Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CA removed sipay.oo now by repeating error messages for nonexistant nettvj.dll


  • This topic is locked This topic is locked
33 replies to this topic

#1 JLJ

JLJ

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 19 November 2009 - 03:10 PM

I was referred here by boopme from the "Am I infected? What do I do?" forum. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/270136/ca-antivirus-removed-virus-now-getting-missing-dll-messages/ ~ OB Problem history and details are in my entry in the aii forum.

Tried DDS but it would not run so ran RKILL and RSIT as directed by boopme in AII forum. RSIT ran once but the log indicated that the HijackThis download failed. So ran it a second time which did not give this message. Both logs are included below.

Run 1 log file:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-11-18 19:16:25
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 98 GB (87%) free of 112 GB
Total RAM: 504 MB (25% free)

HijackThis download failed

======Scheduled tasks folder======

C:WINDOWStasksCAAntiSpywareScan_Daily as Owner at 2 18 PM.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:program filesgooglegoogletoolbar1.dll [2007-06-22 2403392]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View - c:Program FilesHPDigital Imagingbinhpdtlk02.dll [2003-09-03 98304]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:program filesgooglegoogletoolbar1.dll [2007-06-22 2403392]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"hpsysdrv"=c:windowssystemhpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:WINDOWSsystem32hkcmd.exe [2004-08-20 118784]
"CamMonitor"=c:Program FilesHPDigital ImagingUnloadhpqcmon.exe [2002-10-07 90112]
"HPHUPD05"=c:Program FilesHP{45B6180B-DCAB-4093-8EE8-6164457517F0}hphupd05.exe []
"HPHmon05"=C:WINDOWSSystem32hphmon05.exe [2003-05-23 483328]
"KBD"=C:HPKBDKBD.EXE [2003-02-11 61440]
"UpdateManager"=C:Program FilesCommon FilesSonicUpdate Managersgtray.exe [2003-08-19 110592]
"TkBellExe"=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2003-10-10 151597]
"AutoTKit"=C:hpbinAUTOTKIT.EXE [2003-06-18 53248]
"Recguard"=C:WINDOWSSMINSTRECGUARD.EXE [2002-09-13 212992]
"VTTimer"=VTTimer.exe []
"LTMSG"=LTMSG.exe 7 []
"PS2"=C:WINDOWSsystem32ps2.exe [2002-10-16 81920]
"Sunkist2k"=C:Program FilesMultimedia Card Readershwicon2k.exe [2003-08-14 139264]
"mmtask"=C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe [2003-07-23 53248]
"HPDJ Taskbar Utility"=C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe [2003-05-07 188416]
"IgfxTray"=C:WINDOWSsystem32igfxtray.exe [2004-08-20 155648]
"AlcxMonitor"=C:WINDOWSALCXMNTR.EXE [2004-09-07 57344]
"Symantec PIF AlertEng"=C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe [2007-11-28 583048]
"medicsp2"=C:Program Filestwcmedicsp2binsprtcmd.exe [2007-03-07 198184]
"Adobe Reader Speed Launcher"=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792]
"cctray"=C:Program FilesCACA Internet Security Suitecctraycctray.exe [2009-07-30 177392]
"QOELOADER"=C:Program FilesCACA Internet Security SuiteCA Anti-SpamQSP-5.1.18.0QOELoader.exe [2008-06-20 14088]
"CAVRID"=C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe [2009-10-14 230664]
"cafwc"=C:Program FilesCACA Internet Security SuiteCA Personal Firewallcafw.exe [2008-08-01 1193200]
"capfasem"=C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfasem.exe [2008-08-01 173296]
""= []
"capfupgrade"=C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfupgrade.exe [2008-08-01 259312]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"RecordNow!"= []
"NVIEW"=nview.dll,nViewLoadHook []
"BackupNotify"=c:Program FilesHPDigital Imagingbinbackupnotify.exe [2003-06-22 24576]
"MSMSGS"=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]
"swg"=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2007-07-12 68856]
"ctfmon.exe"=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
HP OfficeJet Series 500 Startup.lnk - C:Program FilesHewlett-PackardHP OfficeJet Series 500BinHPOstr05.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyPFW]
C:WINDOWSsystem32UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesUpdates from HP137903ProgramBackWeb-137903.exe"="C:Program FilesUpdates from HP137903ProgramBackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:WINDOWSsystem32fxsclnt.exe"="C:WINDOWSsystem32fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{92380bf8-507c-11db-805f-000c6eeb18de}]
shellAutoRuncommand - J:DTE_Privacy_launcher.exe


======List of files/folders created in the last 1 months======

2009-11-18 19:16:31 ----D---- C:Program Filestrend micro
2009-11-18 19:16:25 ----D---- C:rsit
2009-11-12 20:38:49 ----A---- C:WINDOWSsystem32wuapi.dll.mui
2009-11-12 19:26:35 ----D---- C:AutoRuns
2009-11-12 18:49:10 ----D---- C:Documents and SettingsOwnerApplication DataMalwarebytes
2009-11-12 18:48:33 ----D---- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-11-12 18:48:32 ----D---- C:Program FilesMalwarebytes' Anti-Malware
2009-11-07 11:51:30 ----D---- C:temp
2009-11-07 07:59:10 ----A---- C:WINDOWSntbtlog.txt

======List of files/folders modified in the last 1 months======

2009-11-18 19:16:31 ----RD---- C:Program Files
2009-11-18 19:15:41 ----D---- C:WINDOWSPrefetch
2009-11-18 19:15:12 ----D---- C:WINDOWSsystem32
2009-11-18 19:15:12 ----D---- C:WINDOWS
2009-11-18 19:13:21 ----D---- C:WINDOWSTemp
2009-11-18 19:04:42 ----A---- C:WINDOWSSchedLgU.Txt
2009-11-18 18:54:16 ----D---- C:WINDOWSsystem32CatRoot2
2009-11-17 20:18:31 ----SD---- C:WINDOWSDownloaded Program Files
2009-11-15 19:28:46 ----D---- C:WINDOWSCAVTemp
2009-11-14 10:26:38 ----A---- C:WINDOWSHPOTBX05.INI
2009-11-14 10:08:13 ----RSHDC---- C:WINDOWSsystem32dllcache
2009-11-14 10:08:07 ----D---- C:WINDOWSsystem32drivers
2009-11-14 10:08:05 ----HD---- C:WINDOWSinf
2009-11-12 20:39:25 ----D---- C:WINDOWSSoftwareDistribution
2009-11-12 20:39:03 ----D---- C:WINDOWSHelp
2009-11-07 08:48:34 ----D---- C:WINDOWSsystem32config
2009-11-07 08:48:05 ----D---- C:WINDOWSsystem32wbem
2009-11-07 08:48:04 ----D---- C:WINDOWSRegistration
2009-11-07 08:46:47 ----D---- C:WINDOWSsystem32Restore
2009-11-01 13:45:52 ----A---- C:WINDOWSsystem32PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:WINDOWSsystem32driversAFS2K.sys [2004-10-07 35840]
R1 intelppm;Intel Processor Driver; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 KmxAgent;KmxAgent; C:WINDOWSSystem32DRIVERSkmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:WINDOWSSystem32DRIVERSKmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw; C:WINDOWSSystem32DRIVERSkmxfw.sys [2008-06-24 115216]
R1 SiSkp;SiSkp; C:WINDOWSSystem32DRIVERSsrvkp.sys [2003-04-11 10624]
R1 VETEFILE;VET File Scan Engine; C:WINDOWSsystem32driversVETEFILE.sys [2009-10-13 739752]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:WINDOWSsystem32driversVETFDDNT.sys [2007-08-20 21512]
R1 VET-FILT;VET File System Filter; C:WINDOWSsystem32driversVET-FILT.sys [2007-08-20 26376]
R1 VETMONNT;VET File Monitor; C:WINDOWSsystem32driversVETMONNT.sys [2007-08-20 32264]
R1 VET-REC;VET File System Recognizer; C:WINDOWSsystem32driversVET-REC.sys [2007-08-20 21128]
R2 KmxCF;KmxCF; C:WINDOWSSystem32DRIVERSKmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:WINDOWSSystem32DRIVERSKmxSbx.sys [2008-06-24 66576]
R2 symlcbrd;symlcbrd; ??C:WINDOWSsystem32driverssymlcbrd.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-10-01 2279424]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSSystem32DRIVERSHPZid412.sys [2003-05-14 51056]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSSystem32DRIVERSHPZipr12.sys [2003-05-16 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSSystem32DRIVERSHPZius12.sys [2003-05-14 21488]
R3 ialm;ialm; C:WINDOWSSystem32DRIVERSialmnt5.sys [2004-08-20 737874]
R3 KmxCfg;KmxCfg; C:WINDOWSSystem32DRIVERSkmxcfg.sys [2008-06-24 88816]
R3 ltmodem5;Agere Modem Driver; C:WINDOWSSystem32DRIVERSltmdmnt.sys [2003-07-02 652497]
R3 MxlW2k;MxlW2k; C:WINDOWSsystem32driversMxlW2k.sys [2004-02-22 28256]
R3 Ps2;PS2; C:WINDOWSSystem32DRIVERSPS2.sys [2001-06-04 14112]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:WINDOWSSystem32DRIVERSR8139n51.SYS [2002-10-04 46976]
R3 SunkFilt;Alcor Micro Corp - 9360; ??C:WINDOWSSystem32Driverssunkfilt.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSSystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSSystem32DRIVERSusbprint.sys [2004-08-04 25856]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbuhci.sys [2004-08-04 20480]
R3 VETEBOOT;VET Boot Scan Engine; C:WINDOWSsystem32driversVETEBOOT.sys [2009-10-13 133576]
S1 AmdK7;AMD K7 Processor Driver; C:WINDOWSSystem32DRIVERSamdk7.sys [2004-08-04 37376]
S2 nvcap;nVidia WDM Video Capture (universal); C:WINDOWSSystem32DRIVERSnvcap.sys [2003-07-30 126348]
S2 NVXBAR;nVidia WDM A/V Crossbar; C:WINDOWSSystem32DRIVERSNVxbar.sys [2003-07-30 13006]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:WINDOWSsystem32driversialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:WINDOWSsystem32driversialmkchw.sys [2003-04-15 78752]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-17 391424]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSSystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 Dot4;IEEE-1284.4 Driver; C:WINDOWSSystem32DRIVERSDot4.sys [2004-08-04 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:WINDOWSSystem32DRIVERSDot4Prt.sys [2001-08-17 12928]
S3 JL2005C;Dual Mode Camera; C:WINDOWSSystem32Driversjl2005c.sys [2007-01-26 68954]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSSystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSSystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 netrcacm;RCA USB Digital Cable Modem Driver; C:WINDOWSsystem32DRIVERSnetrcacm.sys [2003-04-02 20648]
S3 nv;nv; C:WINDOWSSystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
S3 rootrepeal;rootrepeal; ??C:WINDOWSsystem32driversrootrepeal.sys []
S3 S3Psddr;S3Psddr; C:WINDOWSSystem32DRIVERSs3gnbm.sys [2004-08-04 166912]
S3 SiS315;SiS315; C:WINDOWSSystem32DRIVERSsisgrp.sys [2003-05-06 394752]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSSystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:WINDOWSSystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; C:WINDOWSsystem32driversSunkfiltp.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbohci.sys [2004-08-04 17024]
S3 viagfx;viagfx; C:WINDOWSSystem32DRIVERSvtmini.sys [2003-08-11 265344]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSSystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CAISafe;CAISafe; C:Program FilesCACA Internet Security SuiteCA Anti-VirusISafe.exe [2007-08-20 144960]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:Program FilesCASharedComponentsPPRTbinITMRTSVC.exe [2007-01-04 280080]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe [2007-11-28 583048]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2); C:Program Filestwcmedicsp2binsprtsvc.exe [2007-03-07 202280]
R2 Symantec Core LC;Symantec Core LC; C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe [2008-04-07 1251720]
R2 UmxAgent;HIPS Event Manager; C:Program FilesCASharedComponentsHIPSEngineUmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:Program FilesCASharedComponentsHIPSEngineUmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:Program FilesCASharedComponentsHIPSEngineUmxFwHlp.exe [2007-10-18 145936]
R2 UmxPol;HIPS Policy Manager; C:Program FilesCASharedComponentsHIPSEngineUmxPol.exe [2008-06-24 281104]
R2 VETMSGNT;VET Message Service; C:Program FilesCACA Internet Security SuiteCA Anti-VirusVetMsg.exe [2009-10-14 233472]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R3 CaCCProvSP;CaCCProvSP; C:Program FilesCACA Internet Security Suiteccprovsp.exe [2009-07-30 214256]
R3 PPCtlPriv;PPCtlPriv; C:Program FilesCACA Internet Security SuiteCA Anti-SpywarePPCtlPriv.exe [2007-08-16 189704]
S2 NVSvc;NVIDIA Driver Helper Service; C:WINDOWSSystem32nvsvc32.exe [2003-08-19 77824]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2004-08-04 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-06-22 138168]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 MSCSPTISRV;MSCSPTISRV; C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe [2006-12-14 45056]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe [2006-12-14 57344]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSSystem32HPZipm12.exe [2003-05-16 65795]
S3 SPTISRV;Sony SPTI Service; C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe [2006-12-14 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]

=================

Second log. ~ OB


Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-11-18 19:24:56
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 98 GB (87%) free of 112 GB
Total RAM: 504 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:32 PM, on 11/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCASharedComponentsHIPSEngineUmxCfg.exe
C:Program FilesCASharedComponentsHIPSEngineUmxFwHlp.exe
C:Program FilesCASharedComponentsHIPSEngineUmxPol.exe
C:Program FilesCASharedComponentsHIPSEngineUmxAgent.exe
C:Program FilesCACA Internet Security SuiteCA Anti-VirusISafe.exe
C:Program FilesCASharedComponentsPPRTbinITMRTSVC.exe
C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:Program Filestwcmedicsp2binsprtsvc.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:Program FilesCACA Internet Security SuiteCA Anti-VirusVetMsg.exe
C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfsem.exe
C:windowssystemhpsysdrv.exe
C:WINDOWSsystem32hkcmd.exe
C:Program FilesHPDigital ImagingUnloadhpqcmon.exe
C:HPKBDKBD.EXE
C:WINDOWSLTMSG.exe
C:Program FilesMultimedia Card Readershwicon2k.exe
C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
C:WINDOWSsystem32igfxtray.exe
C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
C:Program Filestwcmedicsp2binsprtcmd.exe
C:Program FilesCACA Internet Security Suitecctraycctray.exe
C:Program FilesCACA Internet Security SuiteCA Anti-SpamQSP-5.1.18.0QOELoader.exe
C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe
C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfasem.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCACA Internet Security Suiteccprovsp.exe
C:Program FilesCACA Internet Security SuiteCA Anti-SpywareCAPPActiveProtection.exe
C:Program FilesCACA Internet Security SuiteCA Anti-SpywarePPCtlPriv.exe
C:WINDOWSexplorer.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsOwnerDesktopRSIT.exe
C:Program Filestrend microOwner.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.rr.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Road Runner High Speed Online
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:Program FilesHPDigital Imagingbinhpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [hpsysdrv] c:windowssystemhpsysdrv.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [CamMonitor] c:Program FilesHPDigital ImagingUnloadhpqcmon.exe
O4 - HKLM..Run: [HPHUPD05] c:Program FilesHP{45B6180B-DCAB-4093-8EE8-6164457517F0}hphupd05.exe
O4 - HKLM..Run: [HPHmon05] C:WINDOWSSystem32hphmon05.exe
O4 - HKLM..Run: [KBD] C:HPKBDKBD.EXE
O4 - HKLM..Run: [UpdateManager] "C:Program FilesCommon FilesSonicUpdate Managersgtray.exe" /r
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [AutoTKit] C:hpbinAUTOTKIT.EXE
O4 - HKLM..Run: [Recguard] C:WINDOWSSMINSTRECGUARD.EXE
O4 - HKLM..Run: [VTTimer] VTTimer.exe
O4 - HKLM..Run: [LTMSG] LTMSG.exe 7
O4 - HKLM..Run: [PS2] C:WINDOWSsystem32ps2.exe
O4 - HKLM..Run: [Sunkist2k] C:Program FilesMultimedia Card Readershwicon2k.exe
O4 - HKLM..Run: [mmtask] C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM..Run: [Symantec PIF AlertEng] "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" /a /m "C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}AlertEng.dll"
O4 - HKLM..Run: [medicsp2] C:Program Filestwcmedicsp2binsprtcmd.exe /P medicsp2
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [cctray] "C:Program FilesCACA Internet Security Suitecctraycctray.exe"
O4 - HKLM..Run: [QOELOADER] "C:Program FilesCACA Internet Security SuiteCA Anti-SpamQSP-5.1.18.0QOELoader.exe"
O4 - HKLM..Run: [CAVRID] "C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe"
O4 - HKLM..Run: [cafwc] C:Program FilesCACA Internet Security SuiteCA Personal Firewallcafw.exe -cl
O4 - HKLM..Run: [capfasem] C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfasem.exe
O4 - HKLM..Run: [capfupgrade] C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfupgrade.exe
O4 - HKCU..Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU..Run: [BackupNotify] c:Program FilesHPDigital Imagingbinbackupnotify.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [Symantec NetDriver Warning] C:PROGRA~1SYMNET~1SNDWarn.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [Symantec NetDriver Warning] C:PROGRA~1SYMNET~1SNDWarn.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP OfficeJet Series 500 Startup.lnk = C:Program FilesHewlett-PackardHP OfficeJet Series 500BinHPOstr05.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2binnpjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavaj2re1.4.2binnpjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MI1933~1OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O12 - Plugin for .mov: C:Program FilesInternet ExplorerPLUGINSnpqtplugin.dll
O12 - Plugin for .mpeg: C:Program FilesInternet ExplorerPLUGINSnpqtplugin3.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1257625319187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1258507090484
O23 - Service: CaCCProvSP - CA, Inc. - C:Program FilesCACA Internet Security Suiteccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-VirusISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:Program FilesCASharedComponentsPPRTbinITMRTSVC.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSSystem32HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-SpywarePPCtlPriv.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:Program Filestwcmedicsp2binsprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:Program FilesCASharedComponentsHIPSEngineUmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:Program FilesCACA Internet Security SuiteCA Anti-VirusVetMsg.exe

--
End of file - 11411 bytes

======Scheduled tasks folder======

C:WINDOWStasksCAAntiSpywareScan_Daily as Owner at 2 18 PM.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:program filesgooglegoogletoolbar1.dll [2007-06-22 2403392]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View - c:Program FilesHPDigital Imagingbinhpdtlk02.dll [2003-09-03 98304]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:program filesgooglegoogletoolbar1.dll [2007-06-22 2403392]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"hpsysdrv"=c:windowssystemhpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:WINDOWSsystem32hkcmd.exe [2004-08-20 118784]
"CamMonitor"=c:Program FilesHPDigital ImagingUnloadhpqcmon.exe [2002-10-07 90112]
"HPHUPD05"=c:Program FilesHP{45B6180B-DCAB-4093-8EE8-6164457517F0}hphupd05.exe []
"HPHmon05"=C:WINDOWSSystem32hphmon05.exe [2003-05-23 483328]
"KBD"=C:HPKBDKBD.EXE [2003-02-11 61440]
"UpdateManager"=C:Program FilesCommon FilesSonicUpdate Managersgtray.exe [2003-08-19 110592]
"TkBellExe"=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2003-10-10 151597]
"AutoTKit"=C:hpbinAUTOTKIT.EXE [2003-06-18 53248]
"Recguard"=C:WINDOWSSMINSTRECGUARD.EXE [2002-09-13 212992]
"VTTimer"=VTTimer.exe []
"LTMSG"=LTMSG.exe 7 []
"PS2"=C:WINDOWSsystem32ps2.exe [2002-10-16 81920]
"Sunkist2k"=C:Program FilesMultimedia Card Readershwicon2k.exe [2003-08-14 139264]
"mmtask"=C:Program FilesMUSICMATCHMUSICMATCH Jukeboxmmtask.exe [2003-07-23 53248]
"HPDJ Taskbar Utility"=C:WINDOWSSystem32spooldriversw32x863hpztsb09.exe [2003-05-07 188416]
"IgfxTray"=C:WINDOWSsystem32igfxtray.exe [2004-08-20 155648]
"AlcxMonitor"=C:WINDOWSALCXMNTR.EXE [2004-09-07 57344]
"Symantec PIF AlertEng"=C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe [2007-11-28 583048]
"medicsp2"=C:Program Filestwcmedicsp2binsprtcmd.exe [2007-03-07 198184]
"Adobe Reader Speed Launcher"=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-01-11 39792]
"cctray"=C:Program FilesCACA Internet Security Suitecctraycctray.exe [2009-07-30 177392]
"QOELOADER"=C:Program FilesCACA Internet Security SuiteCA Anti-SpamQSP-5.1.18.0QOELoader.exe [2008-06-20 14088]
"CAVRID"=C:Program FilesCACA Internet Security SuiteCA Anti-VirusCAVRID.exe [2009-10-14 230664]
"cafwc"=C:Program FilesCACA Internet Security SuiteCA Personal Firewallcafw.exe [2008-08-01 1193200]
"capfasem"=C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfasem.exe [2008-08-01 173296]
""= []
"capfupgrade"=C:Program FilesCACA Internet Security SuiteCA Personal Firewallcapfupgrade.exe [2008-08-01 259312]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"RecordNow!"= []
"NVIEW"=nview.dll,nViewLoadHook []
"BackupNotify"=c:Program FilesHPDigital Imagingbinbackupnotify.exe [2003-06-22 24576]
"MSMSGS"=C:Program FilesMessengermsmsgs.exe [2004-10-13 1694208]
"swg"=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2007-07-12 68856]
"ctfmon.exe"=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
HP OfficeJet Series 500 Startup.lnk - C:Program FilesHewlett-PackardHP OfficeJet Series 500BinHPOstr05.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyPFW]
C:WINDOWSsystem32UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesUpdates from HP137903ProgramBackWeb-137903.exe"="C:Program FilesUpdates from HP137903ProgramBackWeb-137903.exe:*:Disabled:BackWeb-137903"
"C:WINDOWSsystem32fxsclnt.exe"="C:WINDOWSsystem32fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%Network Diagnosticxpnetdiag.exe"="%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{92380bf8-507c-11db-805f-000c6eeb18de}]
shellAutoRuncommand - J:DTE_Privacy_launcher.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{aa4efb40-5dbb-11d8-bc04-806d6172696f}]
shellAutoRuncommand - D:Info.exe folder.htt 480 480


======List of files/folders created in the last 1 months======

2009-11-18 19:16:31 ----D---- C:Program Filestrend micro
2009-11-18 19:16:25 ----D---- C:rsit
2009-11-12 20:38:49 ----A---- C:WINDOWSsystem32wuapi.dll.mui
2009-11-12 19:26:35 ----D---- C:AutoRuns
2009-11-12 18:49:10 ----D---- C:Documents and SettingsOwnerApplication DataMalwarebytes
2009-11-12 18:48:33 ----D---- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-11-12 18:48:32 ----D---- C:Program FilesMalwarebytes' Anti-Malware
2009-11-07 11:51:30 ----D---- C:temp
2009-11-07 07:59:10 ----A---- C:WINDOWSntbtlog.txt

======List of files/folders modified in the last 1 months======

2009-11-18 19:24:36 ----D---- C:WINDOWSPrefetch
2009-11-18 19:18:24 ----D---- C:WINDOWSsystem32CatRoot2
2009-11-18 19:16:31 ----RD---- C:Program Files
2009-11-18 19:15:12 ----D---- C:WINDOWSsystem32
2009-11-18 19:15:12 ----D---- C:WINDOWS
2009-11-18 19:13:21 ----D---- C:WINDOWSTemp
2009-11-18 19:09:48 ----D---- C:WINDOWSCAVTemp
2009-11-18 19:04:42 ----A---- C:WINDOWSSchedLgU.Txt
2009-11-17 20:18:31 ----SD---- C:WINDOWSDownloaded Program Files
2009-11-14 10:26:38 ----A---- C:WINDOWSHPOTBX05.INI
2009-11-14 10:08:13 ----RSHDC---- C:WINDOWSsystem32dllcache
2009-11-14 10:08:07 ----D---- C:WINDOWSsystem32drivers
2009-11-14 10:08:05 ----HD---- C:WINDOWSinf
2009-11-12 20:39:25 ----D---- C:WINDOWSSoftwareDistribution
2009-11-12 20:39:03 ----D---- C:WINDOWSHelp
2009-11-07 08:48:34 ----D---- C:WINDOWSsystem32config
2009-11-07 08:48:05 ----D---- C:WINDOWSsystem32wbem
2009-11-07 08:48:04 ----D---- C:WINDOWSRegistration
2009-11-07 08:46:47 ----D---- C:WINDOWSsystem32Restore
2009-11-01 13:45:52 ----A---- C:WINDOWSsystem32PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:WINDOWSsystem32driversAFS2K.sys [2004-10-07 35840]
R1 intelppm;Intel Processor Driver; C:WINDOWSSystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 KmxAgent;KmxAgent; C:WINDOWSSystem32DRIVERSkmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:WINDOWSSystem32DRIVERSKmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw; C:WINDOWSSystem32DRIVERSkmxfw.sys [2008-06-24 115216]
R1 SiSkp;SiSkp; C:WINDOWSSystem32DRIVERSsrvkp.sys [2003-04-11 10624]
R1 VETEFILE;VET File Scan Engine; C:WINDOWSsystem32driversVETEFILE.sys [2009-10-13 739752]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:WINDOWSsystem32driversVETFDDNT.sys [2007-08-20 21512]
R1 VET-FILT;VET File System Filter; C:WINDOWSsystem32driversVET-FILT.sys [2007-08-20 26376]
R1 VETMONNT;VET File Monitor; C:WINDOWSsystem32driversVETMONNT.sys [2007-08-20 32264]
R1 VET-REC;VET File System Recognizer; C:WINDOWSsystem32driversVET-REC.sys [2007-08-20 21128]
R2 KmxCF;KmxCF; C:WINDOWSSystem32DRIVERSKmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:WINDOWSSystem32DRIVERSKmxSbx.sys [2008-06-24 66576]
R2 symlcbrd;symlcbrd; ??C:WINDOWSsystem32driverssymlcbrd.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:WINDOWSsystem32driversALCXWDM.SYS [2004-10-01 2279424]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSSystem32DRIVERSHPZid412.sys [2003-05-14 51056]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSSystem32DRIVERSHPZipr12.sys [2003-05-16 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSSystem32DRIVERSHPZius12.sys [2003-05-14 21488]
R3 ialm;ialm; C:WINDOWSSystem32DRIVERSialmnt5.sys [2004-08-20 737874]
R3 KmxCfg;KmxCfg; C:WINDOWSSystem32DRIVERSkmxcfg.sys [2008-06-24 88816]
R3 ltmodem5;Agere Modem Driver; C:WINDOWSSystem32DRIVERSltmdmnt.sys [2003-07-02 652497]
R3 MxlW2k;MxlW2k; C:WINDOWSsystem32driversMxlW2k.sys [2004-02-22 28256]
R3 Ps2;PS2; C:WINDOWSSystem32DRIVERSPS2.sys [2001-06-04 14112]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:WINDOWSSystem32DRIVERSR8139n51.SYS [2002-10-04 46976]
R3 SunkFilt;Alcor Micro Corp - 9360; ??C:WINDOWSSystem32Driverssunkfilt.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSSystem32DRIVERSusbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSSystem32DRIVERSusbprint.sys [2004-08-04 25856]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbuhci.sys [2004-08-04 20480]
R3 VETEBOOT;VET Boot Scan Engine; C:WINDOWSsystem32driversVETEBOOT.sys [2009-10-13 133576]
S1 AmdK7;AMD K7 Processor Driver; C:WINDOWSSystem32DRIVERSamdk7.sys [2004-08-04 37376]
S2 nvcap;nVidia WDM Video Capture (universal); C:WINDOWSSystem32DRIVERSnvcap.sys [2003-07-30 126348]
S2 NVXBAR;nVidia WDM A/V Crossbar; C:WINDOWSSystem32DRIVERSNVxbar.sys [2003-07-30 13006]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:WINDOWSsystem32driversialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:WINDOWSsystem32driversialmkchw.sys [2003-04-15 78752]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:WINDOWSsystem32driversALCXSENS.SYS [2004-02-17 391424]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSSystem32DRIVERSCCDECODE.sys [2004-08-04 17024]
S3 Dot4;IEEE-1284.4 Driver; C:WINDOWSSystem32DRIVERSDot4.sys [2004-08-04 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:WINDOWSSystem32DRIVERSDot4Prt.sys [2001-08-17 12928]
S3 JL2005C;Dual Mode Camera; C:WINDOWSSystem32Driversjl2005c.sys [2007-01-26 68954]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSSystem32DRIVERSNABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSSystem32DRIVERSNdisIP.sys [2004-08-04 10880]
S3 netrcacm;RCA USB Digital Cable Modem Driver; C:WINDOWSsystem32DRIVERSnetrcacm.sys [2003-04-02 20648]
S3 nv;nv; C:WINDOWSSystem32DRIVERSnv4_mini.sys [2004-08-04 1897408]
S3 rootrepeal;rootrepeal; ??C:WINDOWSsystem32driversrootrepeal.sys []
S3 S3Psddr;S3Psddr; C:WINDOWSSystem32DRIVERSs3gnbm.sys [2004-08-04 166912]
S3 SiS315;SiS315; C:WINDOWSSystem32DRIVERSsisgrp.sys [2003-05-06 394752]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSSystem32DRIVERSSLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:WINDOWSSystem32DRIVERSStreamIP.sys [2004-08-04 15360]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; C:WINDOWSsystem32driversSunkfiltp.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSSystem32DRIVERSusbohci.sys [2004-08-04 17024]
S3 viagfx;viagfx; C:WINDOWSSystem32DRIVERSvtmini.sys [2003-08-11 265344]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSSystem32DRIVERSWSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:WINDOWSSystem32driversws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CAISafe;CAISafe; C:Program FilesCACA Internet Security SuiteCA Anti-VirusISafe.exe [2007-08-20 144960]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:Program FilesCASharedComponentsPPRTbinITMRTSVC.exe [2007-01-04 280080]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe [2007-11-28 583048]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2); C:Program Filestwcmedicsp2binsprtsvc.exe [2007-03-07 202280]
R2 Symantec Core LC;Symantec Core LC; C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe [2008-04-07 1251720]
R2 UmxAgent;HIPS Event Manager; C:Program FilesCASharedComponentsHIPSEngineUmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:Program FilesCASharedComponentsHIPSEngineUmxCfg.exe [2007-10-18 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:Program FilesCASharedComponentsHIPSEngineUmxFwHlp.exe [2007-10-18 145936]
R2 UmxPol;HIPS Policy Manager; C:Program FilesCASharedComponentsHIPSEngineUmxPol.exe [2008-06-24 281104]
R2 VETMSGNT;VET Message Service; C:Program FilesCACA Internet Security SuiteCA Anti-VirusVetMsg.exe [2009-10-14 233472]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2004-08-04 14336]
R3 CaCCProvSP;CaCCProvSP; C:Program FilesCACA Internet Security Suiteccprovsp.exe [2009-07-30 214256]
R3 PPCtlPriv;PPCtlPriv; C:Program FilesCACA Internet Security SuiteCA Anti-SpywarePPCtlPriv.exe [2007-08-16 189704]
S2 NVSvc;NVIDIA Driver Helper Service; C:WINDOWSSystem32nvsvc32.exe [2003-08-19 77824]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2004-08-04 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2007-06-22 138168]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2006-10-30 741376]
S3 MSCSPTISRV;MSCSPTISRV; C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe [2006-12-14 45056]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe [2006-12-14 57344]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSSystem32HPZipm12.exe [2003-05-16 65795]
S3 SPTISRV;Sony SPTI Service; C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe [2006-12-14 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Merged posts. ~ OB

Edited by JLJ, 19 November 2009 - 06:41 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,591 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:44 PM

Posted 27 November 2009 - 10:13 AM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log
  • GMER log


Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 JLJ

JLJ
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 27 November 2009 - 02:08 PM

We had previously tried DDS, but it would not run. See my post in "Am I infected?"

http://www.bleepingcomputer.com/forums/ind...t&p=1503642

Let me know if I should try it again or try something else.


I'll try your note about disabling script protection:
"Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. "

Since this is my friend's computer it may be a day or two before I can get to it.
thanks,

Edited by JLJ, 27 November 2009 - 02:17 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,591 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:44 PM

Posted 27 November 2009 - 02:24 PM

Try to run DDS, if it fails, just run GMER and leave DDS out.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,591 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:44 PM

Posted 30 November 2009 - 05:47 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,591 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:44 PM

Posted 30 November 2009 - 12:12 PM

Sorry I closed this, it was not my intention :(

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 JLJ

JLJ
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 30 November 2009 - 12:55 PM

Thanks Elise,

Symptoms of the endless popups of messages saying nettvj.dll is not found continue. Most of the limited applications we've attempted seem to run. But when on the internet (checking email) the system will lock up and require a reboot.

GMER ran for several hours.

Here's the GMER.log


GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-29 07:03:20
Windows 5.1.2600 Service Pack 2
Running: rcqn5vl1.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwryypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xEEDB06EA]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwCreateSection [0xEF343FD2]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xEEDB140B]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xEEDB175C]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xEEDB064E]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xEEDB1130]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xEF343662]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xEEDB1538]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 11A 804E4954 4 Bytes JMP 8AEEDB06
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF8847300]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCoSendComplete] [F82460E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMSetAttributesEx] [F8247F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisInitializeWrapper] [F8247B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMRegisterMiniport] [F82485A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisTerminateWrapper] [F8248180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F8245C60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisClOpenAddressFamily] [F8245B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F8247A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F8247460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCoSendComplete] [F82460E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMSetAttributesEx] [F8247F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F8245C60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisReturnPackets] [F8246B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisInitializeWrapper] [F8247B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisTerminateWrapper] [F8248180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F8247BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMRegisterMiniport] [F82485A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F8247BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F8247460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisReturnPackets] [F8246B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F8247A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMSetAttributesEx] [F8247F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisTerminateWrapper] [F8248180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMRegisterMiniport] [F82485A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisInitializeWrapper] [F8247B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMSetAttributesEx] [F8247F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisInitializeWrapper] [F8247B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMRegisterMiniport] [F82485A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisTerminateWrapper] [F8248180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\TDI.SYS[NDIS.SYS!NdisReturnPackets] [F8246B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisReturnPackets] [F8246B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisTerminateWrapper] [F8248180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisIMAssociateMiniport] [F8247E90] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisIMRegisterLayeredMiniport] [F8248660] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F8247BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisInitializeWrapper] [F8247B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F8247460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisClOpenAddressFamily] [F8245B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisMSetAttributesEx] [F8247F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F8247A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisInitializeWrapper] [F8247B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCoSendComplete] [F82460E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMSetAttributesEx] [F8247F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F8245C60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMRegisterMiniport] [F82485A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisTerminateWrapper] [F8248180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F8247BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F8247A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F8247460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCmRegisterAddressFamily] [F8245BC0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisClOpenAddressFamily] [F8245B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F8247A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F8247460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F8247BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisReturnPackets] [F8246B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisReturnPackets] [F8246B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F8247BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F8247460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F8247A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisReturnPackets] [F8246B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F8247BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F8247A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F8247460] kmxstart.sys (HIPS Core Driver/CA)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [0099FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0099FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0099FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0099FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0099FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0099FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [009A0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0099FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0099FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0099FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0099FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0099FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0099F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [009A0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [009A0470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [009A0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [009A0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [009A0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0099FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0099FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0099F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0099F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0099FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0099FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [009A0470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [009A0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [009A0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0099FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0099F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [009A0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [009A0290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [009A0640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [0099F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [0099FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [0099FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0099FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[264] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0099F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [100100B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\Explorer.EXE[392] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [0198FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0198FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0198FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0198FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0198FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0198FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [01990640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0198FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0198FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0198FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0198FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0198FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0198F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [01990640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [01990470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [01990640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [01990290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [01990640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0198FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0198FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0198F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0198F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0198FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0198FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [01990470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [01990640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [01990290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0198FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0198F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [01990640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0198FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0198F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0198FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [019900B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [0198FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [0198FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0198FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[688] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0198F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[744] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[896] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\winlogon.exe [ADVAPI32.dll!CreateProcessAsUserW] [00C20290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [00C1FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExW] [00C1FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExA] [00C1F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!CreateProcessW] [00C20640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00C1FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00C1FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00C1FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00C1FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [00C20470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [00C20640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00C1F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00C1FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00C1FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00C20640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00C1FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00C1FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00C1FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00C1FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00C20290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00C1FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00C1F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00C20640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [00C1FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00C20290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00C20640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00C1FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00C1FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00C1F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00C1F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00C1FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00C1FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00C20470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00C20640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00C1FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00C1FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00C1F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00C20640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00C1F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\winlogon.exe[1080] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00C1FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\services.exe[1220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [0094FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0094FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0094FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0094FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0094FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0094FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00950640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0094FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0094FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0094FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0094FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0094FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0094F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00950640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [00950470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [00950640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00950290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00950640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0094FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0094FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0094F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0094F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0094FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0094FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00950470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00950640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00950290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0094FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0094F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00950640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0094FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1312] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0094F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [100100B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\System32\svchost.exe[1556] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [10010470] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010290] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] [10010640] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000F990] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FBA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FF30] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FDB0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\WINDOWS\system32\svchost.exe[1932] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F810] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs kmxagent.sys (HIPS Agent Driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Modem \Device\00000069 kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat kmxagent.sys (HIPS Agent Driver/CA)
AttachedDevice \FileSystem\Fastfat \Fat KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Fastfat \Fat VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

---- EOF - GMER 1.0.15 ----

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,591 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:44 PM

Posted 30 November 2009 - 01:14 PM

Hello JLJ,

COMBOFIX
---------------
Please download ComboFix from one of these locations:Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 JLJ

JLJ
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 30 November 2009 - 03:06 PM

Thanks Elise for your quick response. Again it will be a few days before I will be able to run it. I will post back then.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,591 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:44 PM

Posted 30 November 2009 - 03:15 PM

Thats not a problem :(

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 JLJ

JLJ
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 01 December 2009 - 11:06 AM

ComboFix ran, looks lke it removed some items, when the system rebooted the nettvjdll error message popups did not appear.



ComboFix 09-11-30.02 - Owner 11/30/2009 19:04.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.504.206 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\iAlmcoin.dll
c:\windows\system32\ps2.bat
c:\windows\system32\twain_32.dll
c:\windows\viassary-hp.reg
D:\Autorun.inf

Infected copy of c:\windows\system32\imm32.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\imm32.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-01 to 2009-12-01 )))))))))))))))))))))))))))))))
.

2009-11-19 00:16 . 2009-11-19 00:25 -------- d-----w- c:\program files\trend micro
2009-11-19 00:16 . 2009-11-19 00:17 -------- d-----w- C:\rsit
2009-11-16 00:46 . 2009-11-16 00:46 -------- d-----w- c:\documents and settings\Owner\DoctorWeb
2009-11-13 00:26 . 2009-11-14 15:08 -------- d-----w- C:\AutoRuns
2009-11-12 23:49 . 2009-11-12 23:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-12 23:48 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-12 23:48 . 2009-11-12 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-12 23:48 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-12 23:48 . 2009-11-14 15:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 16:51 . 2009-11-07 16:51 -------- d-----w- C:\temp
2009-11-07 13:48 . 2009-11-07 13:48 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-07 12:44 . 2009-10-13 22:48 1541416 ----a-w- c:\documents and settings\All Users\Application Data\CA\Consumer\AV\tmp\vete_tmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 00:20 . 2008-06-21 02:46 91542 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-12-01 00:20 . 2008-06-21 02:46 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-12-01 00:20 . 2008-06-21 02:46 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-12-01 00:20 . 2008-06-21 02:46 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-12-01 00:20 . 2008-06-21 02:46 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-12-01 00:20 . 2008-06-21 02:46 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-12-01 00:20 . 2008-06-21 02:46 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-12-01 00:20 . 2008-06-21 02:46 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-10-13 22:48 . 2009-10-13 22:48 739752 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-13 22:48 . 2009-10-13 22:48 133576 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-09-04 13:12 . 2009-09-04 13:12 20232 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe_rc.dll
2009-09-04 13:12 . 2009-09-04 13:12 615688 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe.exe
2009-09-04 13:12 . 2009-09-04 13:12 632072 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\msvcr80.dll
2009-09-04 13:12 . 2009-09-04 13:12 353544 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe
2008-02-02 23:30 . 2008-02-02 23:30 930 ----a-w- c:\program files\reset_minimal.zip
2008-02-02 23:30 . 2008-02-02 23:30 379392 ----a-w- c:\program files\subinacl.msi
2004-07-16 01:22 . 2004-07-16 01:22 3858944 -c--a-w- c:\program files\sspattsetup967_1754098763.exe
2004-04-02 23:07 . 2004-04-02 23:07 2066688 -c--a-w- c:\program files\wnaccel410.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2003-08-19 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"CamMonitor"="c:\program files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 90112]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 151597]
"AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 53248]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-08 188416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"medicsp2"="c:\program files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 198184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-30 177392]
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-06-21 14088]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-10-14 230664]
"cafwc"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-08-01 1193200]
"capfasem"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-08-01 173296]
"capfupgrade"="c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-08-01 259312]
"LTMSG"="LTMSG.exe" - c:\windows\ltmsg.exe [2003-07-15 40960]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP OfficeJet Series 500 Startup.lnk - c:\program files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe [2004-3-8 1175552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 17:30 79368 ----a-w- c:\windows\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [6/24/2008 6:08 PM 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [6/24/2008 6:08 PM 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [6/24/2008 6:08 PM 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [6/24/2008 6:08 PM 115216]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [6/24/2008 6:08 PM 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [6/24/2008 6:08 PM 66576]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [4/6/2008 8:35 AM 202280]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [10/18/2007 9:24 AM 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [10/18/2007 9:24 AM 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/24/2008 6:10 PM 281104]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [6/24/2008 6:08 PM 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/16/2007 8:10 PM 189704]
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\CAAntiSpywareScan_Daily as Owner at 2 18 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 01:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rr.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://us10.hpwis.com/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RecordNow! - (no file)
HKLM-Run-HPHUPD05 - c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HKLM-Run-VTTimer - VTTimer.exe
Notify-WgaLogon - (no file)
AddRemove-KBD - c:\hp\KBD\KBD.EXE uninstalled
AddRemove-NVIDIA GART Driver - c:\windows\System32\nvugart.exe Uninstall
AddRemove-Pdf995 - c:\program files\pdf995\setup.exe uninstall
AddRemove-PS2 - c:\windows\system32\ps2.exe uninstall
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
AddRemove-{98E8A2EF-4EAE-43B8-A172-74842B764777} - c:\program files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 19:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(604)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(3392)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\windows\system32\wscntfy.exe
c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
c:\windows\System32\HPZipm12.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\program files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
.
**************************************************************************
.
Completion time: 2009-11-30 19:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-01 00:36

Pre-Run: 102,223,437,824 bytes free
Post-Run: 102,445,821,952 bytes free

- - End Of File - - 0D71B2D3282272900EF903E9A877FC0F

Edited by JLJ, 01 December 2009 - 11:07 AM.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,591 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:44 PM

Posted 01 December 2009 - 01:03 PM

Thats looking good :(

Can you please run DDS and post me the logs (post also attach.txt).

Also, please run MBAM, update it first and run a full scan and post me the log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 JLJ

JLJ
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 02 December 2009 - 12:58 PM

I think it's looking good.

DDS.txt


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 20:52:09.96 on Tue 12/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.504.87 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rr.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://us10.hpwis.com/
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [BackupNotify] c:\program files\hp\digital imaging\bin\backupnotify.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CamMonitor] c:\program files\hp\digital imaging\unload\hpqcmon.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [medicsp2] c:\program files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRunOnce: [ccube_TrustList] "c:\program files\ca\ca internet security suite\caunst.exe" /trustlist
dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoffi~1.lnk - c:\program files\hewlett-packard\hp officejet series 500\bin\HPOstr05.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/downloads/tgctlcm.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257625319187
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258507090484
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38045.2810763889
Notify: igfxcui - igfxsrvc.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-12-02 01:52:16 133520 ----a-w- c:\windows\system32\drivers\veteboot.1
2009-12-02 01:52:15 739696 ----a-w- c:\windows\system32\drivers\vetefile.1
2009-12-02 01:52:15 32240 ----a-w- c:\windows\system32\drivers\vetmonnt.1
2009-12-02 01:52:14 26352 ----a-w- c:\windows\system32\drivers\vet-filt.1
2009-12-02 01:52:14 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.1
2009-12-02 01:52:14 21104 ----a-w- c:\windows\system32\drivers\vet-rec.1
2009-11-30 23:59:38 98816 ----a-w- c:\windows\sed.exe
2009-11-30 23:59:38 77312 ----a-w- c:\windows\MBR.exe
2009-11-30 23:59:38 260608 ----a-w- c:\windows\PEV.exe
2009-11-30 23:59:38 161792 ----a-w- c:\windows\SWREG.exe
2009-11-19 00:16:31 0 d-----w- c:\program files\trend micro
2009-11-16 00:46:49 0 d-----w- c:\documents and settings\owner\DoctorWeb
2009-11-13 01:38:49 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-11-13 00:26:35 0 d-----w- C:\AutoRuns
2009-11-12 23:49:10 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-11-12 23:48:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-12 23:48:33 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-12 23:48:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-12 23:48:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 16:51:30 0 d-----w- C:\temp
2009-11-07 13:48:04 0 d-----w- c:\windows\system32\wbem\Repository
2009-11-07 12:46:37 0 ----a-w- c:\windows\system32\INOCBOOT.FOPE

==================== Find3M ====================

2009-12-01 01:14:22 91542 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-12-01 01:14:22 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-12-01 01:14:22 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-12-01 01:14:22 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-12-01 01:14:22 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-12-01 01:14:22 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-12-01 01:14:22 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-12-01 01:14:22 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-10-13 22:48:43 739752 ------w- c:\windows\system32\drivers\vetefile.sys
2009-10-13 22:48:42 133576 ------w- c:\windows\system32\drivers\veteboot.sys
2008-02-02 23:30:53 930 ----a-w- c:\program files\reset_minimal.zip
2008-02-02 23:30:05 379392 ----a-w- c:\program files\subinacl.msi
2004-07-16 01:22:24 3858944 -c--a-w- c:\program files\sspattsetup967_1754098763.exe
2004-04-02 23:07:39 2066688 -c--a-w- c:\program files\wnaccel410.exe

============= FINISH: 20:54:44.84 ==============

Here's the Attach.txt file

Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
SkinsHP1
SkinsHP2
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Update Manager
SpamSubtract
Symantec KB-DocID:2003093015493306
Symantec Technical Support Web Controls
TaxCut 2003
TaxCut 2004
TaxCut Deluxe 2005
TaxCut New York 2007
TaxCut New York 2008
TaxCut Premium + State + Efile 2008
TaxCut Premium + State 2007
TaxCut Premium 2006
toolkit
TrayApp
Uninstall Dual Mode Camera
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Updates from HP
Virtual Earth 3D (Beta)
WebFldrs XP
WebReg
Windows Communication Foundation
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Resource Kit Tools - SubInAcl.exe
Windows Workflow Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
XML Paper Specification Shared Components Pack 1.0
Zone Deluxe Games

==== Event Viewer Messages From Past Week ========

12/1/2009 8:43:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
12/1/2009 8:43:31 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/30/2009 7:19:41 PM, error: PlugPlayManager [11] - The device Root\LEGACY_ROOTREPEAL\0000 disappeared from the system without first being prepared for removal.
11/27/2009 5:38:29 PM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/27/2009 5:38:29 PM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================


MBAM log

Malwarebytes' Anti-Malware 1.41
Database version: 3271
Windows 5.1.2600 Service Pack 2

12/1/2009 9:15:25 PM
mbam-log-2009-12-01 (21-15-25).txt

Scan type: Quick Scan
Objects scanned: 108136
Time elapsed: 12 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,591 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:44 PM

Posted 02 December 2009 - 01:07 PM

Can you please post me the complete attach.txt?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 JLJ

JLJ
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 02 December 2009 - 03:27 PM

Do you mean as an attachment? Haven't tried that yet. Let me know if this worked or not.

Should I edit and delete it out of the prior posting?

And I see I missed several lines when I copied and pasted.
Let me know if you would prefer the full text pasted here.

Attached Files


Edited by JLJ, 02 December 2009 - 03:33 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users