\WINDOWS
2009-10-07 22:07:19 ----D---- C:\WINDOWS\CAVTemp
2009-10-07 13:34:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-07 13:33:57 ----D---- C:\WINDOWS\system32\drivers
2009-10-03 16:36:54 ----SHD---- C:\WINDOWS\Installer
2009-10-03 16:36:53 ----HD---- C:\Config.msi
2009-10-03 16:36:52 ----SD---- C:\WINDOWS\Tasks
2009-10-03 16:36:50 ----D---- C:\WINDOWS\system32\en-us
2009-09-17 22:15:17 ----D---- C:\Documents and Settings\phil.schawillie\Application Data\CallingID
2009-09-17 21:40:38 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-16 21:09:01 ----D---- C:\Program Files\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2009-04-01 73720]
R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2009-04-28 55288]
R1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2009-06-08 115704]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2009-07-16 880512]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2009-07-16 21488]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2009-07-16 26352]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2009-07-16 161008]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2009-07-16 21104]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-07-12 17801]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\fallback.sys [2002-02-14 310739]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\fsksnt.sys [2002-02-14 127373]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\k56nt.sys [2002-02-14 427199]
R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2009-06-08 145912]
R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2009-03-27 58872]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2001-09-17 17744]
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\faxnt.sys [2002-02-14 217019]
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\tonesnt.sys [2002-02-14 56639]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\v124nt.sys [2002-02-14 534669]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2001-12-17 265143]
R3 AR5211;NETGEAR Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wag51nd5.sys [2006-09-28 455936]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2001-12-24 372352]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
R3 Ich;Ich; C:\WINDOWS\system32\DRIVERS\Ich.sys [2002-02-14 67164]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2009-04-01 205304]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-08-28 47360]
R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\rksample.sys [2002-02-14 68518]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2001-08-02 239056]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2009-07-16 108320]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2002-02-14 584816]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S1 Wbutton;Wbutton; C:\WINDOWS\system32\drivers\Wbutton.sys []
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\PROGRA~1\NETGEAR\WAG511~1\PCANDIS5.SYS []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-04 1029456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-10 651720]
S2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-12-04 144696]
S2 ccSchedulerSVC;CA Common Scheduler Service; C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe [2009-07-30 128240]
S2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2009-07-29 283888]
S2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2009-04-01 875000]
S2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2009-06-15 760664]
S2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2009-06-08 154104]
S2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2009-04-01 207352]
S2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2009-07-16 292080]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2009-07-30 259312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2009-06-23 222448]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2001-11-28 102400]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

-----------------EOF-----------------

I will try to get gmer to fit in another post.

no_enuf

Attached Files



#8 no_enuf_2b_dangerous

no_enuf_2b_dangerous
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 October 2009 - 06:45 PM

GMER log part 1

GMER 1.0.15.15077 [6bop8oyn.exe] - http://www.gmer.net
Rootkit scan 2009-10-07 21:59:44
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xB0AA4B35]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xB0AA5856]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xB0AA5BA7]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xB0AA4A99]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xB0AA557B]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xB2FF61DC]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xB0AA5983]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF789FBFE]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 5FF3D22B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!VirtualProtect 7C801AD4 8 Bytes JMP 5FF3D347 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!TerminateProcess 7C801E1A 9 Bytes JMP 5FF38D5B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5FF3CED7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D10F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!TerminateThread 7C81CB3B 9 Bytes JMP 5FF38E77 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!OpenThread 7C82FC08 8 Bytes JMP 5FF3D8D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] kernel32.dll!DebugActiveProcess 7C85B0FB 10 Bytes JMP 5FF3D9EF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 5FF3C4DB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 8 Bytes JMP 5FF3C82F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 8 Bytes JMP 5FF3C713 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 8 Bytes JMP 5FF3CC9F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B433 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B317 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB53 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 8 Bytes JMP 5FF3CA67 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 6 Bytes JMP 5FF3E1B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 8 Bytes JMP 5FF3DD47 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 8 Bytes JMP 5FF3DF7F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C183 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD13 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA37 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B787 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ADVAPI32.dll!EnumServicesStatusW 77E37D61 7 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 5FF39404 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 7 Bytes JMP 5FF3A153 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SetUserObjectSecurity 7E4213B3 8 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SetWindowsHookW + 2 7E421B8C 5 Bytes JMP 5FF3D7B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 8 Bytes JMP 5FF3A38B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SendDlgItemMessageW 7E4273CC 5 Bytes JMP 5FF39F1C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 5FF39520 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SetWindowsHookExW 7E42820F 7 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!PostMessageA + 2 7E42AAFF 8 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SendMessageTimeoutW 7E42CDAA 7 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SendNotifyMessageW 7E42D64F 8 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SendMessageCallbackW 7E42D6DB 6 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 5FF390B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SendMessageTimeoutA 7E42FB6B 7 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SetWindowsHookExA 7E431211 7 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SendDlgItemMessageA 7E43C2E7 5 Bytes JMP 5FF39E00 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SetWindowsHookA 7E43ED69 7 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SendNotifyMessageA 7E453948 8 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!BroadcastSystemMessageExA + 2 7E46AE99 8 Bytes JMP 5FF3A26F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!BroadcastSystemMessage + 2 7E46AEC0 7 Bytes JMP 5FF3A037 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] USER32.dll!SendMessageCallbackA 7E46B129 6 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ole32.dll!CoInitializeEx + 2 774FEF7D 8 Bytes JMP 5FF360F3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ole32.dll!CoCreateInstanceEx + 2 77500528 8 Bytes JMP 5FF3632B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ole32.dll!CoCreateInstance 7750057E 8 Bytes JMP 5FF3620F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ole32.dll!CoGetClassObject + 2 775156C7 8 Bytes JMP 5FF36447 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ole32.dll!CoGetInstanceFromFile + 2 775401EC 8 Bytes JMP 5FF36563 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] ole32.dll!CoGetInstanceFromIStorage + 2 77596916 8 Bytes JMP 5FF3667F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Java\jre6\bin\jusched.exe[732] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 5FF3D22B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!VirtualProtect 7C801AD4 8 Bytes JMP 5FF3D347 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!TerminateProcess 7C801E1A 9 Bytes JMP 5FF38D5B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5FF3CED7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D10F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!TerminateThread 7C81CB3B 9 Bytes JMP 5FF38E77 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!OpenThread 7C82FC08 8 Bytes JMP 5FF3D8D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] kernel32.dll!DebugActiveProcess 7C85B0FB 10 Bytes JMP 5FF3D9EF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!PostMessageW 7E418CCB 8 Bytes JMP 5FF39403 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!BroadcastSystemMessageW 7E41E666 7 Bytes JMP 5FF3A153 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SetUserObjectSecurity 7E4213B3 8 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SetWindowsHookW 7E421B8A 7 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!BroadcastSystemMessageExW 7E423654 7 Bytes JMP 5FF3A38B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SendDlgItemMessageW 7E4273CC 9 Bytes JMP 5FF39F1B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!PostThreadMessageW 7E4277B8 6 Bytes JMP 5FF3963B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!PostThreadMessageA 7E4277C5 2 Bytes [90, E9]
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!PostThreadMessageA + 3 7E4277C8 7 Bytes [1D, B1, E1, 90, 90, 90, 90] {SBB EAX, 0x9090e1b1; NOP ; NOP }
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SetWindowsHookExW 7E42820F 7 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SendMessageTimeoutW 7E42CDAA 7 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SendNotifyMessageW 7E42D64F 8 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SendMessageCallbackW 7E42D6DB 6 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5FF390AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SendMessageTimeoutA 7E42FB6B 7 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!OpenClipboard 7E430277 6 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SetWindowsHookExA 7E431211 7 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SendDlgItemMessageA 7E43C2E7 9 Bytes JMP 5FF39DFF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SetWindowsHookA 7E43ED69 7 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SendNotifyMessageA 7E453948 8 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!EndTask 7E45A0A5 8 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!ExitWindowsEx 7E45A275 8 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!BroadcastSystemMessageExA 7E46AE97 7 Bytes JMP 5FF3A26F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!BroadcastSystemMessage 7E46AEBE 7 Bytes JMP 5FF3A037 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] USER32.dll!SendMessageCallbackA 7E46B129 6 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 5FF3C4DB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 8 Bytes JMP 5FF3C82F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 8 Bytes JMP 5FF3C713 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 8 Bytes JMP 5FF3CC9F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B433 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B317 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB53 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 8 Bytes JMP 5FF3CA67 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 6 Bytes JMP 5FF3E1B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 8 Bytes JMP 5FF3DD47 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 8 Bytes JMP 5FF3DF7F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C183 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD13 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA37 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B787 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ADVAPI32.dll!EnumServicesStatusW 77E37D61 7 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ole32.dll!CoInitializeEx + 2 774FEF7D 8 Bytes JMP 5FF360F3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ole32.dll!CoCreateInstanceEx + 2 77500528 8 Bytes JMP 5FF3632B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ole32.dll!CoCreateInstance + 2 77500580 6 Bytes JMP 5FF3620F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ole32.dll!CoGetClassObject + 2 775156C7 8 Bytes JMP 5FF36447 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ole32.dll!CoGetInstanceFromFile + 2 775401EC 8 Bytes JMP 5FF36563 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] ole32.dll!CoGetInstanceFromIStorage + 2 77596916 8 Bytes JMP 5FF3667F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 5FF3D22B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!VirtualProtect 7C801AD4 8 Bytes JMP 5FF3D347 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!TerminateProcess 7C801E1A 9 Bytes JMP 5FF38D5B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5FF3CED7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D10F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!TerminateThread 7C81CB3B 9 Bytes JMP 5FF38E77 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!OpenThread 7C82FC08 8 Bytes JMP 5FF3D8D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] kernel32.dll!DebugActiveProcess 7C85B0FB 10 Bytes JMP 5FF3D9EF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 5FF3C4DB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 8 Bytes JMP 5FF3C82F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 8 Bytes JMP 5FF3C713 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 8 Bytes JMP 5FF3CC9F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B433 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B317 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB53 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 8 Bytes JMP 5FF3CA67 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 6 Bytes JMP 5FF3E1B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 8 Bytes JMP 5FF3DD47 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 8 Bytes JMP 5FF3DF7F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C183 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD13 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA37 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B787 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ADVAPI32.dll!EnumServicesStatusW 77E37D61 7 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!PostMessageW + 2 7E418CCD 6 Bytes JMP 5FF39403 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 7 Bytes JMP 5FF3A153 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SetUserObjectSecurity 7E4213B3 5 Bytes JMP 5FF3CDBC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SetWindowsHookW 7E421B8A 5 Bytes JMP 5FF3D7B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 8 Bytes JMP 5FF3A38B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SendDlgItemMessageW + 2 7E4273CE 7 Bytes JMP 5FF39F1B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!PostThreadMessageA + 2 7E4277C7 8 Bytes JMP 5FF3951F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 5FF3D580 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 5FF391CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!PostMessageA + 2 7E42AAFF 8 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SendMessageTimeoutW + 2 7E42CDAC 8 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 5FF39CE4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SendMessageCallbackW + 2 7E42D6DD 8 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SendMessageA + 2 7E42F3C4 7 Bytes JMP 5FF390AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SendMessageTimeoutA + 2 7E42FB6D 8 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 5FF3D464 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SendDlgItemMessageA + 2 7E43C2E9 7 Bytes JMP 5FF39DFF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SetWindowsHookA 7E43ED69 5 Bytes JMP 5FF3D69C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 5FF39BC8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!BroadcastSystemMessageExA + 2 7E46AE99 8 Bytes JMP 5FF3A26F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!BroadcastSystemMessage + 2 7E46AEC0 7 Bytes JMP 5FF3A037 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] USER32.dll!SendMessageCallbackA + 2 7E46B12B 8 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ole32.dll!CoInitializeEx + 2 774FEF7D 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ole32.dll!CoCreateInstanceEx + 2 77500528 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ole32.dll!CoCreateInstance 7750057E 8 Bytes JMP 5FF3620F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ole32.dll!CoGetClassObject + 2 775156C7 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ole32.dll!CoGetInstanceFromFile + 2 775401EC 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] ole32.dll!CoGetInstanceFromIStorage + 2 77596916 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[3344] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 5FF3D22B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!VirtualProtect 7C801AD4 8 Bytes JMP 5FF3D347 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!TerminateProcess 7C801E1A 9 Bytes JMP 5FF38D5B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5FF3CED7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D10F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!TerminateThread 7C81CB3B 9 Bytes JMP 5FF38E77 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!OpenThread 7C82FC08 8 Bytes JMP 5FF3D8D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] kernel32.dll!DebugActiveProcess 7C85B0FB 10 Bytes JMP 5FF3D9EF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 5FF3C4DB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 8 Bytes JMP 5FF3C82F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 8 Bytes JMP 5FF3C713 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 8 Bytes JMP 5FF3CC9F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B433 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B317 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB53 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 8 Bytes JMP 5FF3CA67 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 6 Bytes JMP 5FF3E1B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 8 Bytes JMP 5FF3DD47 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 8 Bytes JMP 5FF3DF7F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C183 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD13 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA37 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B787 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ADVAPI32.dll!EnumServicesStatusW 77E37D61 7 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!PostMessageW + 2 7E418CCD 6 Bytes JMP 5FF39404 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 5 Bytes JMP 5FF3A154 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SetUserObjectSecurity + 2 7E4213B5 6 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SetWindowsHookW + 2 7E421B8C 8 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 5 Bytes JMP 5FF3A38C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SendDlgItemMessageW + 2 7E4273CE 7 Bytes JMP 5FF39F1C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!PostThreadMessageA + 2 7E4277C7 8 Bytes JMP 5FF39520 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SetWindowsHookExW + 2 7E428211 8 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SendMessageW + 2 7E42929C 7 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!PostMessageA + 2 7E42AAFF 5 Bytes JMP 5FF392E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SendMessageTimeoutW + 2 7E42CDAC 8 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SendNotifyMessageW + 2 7E42D651 6 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SendMessageCallbackW + 2 7E42D6DD 8 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SendMessageA + 2 7E42F3C4 7 Bytes JMP 5FF390B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SendMessageTimeoutA + 2 7E42FB6D 8 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SetWindowsHookExA + 2 7E431213 8 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SendDlgItemMessageA + 2 7E43C2E9 7 Bytes JMP 5FF39E00 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SetWindowsHookA + 2 7E43ED6B 8 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SendNotifyMessageA + 2 7E45394A 6 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F94 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!BroadcastSystemMessageExA + 2 7E46AE99 5 Bytes JMP 5FF3A270 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!BroadcastSystemMessage 7E46AEBE 5 Bytes JMP 5FF3A038 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] USER32.dll!SendMessageCallbackA + 2 7E46B12B 8 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ole32.dll!CoInitializeEx 774FEF7B 6 Bytes JMP 5FF360F3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ole32.dll!CoCreateInstanceEx 77500526 7 Bytes JMP 5FF3632B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ole32.dll!CoCreateInstance + 2 77500580 1 Byte [E9]
.text C:\WINDOWS\system32\ctfmon.exe[4004] ole32.dll!CoCreateInstance + 2 77500580 6 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ole32.dll!CoGetClassObject 775156C5 7 Bytes JMP 5FF36447 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ole32.dll!CoGetInstanceFromFile 775401EA 7 Bytes JMP 5FF36563 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] ole32.dll!CoGetInstanceFromIStorage 77596914 7 Bytes JMP 5FF3667F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[4004] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 5FF3D22C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 5FF3D348 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!TerminateProcess 7C801E1A 5 Bytes JMP 5FF38D5C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 5FF3CED8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D110 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 5FF3CFF4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 5FF38E78 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!OpenThread 7C82FC08 5 Bytes JMP 5FF3D8D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] kernel32.dll!DebugActiveProcess 7C85B0FB 5 Bytes JMP 5FF3D9F0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 5FF39404 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!BroadcastSystemMessageW 7E41E666 7 Bytes JMP 5FF3A153 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SetUserObjectSecurity 7E4213B3 5 Bytes JMP 5FF3CDBC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SetWindowsHookW 7E421B8A 5 Bytes JMP 5FF3D7B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!BroadcastSystemMessageExW 7E423654 7 Bytes JMP 5FF3A38B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SendDlgItemMessageW 7E4273CC 5 Bytes JMP 5FF39F1C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 5FF39520 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 5FF3D580 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 5FF391CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!PostMessageA + 2 7E42AAFF 8 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 5FF39AAC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 5FF39CE4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 5FF39874 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 5FF390B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 5FF39990 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 5FF3D464 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SendDlgItemMessageA 7E43C2E7 5 Bytes JMP 5FF39E00 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SetWindowsHookA 7E43ED69 5 Bytes JMP 5FF3D69C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 5FF39BC8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!BroadcastSystemMessageExA 7E46AE97 7 Bytes JMP 5FF3A26F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!BroadcastSystemMessage 7E46AEBE 5 Bytes JMP 5FF3A038 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 5FF39758 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 5 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 5 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 5 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 5 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 5 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 5 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 5 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD14 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE30 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ole32.dll!CoInitializeEx 774FEF7B 6 Bytes JMP 5FF360F3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ole32.dll!CoCreateInstance + 2 77500580 1 Byte [E9]
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ole32.dll!CoCreateInstance + 2 77500580 6 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ole32.dll!CoGetInstanceFromFile 775401EA 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] ole32.dll!CoGetInstanceFromIStorage 77596914 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)

#9 no_enuf_2b_dangerous

no_enuf_2b_dangerous
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 October 2009 - 06:52 PM

gmer part 2

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMSetAttributesEx] [F76302F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F762DFE0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMCoSendComplete] [F762E450] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\nic1394.sys[NDIS.SYS!NdisTerminateWrapper] [F7630500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMRegisterMiniport] [F7630920] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\nic1394.sys[NDIS.SYS!NdisInitializeWrapper] [F762FEB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCoSendComplete] [F762E450] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMSetAttributesEx] [F76302F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisInitializeWrapper] [F762FEB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMRegisterMiniport] [F7630920] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisTerminateWrapper] [F7630500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F762DFE0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisClOpenAddressFamily] [F762DEA0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F762FDB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F762F830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCoSendComplete] [F762E450] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMSetAttributesEx] [F76302F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F762DFE0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisReturnPackets] [F762EF30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisInitializeWrapper] [F762FEB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisTerminateWrapper] [F7630500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F762FF60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMRegisterMiniport] [F7630920] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F762FF60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F762F830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisReturnPackets] [F762EF30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F762FDB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMSetAttributesEx] [F76302F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisTerminateWrapper] [F7630500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMRegisterMiniport] [F7630920] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisInitializeWrapper] [F762FEB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMSetAttributesEx] [F76302F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisInitializeWrapper] [F762FEB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMRegisterMiniport] [F7630920] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisTerminateWrapper] [F7630500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\TDI.SYS[NDIS.SYS!NdisReturnPackets] [F762EF30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisReturnPackets] [F762EF30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisTerminateWrapper] [F7630500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisIMAssociateMiniport] [F7630210] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisIMRegisterLayeredMiniport] [F76309E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F762FF60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisInitializeWrapper] [F762FEB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F762F830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisClOpenAddressFamily] [F762DEA0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisMSetAttributesEx] [F76302F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F762FDB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisInitializeWrapper] [F762FEB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCoSendComplete] [F762E450] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMSetAttributesEx] [F76302F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F762DFE0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMRegisterMiniport] [F7630920] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisTerminateWrapper] [F7630500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F762FF60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F762FDB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F762F830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCmRegisterAddressFamily] [F762DF40] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisClOpenAddressFamily] [F762DEA0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F762FDB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F762F830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F762FF60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisReturnPackets] [F762EF30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisReturnPackets] [F762EF30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F762FF60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F762F830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F762FDB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F762FDB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F762F830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClOpenAddressFamily] [F762DEA0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F762FF60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisReturnPackets] [F762EF30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F762FF60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F762FDB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F762F830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\asyncmac.sys[NDIS.SYS!NdisMRegisterMiniport] [F7630920] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\asyncmac.sys[NDIS.SYS!NdisTerminateWrapper] [F7630500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\asyncmac.sys[NDIS.SYS!NdisMSetAttributesEx] [F76302F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\asyncmac.sys[NDIS.SYS!NdisInitializeWrapper] [F762FEB0] kmxstart.sys (HIPS Core Driver/CA)

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 PM

Posted 15 October 2009 - 07:22 PM

I don't see anything wrong in your logs, can you tell me if you are still having any issues?

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.


We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"=-
    ""=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"=-
    :Commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back here with the following logs:
  • OTM results
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#11 no_enuf_2b_dangerous

no_enuf_2b_dangerous
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 October 2009 - 07:58 PM

gmer part 3

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[204] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[452] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[580] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)

#12 no_enuf_2b_dangerous

no_enuf_2b_dangerous
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 October 2009 - 08:03 PM

gmer part 4

IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[732] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [00D40550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00D40550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00D40980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00D40980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00D40980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00D40550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00D41720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00D40980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00D40550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00D40980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00D40980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00D40550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00D40030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00D41720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [00D41320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [00D41720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00D40F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00D41720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00D40980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00D40550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00D40030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00D40030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00D40550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00D40980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00D41320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00D41720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00D40F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00D40980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00D40030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00D41720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [00D40F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [00D41720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [00D40030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [00D40980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [00D40550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00D407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1272] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00D3FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\winlogon.exe [ADVAPI32.dll!CreateProcessAsUserW] [00DF0F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [00DF0980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExW] [00DF0550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExA] [00DF0030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!CreateProcessW] [00DF1720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00DF0550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00DF0980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00DF0980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00DF0980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [00DF1320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [00DF1720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00DF0030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00DF0550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00DF0550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00DF1720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00DF0980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00DF0550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00DF0980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00DF0980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00DF0F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00DF0980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00DF0030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00DF1720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [00DF0980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00DF0F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00DF1720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00DF0980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00DF0550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00DF0030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00DF0030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00DF0550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00DF0980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00DF1320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00DF1720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00DF0980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00DF0550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00DF0030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00DF1720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [00DF0B20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [00DF0980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [00DF0550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00DEFB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1320] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00DF07E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\phil.schawillie\Desktop\6bop8oyn.exe[1452] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)

#13 no_enuf_2b_dangerous

no_enuf_2b_dangerous
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 October 2009 - 08:05 PM

gmer part 5

IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1480] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [02940550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [02940550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [02940980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [02940980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [02940980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [02940550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [02941720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [02940980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [02940550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [02940980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [02940980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [02940550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [02940030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [02941720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [02941320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [02941720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [02940F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [02941720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [02940980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [02940550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [02940030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [02940030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [02940550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [02940980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [02941320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [02941720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [02940F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [02940980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [02940030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [02941720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [02940980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\System32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [02940030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [02940550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [02940B20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [02940980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [02940550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [029407E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1592] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0293FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10010030] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[3344] @ C:\WINDOWS\System32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[4004] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-7.0.0.517\QOELoader.exe[4032] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)
Device \Driver\Modem \Device\0000008b kmxfw.sys (HIPS Firewall Driver/CA)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\repair 0 bytes
File C:\WINDOWS\repair\autoexec.nt 1688 bytes
File C:\WINDOWS\repair\config.nt 2577 bytes
File C:\WINDOWS\repair\default 225280 bytes
File C:\WINDOWS\repair\ntuser.dat 225280 bytes
File C:\WINDOWS\repair\sam 24576 bytes
File C:\WINDOWS\repair\secsetup.inf 820358 bytes
File C:\WINDOWS\repair\security 32768 bytes
File C:\WINDOWS\repair\setup.log 224173 bytes
File C:\WINDOWS\repair\software 8564736 bytes
File C:\WINDOWS\repair\system 1593344 bytes
File C:\WINDOWS\system32\config\AppEvent.Evt 524288 bytes
File C:\WINDOWS\system32\config\default 3932160 bytes
File C:\WINDOWS\system32\config\DEFAULT.LOG 1024 bytes
File C:\WINDOWS\system32\config\default.sav 94208 bytes
File C:\WINDOWS\system32\config\Internet.evt 65536 bytes
File C:\WINDOWS\system32\config\SAM 262144 bytes
File C:\WINDOWS\system32\config\SAM.LOG 1024 bytes
File C:\WINDOWS\system32\config\SecEvent.Evt 65536 bytes
File C:\WINDOWS\system32\config\SECURITY 262144 bytes
File C:\WINDOWS\system32\config\SECURITY.LOG 1024 bytes
File C:\WINDOWS\system32\config\software 39845888 bytes
File C:\WINDOWS\system32\config\SOFTWARE.LOG 1024 bytes
File C:\WINDOWS\system32\config\software.sav 659456 bytes
File C:\WINDOWS\system32\config\SysEvent.Evt 524288 bytes
File C:\WINDOWS\system32\config\system 4980736 bytes
File C:\WINDOWS\system32\config\SYSTEM.LOG 1024 bytes
File C:\WINDOWS\system32\config\system.sav 880640 bytes
File C:\WINDOWS\system32\config\systemprofile 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini 62 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 18 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 341 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3130B1871A126520A8C47861EFE3ED4D 552 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 898 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7735880A01E3F94F763761958A7A8191 1219 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 413 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9 552 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 28644 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD 558 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 91399 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E04822AD18D472EA5B582E6E6F8C6B9A 531 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 558 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 216 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 126 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3130B1871A126520A8C47861EFE3ED4D 132 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 94 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7735880A01E3F94F763761958A7A8191 132 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 98 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9 132 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 216 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD 146 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 124 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E04822AD18D472EA5B582E6E6F8C6B9A 140 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 144 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak 113 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt 141 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 16384 bytes
File C:\WINDOWS\system32\config\systemprofile\Desktop 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Favorites 0 bytes
File C:\WINDOWS\system32\config\systemprofile\IETldCache 0 bytes
File C:\WINDOWS\system32\config\systemprofile\IETldCache\index.dat 16384 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb 720896 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD 498 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML 12787 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini 62 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini 113 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini 113 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 32768 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008063020080707 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008063020080707\index.dat 32768 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071020080711 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071020080711\index.dat 32768 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\383RIP4H 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\383RIP4H\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5ZIVSPSG 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\5ZIVSPSG\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\80QZKTFD 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\80QZKTFD\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MJA7YF38 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MJA7YF38\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini 67 bytes
File C:\WINDOWS\system32\config\systemprofile\My Documents 0 bytes
File C:\WINDOWS\system32\config\systemprofile\NetHood 0 bytes
File C:\WINDOWS\system32\config\systemprofile\PrintHood 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Recent 0 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo 0 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo\Compressed (zipped) Folder.ZFSendToTarget 0 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo\Desktop (create shortcut).DeskLink 0 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini 181 bytes
File C:\WINDOWS\system32\config\systemprofile\SendTo\Mail Recipient.MAPIMail 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini 62 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini 348 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 1525 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 1532 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk 1501 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 1539 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Command Prompt.lnk 1555 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini 482 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini 84 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk 804 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Notepad.lnk 1519 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk 386 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Synchronize.lnk 1519 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Tour Windows XP.lnk 1527 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Windows Explorer.lnk 1487 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini 148 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Remote Assistance.lnk 1599 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini 84 bytes
File C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Windows Media Player.lnk 792 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates 0 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\amipro.sam 4570 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\excel.xls 5632 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\excel4.xls 1518 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\lotus.wk4 2448 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\powerpnt.ppt 12288 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\presenta.shw 461 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\quattro.wb2 4017 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\sndrec.wav 58 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\winword.doc 4608 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\winword2.doc 1769 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\wordpfct.wpd 30 bytes
File C:\WINDOWS\system32\config\systemprofile\Templates\wordpfct.wpg 57 bytes
File C:\WINDOWS\system32\config\userdiff 262144 bytes
File C:\WINDOWS\system32\config\userdiff.LOG 1024 bytes
File C:\WINDOWS\system32\config\Windows .evt 65536 bytes
File C:\WINDOWS\system32\config\WindowsPowerShell.evt 65536 bytes

---- EOF - GMER 1.0.15 ----

#14 no_enuf_2b_dangerous

no_enuf_2b_dangerous
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 October 2009 - 08:20 PM

xyler,

Now that you've digested all that, here are some additional observations:

Once I finished GMER, the computer reverted to a state that preceded my issues of the first post. These were the issues that made me consider driver conflicts or even shorts in the MB, as the problem rather than malware.
Old issues:
- Instead of the unbidden context menus I described earlier, the Start menu and context menus would not hold their positions when called. They appeared and disappeared in a flash. I had to shut down from the Windows Security screen, and was told I would restart because of an unplanned shutdown.
- Upon restart, the Enter key would not let me select XP Pro or Recovery Console; I had to wait for the timer to expire to boot.
- My keyboard was unresponsive at logon: I had to type my name and password several times.
- Saving the GMER and RSIT logs was a trial of my patience as the keyboard continued to beep more than type.
- Got the impression that some keys were firing on their own and I had to get in my keystrokes in between.
New stuff:
- When upgrading Malwarebytes, I received a message concerning the inability to install \windows\system32\malwarebytes.sys (I think that was the name). Clicking Retry appeared to fix that.
- RSIT did not generate an info.txt file. I tried twice. (Did I have to delete the old one?)
- My AV was purchased, not a trial (and I had selected my key during installation). Why was I cut off after a month? (Unrelated, perhaps, as there was a cancellation and reorder done, but worthy of note.)

I did not use the computer after that until you asked for a current rsit log. Today, the keyboard, mouse and menu issues were not there. I did not dare open Windows Explorer to check for the hidden window. Rsit again did not generate an info.txt log. AV is still an issue. which I will investigate tomorrow.

Good luck wading through that and thanks,

no_enuf...

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 PM

Posted 16 October 2009 - 08:46 AM

I have already posted my next instructions here. why did you post Gmer in all them posts! I could see the whole log in the attachment you posted :(

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users