Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit infection. Please Help!


  • This topic is locked This topic is locked
36 replies to this topic

#1 etrast75

etrast75

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 05 April 2010 - 07:51 AM

I believe I have a rootkit infection. Possible Origin from newsgroup files. randomly, clicking on search results in IE and firefox redirects me to unrelated pages. Ran combofix without realizing that I need to post my logs here. System is up and running and slightly slow. Logs attached. Help will be greatly appreciated. Ran spybot, malwarebytes but nothing was found.

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98Service.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\Prot_srv.exe
C:\Windows\system32\pstartSr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Altiris\StreamingAgent\bin\AppMgrService.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Microsoft Team Foundation Server 2008 Power Tools\TfsComProviderSvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Pointsec\Pointsec for PC\P95tray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\CA\eTrustITM\Realmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\XXXXXX\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://sparsh/v1
mStart Page = hxxp://sparsh/v1
mDefault_Page_URL = hxxp://sparsh/v1
uInternet Settings,ProxyServer = 192.168.208.146:80
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ViewerHelper Class: {78104a01-8e71-4f30-9a36-3793799615b4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 9.0 Helper: {e31ce47f-c268-41ba-897b-b415e613947d} - c:\program files\microsoft visual studio 9.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
uRun: [COMMUNICATOR] "c:\program files\microsoft office communicator\Communicator.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\users\XXXXXX\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [VMUserServices] c:\program files\virtual machine additions\vmusrvc.exe
mRun: [Realtime Monitor] "c:\program files\ca\etrustitm\realmon.exe" -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [DWPersistentQueuedReporting] c:\progra~1\common~1\micros~1\dw\DWTRIG20.EXE -a
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Pointsec Tray] c:\program files\pointsec\pointsec for pc\P95Tray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
StartupFolder: c:\users\XXXXXX\appdata\roaming\microsoft\windows\start menu\programs\startup\onenote 2007 screen clipper and launcher.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
mPolicies-system: LocalAccountTokenFilterPolicy = 1 (0x1)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Trusted Zone: XXXXX
Trusted Zone: XXXXXX.com\xnet
Trusted Zone: mssalesdemos.com
Trusted Zone: XXXXX
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E37C2807-AE9F-40C5-8FF2-001E17702FE1} - hxxp://XXXXXX:6000/Pages/Reports/PTreeViewCtrl5.ocx
Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Notify: igfxcui - igfxdev.dll
SEH: ShExecHookLib Class: {2d0c3614-d550-4b6b-bf80-d83c4544d6ae} - c:\program files\altiris\streamingagent\bin\ShExecHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\XXXXXX\appdata\roaming\mozilla\firefox\profiles\msnmlou4.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\XXXXXX\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\XXXXXX\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox 3.5rc2\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox 3.5rc2\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\mozilla firefox 3.5rc2\greprefs\all.js - pref("html5.enable", false);
d:\program files\mozilla firefox 3.5rc2\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox 3.5rc2\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox 3.5rc2\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox 3.5rc2\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox 3.5rc2\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\mozilla firefox 3.5rc2\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 APPSTREAM;APPSTREAM;c:\windows\system32\drivers\AppStream.sys [2008-11-10 121108]
R1 msvmmouf;Virtual Machine Additions Mouse Integration Filter Driver;c:\windows\system32\drivers\msvmmouf.sys [2007-12-6 7168]
R1 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-29 239336]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-8-12 73728]
R2 AppMgrService;AWE 5.2.2 Streaming Agent;c:\program files\altiris\streamingagent\bin\AppMgrService.exe [2008-11-10 2314240]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-5-24 36368]
R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2007-12-15 75016]
R2 MRxVPC;Virtual Machine Additions Folder Sharing Driver;c:\windows\system32\drivers\mrxvpc.sys [2008-4-29 102448]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2009-6-12 641584]
R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2009-6-12 154160]
R2 REGHOOK;REGHOOK;c:\windows\system32\drivers\RegHook.sys [2008-11-10 58975]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2007-5-24 110032]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2007-5-24 673456]
R2 VSPD;VSPD;c:\windows\system32\drivers\VSPD.sys [2008-11-10 31321]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-8-13 179712]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2007-5-24 2234800]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-13 111616]
S1 1-driver-vmsrvc;Virtual Machine Additions Services Driver;c:\windows\system32\drivers\vmsrvc.sys [2008-4-29 68144]
S2 1-vmsrvc;Virtual Machine Additions Services Application;c:\program files\virtual machine additions\vmsrvc.exe [2008-4-29 111664]
S2 gupdate1c9f7bd46c4b035;Google Update Service (gupdate1c9f7bd46c4b035);c:\program files\google\update\GOOGLEUPDATE.EXE [2009-6-28 133104]
S2 VPCMap;Virtual Machine Additions Shared Folder Service;c:\program files\virtual machine additions\vpcmap.exe [2008-4-29 78896]
S2 vsttcontroller;Visual Studio Team Test Controller;d:\program files\microsoft visual studio 9.0 team test load agent\loadtest\QTController.exe [2007-11-9 25096]
S3 dc21x4vm;dc21x4VM Based Network Adapter Driver;c:\windows\system32\drivers\dc21x4vm.sys [2006-11-2 52224]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-17 36608]
S3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);d:\program files\microsoft sql server\mssql10.mssqlserver\mssql\binn\fdlauncher.exe [2008-7-10 31256]
S3 OSearch;Office SharePoint Server Search;c:\program files\microsoft office servers\12.0\bin\mssearch.exe [2007-8-24 159616]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);d:\program files\microsoft sql server\msrs10.mssqlserver\reporting services\reportserver\bin\ReportingServicesService.exe [2009-3-29 1113448]
S3 SPAdmin;Windows SharePoint Services Administration;c:\program files\common files\microsoft shared\web server extensions\12\bin\WSSADMIN.EXE [2006-11-8 16224]
S3 SPTimerV3;Windows SharePoint Services Timer;c:\program files\common files\microsoft shared\web server extensions\12\bin\OWSTIMER.EXE [2007-8-26 58232]
S3 SPTrace;Windows SharePoint Services Tracing;c:\program files\common files\microsoft shared\web server extensions\12\bin\wsstracing.exe [2007-8-26 49024]
S3 SPWriter;Windows SharePoint Services VSS Writer;c:\program files\common files\microsoft shared\web server extensions\12\bin\SPWRITER.EXE [2007-8-26 38272]
S3 SQLBackupAgent;SQL Backup Agent;c:\program files\red gate\sql backup 6\(local)\SQBCoreService.exe [2010-1-24 3444432]
S3 ssosrv;Microsoft Single Sign-on Service;c:\program files\common files\microsoft shared\microsoft office 12 single sign-on\SSOSRV.EXE [2007-8-24 390024]
S3 TCN;TCN;c:\users\XXXXXX\appdata\local\temp\TCN.exe [2010-4-4 576384]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-12-17 99152]
S3 VIRTUALAUDIO;Service for Microsoft Virtual Machine Audio Device Driver (WDM);c:\windows\system32\drivers\VIRTUALAUDIO.sys [2007-12-6 40448]
S3 vpc-s3;vpc-s3;c:\windows\system32\drivers\vpc-s3.sys [2007-12-6 67584]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\microsoft visual studio 9.0\team tools\performance tools\VSPerfDrv90.sys [2007-9-4 55664]
S4 DCLauncher;Office Document Conversions Launcher Service;c:\program files\microsoft office servers\12.0\bin\Microsoft.Office.Server.Conversions.Launcher.exe [2007-8-24 95632]
S4 DCLoadBalancer;Office Document Conversions Load Balancer Service;c:\program files\microsoft office servers\12.0\bin\Microsoft.Office.Server.Conversions.LoadBalancer.exe [2007-8-24 50576]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 SPSearch;Windows SharePoint Services Search;c:\program files\common files\microsoft shared\web server extensions\12\bin\mssearch.exe [2007-8-24 159648]

============== File Associations ===============

.reg=txtfile

=============== Created Last 30 ================

2010-04-05 02:20:43 0 d-----w- c:\programdata\Sun
2010-04-05 02:01:59 0 d-----w- c:\program files\Sophos
2010-04-05 01:03:49 0 d-----w- c:\users\XXXXXX\appdata\roaming\Malwarebytes
2010-04-05 01:03:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-05 01:03:35 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-05 01:03:35 0 d-----w- c:\programdata\Malwarebytes
2010-04-05 01:03:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-04 20:32:52 86554414 ----a-w- c:\windows\system32\LWQEAL
2010-04-04 19:47:32 0 d-s---w- C:\ComboFix
2010-04-04 14:48:45 98816 ----a-w- c:\windows\sed.exe
2010-04-04 14:48:45 77312 ----a-w- c:\windows\MBR.exe
2010-04-04 14:48:45 261632 ----a-w- c:\windows\PEV.exe
2010-04-04 14:48:45 161792 ----a-w- c:\windows\SWREG.exe
2010-04-04 14:28:26 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-04 14:28:26 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-03 20:36:51 0 d-----w- c:\users\XXXXXX\appdata\roaming\AVS4YOU
2010-04-03 20:35:27 0 d-----w- c:\program files\common files\AVSMedia
2010-04-03 20:35:24 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-04-03 20:35:23 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-04-03 20:35:23 0 d-----w- c:\programdata\AVS4YOU
2010-04-03 20:35:23 0 d-----w- c:\program files\AVS4YOU
2010-04-03 20:18:33 0 d-----w- c:\users\XXXXX\.dvdcss
2010-04-03 20:18:16 0 d-----w- c:\users\XXXXXX\appdata\roaming\Digiarty
2010-04-03 20:18:07 0 d-----w- c:\program files\Digiarty
2010-04-03 20:09:40 819200 ----a-w- c:\windows\system32\xvidcore.dll
2010-04-03 20:09:40 77824 ----a-w- c:\windows\system32\xvid.ax
2010-04-03 20:09:40 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-04-03 20:09:40 0 d-----w- c:\program files\Xvid
2010-03-27 01:37:04 0 d-----w- c:\users\XXXXXX\appdata\roaming\uTorrent
2010-03-25 20:20:33 0 d-----w- c:\programdata\Konesans
2010-03-10 17:46:53 398632 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2010-03-10 17:46:53 345384 ----a-w- c:\windows\system32\dsNcCredProv.dll
2010-03-10 17:45:38 0 d-----w- c:\program files\Juniper Networks

==================== Find3M ====================

2010-04-05 10:20:59 151096 ----a-w- c:\windows\system32\drivers\pci.sys
2010-03-10 17:46:38 86016 ----a-w- c:\windows\inf\infpub.dat
2010-03-10 17:46:37 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-10 17:46:37 143360 ----a-w- c:\windows\inf\infstor.dat
2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-25 12:48:34 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48:34 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48:34 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48:06 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45:56 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35:01 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35:00 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34:56 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34:56 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2008-10-23 07:55:33 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-07-16 11:41:47 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:09 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:09 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:09 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:09 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-23 14:24:58 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-11-23 14:24:58 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-10-21 16:35:39 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2009-10-21 16:35:39 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2009-10-21 16:35:39 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-11-23 14:24:58 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-20 04:15:26 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-04 08:23:46 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009090420090905\index.dat

============= FINISH: 6:22:05.69 ===============

Attached Files


Edited by etrast75, 05 April 2010 - 08:37 AM.


BC AdBot (Login to Remove)

 


#2 etrast75

etrast75
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 06 April 2010 - 04:31 PM

The situation has got worse since yesterday. Now I have random popups for Vista Internet security 2010. Task manager would not run. Browser still hijacked.

Please help!
===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the MRT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator


More Updated from today
it looks like it is an atapi.sys rootkit infection. Ran malwarebytes and eset and removed a bunch of files. tdsskiller found infection in atapi.sys and said it restored an backup copy but it looks like that is also infected. As of now, I am seeing only browser search hijacks which are not going away. need to figure out a way to restore a clean copy of atapi.sys


Edited by etrast75, 07 April 2010 - 04:11 PM.


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:45 AM

Posted 08 April 2010 - 01:43 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 etrast75

etrast75
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 08 April 2010 - 02:32 PM

Elise,
Thanks for the response. The problems still exist. I did a bit of cleaning myself but the browser redirects are still there.. will post the logs in a bit.

Again Thanks

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:45 AM

Posted 08 April 2010 - 02:33 PM

Okay, I'll wait for your logs smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 etrast75

etrast75
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 08 April 2010 - 02:42 PM

While I wait for my laptop to come up to generate logs, below is a brief history of what has happened so far

Believe I got infected sometime last weekend.

Initially started with google search results getting redirected. Figured it was a rootkit and used things like combofix (now I know better!) etc trying to get rid of the malware. Nothing worked. MBAM, SPybot did not detect anything.

Come Tuesday, suddenly I get the dreaded av.exe and security center screens. Now I run MBAM and it finds the entries and deleted them. But still files are getting generated in ProgramData directory

Ran ESET and it found gport_.dll trojan. tdsskiller says I have tdss rootkit in atapi.sys but it cannot seem to replace it with a clean file.

Today, redirects are still there but suddently I am getting tons of files in temporary internet files whenever I connect to internet. My virus scanner is detecting them (PDF exploit) but the files are getting generated anyway.

I am mentally getting myself ready for a format and reimage.

If you can help me nail down the issue and get rid of it before I reimage it would save me a lot of hassle.

Thanks

#7 etrast75

etrast75
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 08 April 2010 - 03:05 PM

This is the OTL log file. I got a BSOD before it could generate the extra log file

-----------------
OTL logfile created on: 4/8/2010 3:44:03 PM - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\xxxxxx\Desktop
Windows Vista Enterprise Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 44.00% Memory free
5.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 42.06 Gb Total Space | 4.45 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
Drive D: | 106.99 Gb Total Space | 102.06 Gb Free Space | 95.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 596.17 Gb Total Space | 411.98 Gb Free Space | 69.10% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BLRKEC44565L
Current User Name: xxxxx
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- C:\Program Files\CA\SharedComponents\CA_LIC\lic98Service.exe
PRC - [2010/04/08 15:43:56 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/09 09:25:16 | 000,615,720 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/12/07 19:30:09 | 000,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
PRC - [2009/09/17 18:30:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/09/17 18:30:00 | 000,367,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\SMSCliUI.exe
PRC - [2009/07/15 23:11:39 | 000,389,864 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoTask.exe
PRC - [2009/06/12 07:01:04 | 000,641,584 | ---- | M] () -- C:\Windows\System32\Prot_srv.exe
PRC - [2009/06/12 07:01:04 | 000,154,160 | ---- | M] () -- C:\Windows\System32\pstartSr.exe
PRC - [2009/04/23 01:30:18 | 000,192,512 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRPC.exe
PRC - [2009/02/21 09:08:19 | 000,208,896 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe
PRC - [2008/11/07 05:58:54 | 000,114,512 | ---- | M] () -- C:\Program Files\Microsoft Team Foundation Server 2008 Power Tools\TfsComProviderSvr.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/10 06:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/05/08 08:46:06 | 000,098,304 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
PRC - [2008/05/08 08:45:46 | 000,155,648 | ---- | M] (iPass, Inc.) -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
PRC - [2008/01/18 14:08:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/18 14:03:14 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/12/15 08:22:32 | 000,075,016 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
PRC - [2007/09/07 00:55:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/08/29 03:55:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/05/24 00:43:54 | 002,691,158 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
PRC - [2007/05/24 00:43:50 | 000,036,955 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
PRC - [2007/05/24 00:43:48 | 000,106,586 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
PRC - [2007/02/04 22:27:24 | 000,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
PRC - [2007/01/16 21:27:58 | 000,407,632 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\Realmon.exe
PRC - [2006/09/10 19:10:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/05/12 12:40:38 | 004,167,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office Communicator\communicator.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 15:43:56 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe
MOD - [2008/01/18 13:56:36 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (TCN)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (AcronisOSSReinstallSvc)
SRV - [2009/12/09 09:25:16 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/12/07 19:30:09 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2009/09/17 18:30:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/17 18:30:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/15 23:11:39 | 000,389,864 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask)
SRV - [2009/07/02 05:40:16 | 003,217,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2009/06/12 07:01:04 | 000,641,584 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Prot_srv.exe -- (Pointsec)
SRV - [2009/06/12 07:01:04 | 000,154,160 | ---- | M] () [Auto | Running] -- C:\Windows\System32\pstartSr.exe -- (Pointsec_start)
SRV - [2009/04/23 01:30:18 | 000,192,512 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRpc.exe -- (InoRPC)
SRV - [2009/03/29 17:55:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2009/03/29 17:53:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/29 17:53:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE -- (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER)
SRV - [2009/03/29 16:46:52 | 001,113,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe -- (ReportServer) SQL Server Reporting Services (MSSQLSERVER)
SRV - [2009/03/29 16:21:38 | 021,953,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe -- (MSSQLServerOLAPService) SQL Server Analysis Services (MSSQLSERVER)
SRV - [2009/02/21 09:08:19 | 000,208,896 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT)
SRV - [2008/07/10 06:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/07/10 05:49:34 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008/07/10 05:22:36 | 000,218,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer100)
SRV - [2008/07/10 05:15:32 | 000,031,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe -- (MSSQLFDLauncher) SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
SRV - [2008/06/12 13:27:44 | 001,720,320 | ---- | M] (iPass, Inc.) [On_Demand | Stopped] -- C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2008/05/08 08:46:06 | 000,098,304 | ---- | M] (iPass, Inc.) [Auto | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2008/05/08 08:45:46 | 000,155,648 | ---- | M] (iPass, Inc.) [On_Demand | Running] -- C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2008/04/06 23:47:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/18 14:08:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 14:04:34 | 000,371,200 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2008/01/18 14:04:34 | 000,371,200 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2008/01/18 14:03:44 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/18 14:03:14 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/12/15 08:22:32 | 000,075,016 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2007/11/09 09:47:22 | 000,025,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Program Files\Microsoft Visual Studio 9.0 Team Test Load Agent\LoadTest\QTController.exe -- (vsttcontroller)
SRV - [2007/09/07 00:55:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 03:55:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/08/26 00:01:20 | 000,038,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\SPWRITER.EXE -- (SPWriter)
SRV - [2007/08/26 00:01:18 | 000,058,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\OWSTIMER.EXE -- (SPTimerV3)
SRV - [2007/08/26 00:01:18 | 000,049,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\wsstracing.exe -- (SPTrace)
SRV - [2007/08/24 09:21:30 | 000,095,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office Servers\12.0\Bin\Microsoft.Office.Server.Conversions.Launcher.exe -- (DCLauncher)
SRV - [2007/08/24 09:21:30 | 000,050,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office Servers\12.0\Bin\Microsoft.Office.Server.Conversions.LoadBalancer.exe -- (DCLoadBalancer)
SRV - [2007/08/24 08:55:08 | 000,159,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\mssearch.exe -- (SPSearch)
SRV - [2007/08/24 08:53:54 | 000,159,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office Servers\12.0\Bin\mssearch.exe -- (OSearch)
SRV - [2007/08/24 08:21:12 | 000,390,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Microsoft Office 12 Single Sign-on\SSOSRV.EXE -- (ssosrv)
SRV - [2007/05/24 00:43:50 | 000,036,955 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_Watchdog)
SRV - [2007/05/24 00:43:48 | 000,106,586 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2007/02/04 22:27:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2006/11/08 23:33:24 | 000,016,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\WSSADMIN.EXE -- (SPAdmin)


========== Driver Services (SafeList) ==========

DRV - [2009/12/17 05:32:34 | 000,099,152 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009/12/09 09:10:40 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/11/20 05:56:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/10/09 23:15:17 | 000,034,944 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\covpnwlh.sys -- (urvpndrv)
DRV - [2009/10/09 23:15:12 | 000,013,952 | ---- | M] (F5 Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\urfltwlh.sys -- (f5ipfw)
DRV - [2009/09/17 18:30:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/16 06:05:42 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009/06/12 07:00:12 | 000,220,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prot_2k.sys -- (prot_2k)
DRV - [2009/05/18 01:12:12 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/29 17:39:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/01/23 06:33:35 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/07/16 20:12:47 | 000,028,672 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2008/02/04 16:20:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008/01/18 12:25:34 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2008/01/18 10:55:06 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/02 07:18:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/12/06 14:32:20 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpc-s3.sys -- (vpc-s3)
DRV - [2007/12/06 14:32:20 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIRTUALAUDIO.sys -- (VIRTUALAUDIO) Service for Microsoft Virtual Machine Audio Device Driver (WDM)
DRV - [2007/10/26 05:09:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/10/18 11:44:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2007/09/17 06:23:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/09/07 00:56:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/04 07:23:34 | 000,055,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys -- (VSPerfDrv90)
DRV - [2007/08/06 12:37:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2007/06/06 13:51:32 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/05/24 00:43:58 | 000,036,368 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\omdrv.sys -- (CP_OMDRV)
DRV - [2007/05/24 00:43:54 | 002,234,800 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fw.sys -- (FW1)
DRV - [2007/05/24 00:43:52 | 000,110,032 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vnasc.sys -- (VNASC)
DRV - [2007/05/24 00:43:50 | 000,673,456 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vpn.sys -- (VPN-1)
DRV - [2007/04/27 01:26:54 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/04/16 13:14:34 | 000,046,992 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/11/14 14:46:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 10:12:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 08:05:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 03:30:53 | 000,052,224 | ---- | M] (Microsoft Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc21x4vm.sys -- (dc21x4vm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sparsh/v1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-266749940-1637964444-929701000-682827\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-266749940-1637964444-929701000-682827\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-266749940-1637964444-929701000-682827\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-266749940-1637964444-929701000-682827\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.208.146:80

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.19.1
FF - prefs.js..extensions.enabledItems: {70171e70-9057-11da-9562-00e08161165f}:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.5.10
FF - prefs.js..network.proxy.autoconfig_url: "http://sparsh/kec.pac"
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8888
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 8888
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 8888
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8888
FF - prefs.js..network.proxy.ftp: "192.168.208.146"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "192.168.208.146"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "192.168.208.146"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.ssl: "192.168.208.146"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 13:26:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/08 13:20:35 | 000,000,000 | ---D | M]

[2008/10/17 03:51:19 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Extensions
[2010/04/08 09:31:10 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\msnmlou4.default\extensions
[2009/08/13 12:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\msnmlou4.default\extensions\{70171e70-9057-11da-9562-00e08161165f}
[2010/01/19 13:04:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\msnmlou4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/13 10:20:07 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\msnmlou4.default\extensions\firebug@software.joehewitt.com
[2010/03/13 10:20:10 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\msnmlou4.default\extensions\foxmarks@kei.com
[2010/02/22 11:32:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\msnmlou4.default\extensions\foxyproxy@eric.h.jung
[2010/04/04 12:22:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mozilla\Firefox\Profiles\msnmlou4.default\extensions\personas@christopher.beard
[2009/06/04 07:05:15 | 000,002,164 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Mozilla\FireFox\Profiles\msnmlou4.default\searchplugins\bing.xml
[2010/04/08 09:31:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/08 11:17:11 | 000,000,916 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 12.173.22.179 fpvpn.atlmtc.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#
O1 - Hosts: 12.173.22.179 fpvpn #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#
O2 - BHO: (ViewerHelper Class) - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-266749940-1637964444-929701000-682827\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\microsoft shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe File not found
O4 - HKLM..\Run: [Realtime Monitor] C:\Program Files\CA\eTrustITM\realmon.exe (CA)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe File not found
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-266749940-1637964444-929701000-682827..\Run: [COMMUNICATOR] C:\Program Files\Microsoft Office Communicator\Communicator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-266749940-1637964444-929701000-682827..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-266749940-1637964444-929701000-682827\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-266749940-1637964444-929701000-682827\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-266749940-1637964444-929701000-682827\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-266749940-1637964444-929701000-682827\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-266749940-1637964444-929701000-682827\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: blrkec142100d ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: xxxxx.com ([xnet] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mssalesdemos.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: xxxxx01 ([]http in Trusted sites)
O15 - HKU\S-1-5-21-266749940-1637964444-929701000-682827\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://fpvpn.atlmtc.com/vdesk/terminal/urx...1,2009,1010,313 (F5 Networks VPN Manager)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://fpvpn.atlmtc.com/vdesk/terminal/f5t...1,2009,1010,310 (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\xxxxx\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab (F5 Networks Auto Update)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://fpvpn.atlmtc.com/vdesk/terminal/urx...1,2009,1010,308 (F5 Networks SuperHost Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://fpvpn.atlmtc.com/vdesk/terminal/urx...1,2009,1010,304 (F5 Networks Host Control)
O16 - DPF: {E37C2807-AE9F-40C5-8FF2-001E17702FE1} http://xxxxx01:6000/Pages/Reports/PTreeViewCtrl5.ocx (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.93.87.2 151.197.0.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.xxxxx.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\rmh {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/msword {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-excel {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd.ms-powerpoint {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/vnd-viewer {CD4527E8-4FC7-48DB-9806-10537B501237} - C:\Program Files\Microsoft\Rights Management Add-on\rmadoc.exe (Microsoft Corporation)
O18 - Protocol\Filter\application/x-microsoft-rpmsg-message {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (pssogina.dll) - File not found
O20 - Winlogon\Notify\gport_: DllName - gport_.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ave.exe" /START "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 15:43:53 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe
[2010/04/08 15:35:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/08 08:33:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/08 08:33:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/08 08:33:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/08 07:08:15 | 000,036,488 | ---- | C] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmd.sys
[2010/04/07 20:28:47 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Threat Expert
[2010/04/07 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/07 19:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/04/07 17:38:49 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/04/07 17:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/04/07 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/07 15:15:05 | 000,021,560 | ---- | C] (Microsoft Corporation) -- C:\Users\xxxxx\Desktop\atapi.sys
[2010/04/07 15:13:53 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/04/07 14:29:08 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\Desktop\tdsskiller
[2010/04/06 19:05:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/06 19:05:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/04/06 19:05:09 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\temp
[2010/04/06 17:36:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/06 17:36:01 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/05 20:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/05 11:50:04 | 000,013,952 | ---- | C] (F5 Networks) -- C:\Windows\System32\drivers\urfltwlh.sys
[2010/04/05 08:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/04/04 22:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/04 21:03:49 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Malwarebytes
[2010/04/04 21:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/04 10:48:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/04 10:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/04/03 16:36:51 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\AVS4YOU
[2010/04/03 16:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/04/03 16:35:24 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll
[2010/04/03 16:35:23 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2010/04/03 16:18:16 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Digiarty
[2010/03/26 21:37:04 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\uTorrent
[2010/03/25 16:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Konesans
[2010/03/11 06:25:02 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/03/11 06:24:12 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/11 06:24:12 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/11 06:24:12 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/11 06:24:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/11 06:24:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/11 06:24:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/11 06:24:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/11 06:24:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/11 06:24:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/11 06:24:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/11 06:24:10 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/11 06:24:10 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/11 06:24:10 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/11 06:24:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/10 13:46:53 | 000,398,632 | ---- | C] (Juniper Networks) -- C:\Windows\System32\dsNcSmartCardProv.dll
[2010/03/10 13:46:53 | 000,345,384 | ---- | C] (Juniper Networks) -- C:\Windows\System32\dsNcCredProv.dll
[2010/03/10 13:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2010/03/10 04:49:32 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/03/10 04:49:32 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/03/10 04:49:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/03/10 04:49:32 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/03/10 04:49:32 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/03/10 04:49:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/03/10 04:49:31 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/03/10 04:49:31 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/03/10 04:49:31 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/03/10 04:49:31 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/03/10 04:49:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/10 04:49:30 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/03/10 04:49:30 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/03/10 04:49:30 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/03/10 04:49:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/03/10 04:49:30 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/03/10 04:49:29 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/03/10 04:49:29 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/03/10 04:49:29 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/03/10 04:49:29 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/03/10 04:49:28 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/03/10 04:49:28 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/03/10 04:49:27 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/03/10 04:49:27 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/03/10 04:49:27 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/03/10 04:49:27 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/03/10 04:49:27 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe

========== Files - Modified Within 30 Days ==========

[2010/04/08 15:44:31 | 006,815,744 | -HS- | M] () -- C:\Users\xxxxx\NTUSER.DAT
[2010/04/08 15:44:22 | 000,293,376 | ---- | M] () -- C:\Users\xxxxx\Desktop\jb9hhxdp.exe
[2010/04/08 15:43:56 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe
[2010/04/08 15:43:12 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3E6FFF13-9EF7-4067-94F4-29214258053F}.job
[2010/04/08 15:39:50 | 000,003,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/08 15:39:50 | 000,003,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/08 15:35:17 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/04/08 15:35:17 | 000,000,023 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2010/04/08 15:22:06 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-266749940-1637964444-929701000-682827UA.job
[2010/04/08 15:14:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/08 13:43:32 | 000,000,462 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2010/04/08 13:40:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/08 13:39:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/08 13:39:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/08 13:39:41 | 3747,606,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/08 13:32:26 | 000,524,288 | -HS- | M] () -- C:\Users\xxxxx\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2010/04/08 13:32:26 | 000,065,536 | -HS- | M] () -- C:\Users\xxxxx\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2010/04/08 13:32:20 | 004,400,252 | -H-- | M] () -- C:\Users\xxxxx\AppData\Local\IconCache.db
[2010/04/08 12:08:38 | 000,021,504 | ---- | M] () -- C:\Users\xxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 11:17:11 | 000,000,916 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/08 11:04:42 | 000,001,764 | -H-- | M] () -- C:\Users\xxxxx\Documents\Default.rdp
[2010/04/08 10:22:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-266749940-1637964444-929701000-682827Core.job
[2010/04/08 08:33:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/04/08 08:33:06 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/08 08:33:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/08 08:33:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/08 07:08:15 | 000,036,488 | ---- | M] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmd.sys
[2010/04/07 17:43:47 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/04/07 17:38:49 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/04/07 17:19:58 | 000,000,759 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2010/04/07 15:15:05 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Users\xxxxx\Desktop\atapi.sys
[2010/04/07 14:28:41 | 000,154,469 | ---- | M] () -- C:\Users\xxxxx\Desktop\tdsskiller.zip
[2010/04/07 13:43:55 | 000,378,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/07 10:31:52 | 000,632,598 | ---- | M] () -- C:\Users\xxxxx\Documents\bookmarks-2010-04-07.json
[2010/04/07 00:11:58 | 356,056,016 | ---- | M] () -- C:\Users\xxxxx\Documents\regbackup_20100406.reg
[2010/04/06 19:02:01 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/04/06 17:36:06 | 000,000,624 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/05 14:21:40 | 001,269,670 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/05 14:21:40 | 000,998,968 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/05 14:21:40 | 000,261,966 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/05 13:13:41 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/05 10:09:31 | 000,630,702 | ---- | M] () -- C:\Users\xxxxx\Documents\bookmarks-2010-04-05.json
[2010/04/04 16:37:05 | 086,554,414 | ---- | M] () -- C:\Windows\System32\LWQEAL
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/28 16:07:45 | 000,530,462 | ---- | M] () -- C:\Users\xxxxx\Documents\qw3311.pdf
[2010/03/26 08:50:28 | 000,029,184 | ---- | M] () -- C:\Users\xxxxx\Documents\Claim no. 791153 redirected by FA.msg
[2010/03/17 08:51:42 | 000,082,696 | ---- | M] (Microsoft Corporation.) -- C:\Windows\System32\lmdimon8.dll
[2010/03/10 04:58:13 | 000,005,522 | RHS- | M] () -- C:\Users\xxxxx\ntuser.pol

========== Files Created - No Company Name ==========

[2010/04/08 15:44:21 | 000,293,376 | ---- | C] () -- C:\Users\xxxxx\Desktop\jb9hhxdp.exe
[2010/04/07 20:15:09 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/04/07 17:20:15 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/04/07 15:38:35 | 3747,606,528 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/07 14:29:04 | 000,154,469 | ---- | C] () -- C:\Users\xxxxx\Desktop\tdsskiller.zip
[2010/04/07 10:31:52 | 000,632,598 | ---- | C] () -- C:\Users\xxxxx\Documents\bookmarks-2010-04-07.json
[2010/04/07 00:11:38 | 356,056,016 | ---- | C] () -- C:\Users\xxxxx\Documents\regbackup_20100406.reg
[2010/04/06 17:36:06 | 000,000,624 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/05 10:09:31 | 000,630,702 | ---- | C] () -- C:\Users\xxxxx\Documents\bookmarks-2010-04-05.json
[2010/04/05 08:07:07 | 000,048,128 | ---- | C] () -- C:\Windows\Fonts\6G7LtRKJR.com
[2010/04/04 16:32:52 | 086,554,414 | ---- | C] () -- C:\Windows\System32\LWQEAL
[2010/03/28 16:07:45 | 000,530,462 | ---- | C] () -- C:\Users\xxxxx\Documents\qw3311.pdf
[2010/03/27 10:17:08 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-266749940-1637964444-929701000-682827UA.job
[2010/03/27 10:17:07 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-266749940-1637964444-929701000-682827Core.job
[2010/03/26 08:50:27 | 000,029,184 | ---- | C] () -- C:\Users\xxxxx\Documents\Claim no. 791153 redirected by FA.msg
[2010/03/11 06:24:11 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/02/21 09:01:08 | 000,053,543 | ---- | C] () -- C:\Users\xxxxx\pl.ini
[2009/11/11 23:20:25 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2009/10/23 05:32:40 | 000,000,462 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2009/10/17 08:46:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/10/17 08:46:55 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/09/16 03:35:25 | 000,004,096 | -H-- | C] () -- C:\Users\xxxxx\AppData\Local\keyfile3.drm
[2009/07/14 01:36:25 | 000,037,970 | ---- | C] () -- C:\Users\xxxxx\tcp
[2009/07/14 01:35:06 | 000,067,925 | ---- | C] () -- C:\Users\xxxxx\host blrkec65941d
[2009/06/12 07:00:12 | 000,220,848 | ---- | C] () -- C:\Windows\System32\drivers\prot_2k.sys
[2009/06/02 21:43:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2008/12/23 04:39:48 | 000,079,673 | ---- | C] () -- C:\Users\xxxxx\Workbench.htm
[2008/11/23 23:52:32 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/11/21 02:34:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/11/12 04:36:09 | 000,021,504 | ---- | C] () -- C:\Users\xxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/16 06:29:49 | 000,005,522 | RHS- | C] () -- C:\Users\xxxxx\ntuser.pol
[2008/10/16 06:29:44 | 000,524,288 | -HS- | C] () -- C:\Users\xxxxx\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000002.regtrans-ms
[2008/10/16 06:29:44 | 000,524,288 | -HS- | C] () -- C:\Users\xxxxx\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TMContainer00000000000000000001.regtrans-ms
[2008/10/16 06:29:44 | 000,262,144 | -H-- | C] () -- C:\Users\xxxxx\ntuser.dat.LOG1
[2008/10/16 06:29:44 | 000,065,536 | -HS- | C] () -- C:\Users\xxxxx\NTUSER.DAT{42133cf1-6a70-11db-bbc9-fdca8d8bcc9d}.TM.blf
[2008/10/16 06:29:44 | 000,002,032 | ---- | C] () -- C:\Users\xxxxx\AppData\Local\d3d9caps.dat
[2008/10/16 06:29:44 | 000,000,000 | -H-- | C] () -- C:\Users\xxxxx\ntuser.dat.LOG2
[2008/10/16 06:29:41 | 006,815,744 | -HS- | C] () -- C:\Users\xxxxx\NTUSER.DAT
[2008/10/16 06:29:41 | 000,000,020 | -HS- | C] () -- C:\Users\xxxxx\ntuser.ini
[2008/08/13 00:19:18 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/08/13 00:19:12 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/13 00:19:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/08/13 00:19:05 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/08/13 00:19:05 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/08/13 00:19:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/07/20 23:51:28 | 000,005,840 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/07/16 06:53:23 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/10/25 07:56:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007/05/24 00:44:02 | 000,004,133 | ---- | C] () -- C:\Windows\entrust.ini
[2007/05/24 00:43:48 | 000,106,584 | ---- | C] () -- C:\Windows\System32\fwnetcfg.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
-----------------------------------------------------------------------

#8 etrast75

etrast75
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 08 April 2010 - 03:11 PM

GMER Log (part 1)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-08 16:01:47
Windows 6.0.6001 Service Pack 1
Running: jb9hhxdp.exe; Driver: C:\Users\xxxx\AppData\Local\Temp\uwtiifod.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Windows\System32\Drivers\prot_2k.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 777C8968 5 Bytes JMP 003A000A
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory 777C92A8 5 Bytes JMP 003B000A
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher 777C99E8 5 Bytes JMP 0039000A
.text C:\Windows\Explorer.EXE[2380] ntdll.dll!NtProtectVirtualMemory 777C8968 5 Bytes JMP 0027000A
.text C:\Windows\Explorer.EXE[2380] ntdll.dll!NtWriteVirtualMemory 777C92A8 5 Bytes JMP 016B000A
.text C:\Windows\Explorer.EXE[2380] ntdll.dll!KiUserExceptionDispatcher 777C99E8 5 Bytes JMP 0016000A
.text C:\Windows\system32\svchost.exe[3516] kernel32.dll!PulseEvent + D96E 75F94BE0 1 Byte [69]
.text C:\Windows\system32\svchost.exe[3516] kernel32.dll!PulseEvent + D96E 75F94BE0 3 Bytes [69, 00, 63]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\winlogon.exe [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\winlogon.exe[636] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\services.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\services.exe [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\services.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\services.exe[676] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[844] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ c:\windows\system32\rpcss.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[916] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[952] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\System32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)

GMER Log (Part 2)

IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1044] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\System32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\System32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[1088] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [02290550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [02291320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [02291720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [02290980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [02290550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [02290980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [02290980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [02290550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [02291720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [02290980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [02290550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [02290980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [02290550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [02291720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [02290980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [02290980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [02290550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [02290980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [02290550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [02290980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [02290550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [02291720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0228FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [02290980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [022907E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1116] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [02290F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1260] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\shell32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1368] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ c:\windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1548] @ C:\Windows\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[1892] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[2044] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [03C30980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [KERNEL32.dll!CreateProcessW] [03C31720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747A7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747E98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747AD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7479F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747A7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7479E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747DB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [747AD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747A012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747A0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

GMER Log (part 3)

IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747971F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7482D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [747C75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7479DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7479668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747966BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747A1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [03C30550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [03C30980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [03C30980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [03C30550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [03C30980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [03C30550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [03C31720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [03C30980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [03C31320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [03C31720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [03C30980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [03C30980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [03C30550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [03C30550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [03C31720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [03C30980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [03C30F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [03C30550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [03C31720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [03C30980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [03C30980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [03C30980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [03C30550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\System32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [03C307E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\Explorer.EXE[2380] @ C:\Windows\System32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [03C2FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\msiexec.exe[3168] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3232] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3352] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ c:\windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ c:\windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3516] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3540] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3644] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\system32\svchost.exe[3684] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [10011320] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [10010B20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [10011720] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010F20] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [10010550] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [10010980] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [100107E0] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)
IAT C:\Windows\System32\svchost.exe[3824] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [1000FB80] C:\Program Files\CA\SharedComponents\PPRealtime\bin\CACheck.dll (API interceptors/CA, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ino_flpy.sys (CA eTrust Antivirus/InoculateIT File System Mounting Filter Driver for Windows 2000/XP/2003/Vista/Computer Associates)
AttachedDevice \FileSystem\Ntfs \Ntfs ino_fltr.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\prepdrvr \Device\PrepDrv AB6B4486
Device -> \Driver\atapi \Device\Harddisk0\DR0 85D12AC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Bind ???0?n???????0??????????????%windir%\system32\svchost.exe -k iissvcs??????Z??0?????????e?????????/???t???????e?????????%???%???%???%???%???%???%????@%windir%\system32\inetsrv\iisres.dll,-30001????? ???/????????????????Z??0?????????? T??????????????????????????\??\PCI#VEN_8086&DEV_2832&SUBSYS_02091028&REV_02#3&2b8e0b4b&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}vic???????????r???????????4???????0???l???????/???+?@?@???/??C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL????????????f???????a??? ?????????????0?????,????>?????d???????gt????d??0???u???????e??C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL???? ??e????P??????D3???????????F???e??? ???/???-??????em???????????r????nAPI?????0?????????????L??|????????/???T???????????????????0?????????????P????? ???????1?????0???????#?????????????????????7?7????mnmdd???????4&28b7cd23&0?????/???0??????????????? ???????0???????????+???????? ?d????????????????????s????d??0??????????????C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFREL.DLL????????????s???????\??? ?????????????
Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Route ???2????? ???????*???????????Z?"??????4? ???&???????????????????? ??????????????????????????? ??????????????? ?????????????????????d?]??? ???????1?????2???????#?????????????????????????1???1??????????? ???????1?????2???????#????????????????????? ???????1???????????)?#?????????????????????????????????????????1??????????*isatap?????? ???????1?????1???????#???????????????????????2?????2???2???????????1????p??????(?(?(?)?2?1?2?2?2?1?2??? ?????????????????????1?????? ?R???????????p????1???2??? ?????????????????????"????????(?'?*???????????????????????@???20090702085418490???????? ???????/?????2???????#????????????&?????????????????????????X??3???3???t??????????? ???????8?8?????2???6?8?4???2??? ???????2???????????(?#???????????????????????1?????????????.???????2???2????:??1???n?g%m??@nettun.inf,%msft%;Microsoft??????`??3???0???2??*isatap?????nettun.inf?2??????(??U???5??22???????5???L??s?????????????????????????R??1???1??????????%SystemRoot%\system32\inetsrv\iisres.dll?????&`??2??????????????????????????Net??4???2?
Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Linkage@Export ???<?8??????????? ???????9?????Y???????#????????????&????????????????????_???????<???-??????B5???????<???6??08??6-21-2006????<??? ???????????????????V???????? ?6???????????.NT?????? ???<???????????C?????<?????W?W?W???????<??????no??Microsoft????????????????????<???????????.??8.??\\?\STORAGE#Volume#1&19f7e59c&0&_??_USBSTOR#Disk&Ven_LEXAR&Prod_JUMPDRIVE_PRO&Rev_1000#33000000544000000987&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}?re??? ???????9?????<???????#????????????&????????????????????-??? ???????<?????<???????#????????????????????? ???????<???????????3?#?????????????????????????<???<??????volume.inf?are??? ???<???h????? Ad??volume_install?223??? ???????<?????<???????#????????????????????? ???????<???????????3?#????????????????????????????????{9???????<??? ??????volume_install???<??? ???<???<???????<??? ???????<?????<???????#???????????????????????<?????????????<??? ???????<???????????3?#???????????????????????<?????????????t??o????<???????<??????????.NTx86???9???????<?
Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Bind ??????????????????????????????????m?*I??????????? ???????????????????&????????"???????????????????????????????????????\??^???1???????A???o?v?o??255.255.255.255??7????????????????????m????????k???Q?????????????t????????m?????nolower??????????????????e??System?Con????X??Q??????????? ???????>?????????????#??L????????? ????????????N?N????????????????????????? 0??M??????????????????????\\?\STORAGE#VOLUMESNAPSHOT#HARDDISKVOLUMESNAPSHOT2#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???? ???????5?????B???????#????????????&????????????????????C??? ?????????????????????#?????????????????????Y?Y?Y??????????? 0??????C??????????? ???????????????????4?#?????????????????????$??????????? ??????????? ?????????????????????#????????????????????Microsoft???????n???prepdrvr?#???????????????????????5?5?=?=?=?=?@??? ???????????????????5?#????????????????????????????????????? ??????????????n ??6.0.6001.18000?icr??? ?????????????????????#?????????????????????????????????????????e??????????????#????????????o???e??? ???????????????????5?#???
Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Route ???9????? ???8???s??????????? ???*?????????k????????????Net?????.NT?n*???k?m????\System Volume Information\*.{7cc467ef-6865-4831-853f-2a4817fd1bca}ALT???????? ??(??????????oem75.inf????????????n???????????n???????????? ??7???????t??????pt???????????.??????.1??text????? ???/??? ???????l????&??8????????c?????11?L?????????????n?????n?n??11??????Microsoft??????C????????6-21-2006???????????????????{4d36e972-e325-11ce-bfc1-08002be10318}???????????????A???t??????????????????????t????j??int?????intelppm??????\??@???6??????????? ???%??????????t???Microsoft????????????e???????f??6-21-2006???? ???????7?????6???????#????????????????????? ???????7???????????3?#????????????????????? ???????3???????5??? ???7???5?????7?????????7???*??????#0??\\?\Root#*ISATAP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{62D7E3FC-B255-4DF6-B28D-AB3A09155825}???????\??7???????????????3?2?3?1?4?4?4?5?5?7????? ???????7?????7???????#????????????????????? ???????7???????????3?#?????????????????????????????????????:?:???????>???m????? r??c???_?????
Reg HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage@Export ???L????? ???????F???????????L??????????N???????????????0????????L???????e??msisadrv?????L???S?S?L??? ???????F???????????L??????????N????????????????????0??{36FC9E60-C465-11CF-8056-444553540000}???????????L???????e??usbohci?????? ???????F???????????L??????????N???????????????8?????N??L????????D?????pciide??????????????? ??????19??? ???????/?????L?U???L??int?4A???????L???"???e??tunnel?33A????<??L???1??????Microsoft 6to4 Adapter Driver???? ???????K???????????I??????????"??? ??????49-?????L???K????? ???L???4??????"T??nolower?A7??? "??L???4?????243??ndis5_ip6_tunnel?p???????L???3??D-??11?4EC???????L???L???h???L???????L???"?????d05??*6to4mp?D-??? ?????? L???????????L? ??????????????????????s-BD??? ???????6??????xT???????L???A??????3D??6TO4 Adapter?4 Adapter #30?Tcp???????????D???????A?????L?????L??Microsoft???nettun.inf?10E??? ?????? L?????L???????#??L????????? ??????"{0???L?Los???L??? ???????L?????L???????#????????????&????????????????????B???L?L????? ???????L?????L???????#???????????????????????L????? ???????L?
Reg HKLM\SYSTEM\ControlSet003\Services\LanmanServer\Linkage@Bind ?????w??????????? ??? ??????????????p???????? ??????????????????????or??????????????p????????????D??????De??PnP Filter?????????????????????n????ReadyBoost Caching Driver?????????????????????????????????????????????????????t???????>????????????e??????4????????????e????? ???????s?????em3??*isatap???????????????"?????????p?????0?????????p????????????s??????System32\drivers\ecache.sys?????????????????????OpenEmdPerf?????????et???????????????????????????????,??????????????%systemroot%\system32\emdmgmt.dll???????????????????Boot File System????*6to4mp?9d???????????????????$???????????"??FSFilter Bottom?????CollectEmdPerf??????? ??????????????????????????????????????or???????????????????t??????? ??ndis5_ip6_tunnel???????????????????e????system32\drivers\fileinfo.sys???????s?????(???????????????*?????????e???Collects information about files in memory to be consumed by other system services.????????????????????e????????????File Information FS MiniFilter??????????????????t????????????????????*????????8???????????h????
Reg HKLM\SYSTEM\ControlSet003\Services\LanmanServer\Linkage@Route ????? ??ndis5_ip6_tunnel???????????????????e????system32\drivers\fileinfo.sys???????s?????(???????????????*?????????e???Collects information about files in memory to be consumed by other system services.????????????????????e????????????File Information FS MiniFilter??????????????????t????????????????????*????????8???????????h???????P??????3??????????????????????t???????????????p???System32\DRIVERS\fvevol.sys???????0??????i????hAE1??{DEDF466D-1573-4448-B6D4-F5A9F0D28B3A}?????????????????n?????????????s???t????????????????????????????????????T????????????n???????????????????e???????????????????n?????????B????????????4???????????h?????Juniper Network Connect Adapter?0c??Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)????????????????????????????????????????????????????e??????<???????????h?????emdperf.ini???????????????????????????????????????????????f????????????e?????????????????????????????????t??????51?????????????????????????
Reg HKLM\SYSTEM\ControlSet003\Services\LanmanServer\Linkage@Export ?????????????????*????????8???????????h???????P??????3??????????????????????t???????????????p???System32\DRIVERS\fvevol.sys???????0??????i????hAE1??{DEDF466D-1573-4448-B6D4-F5A9F0D28B3A}?????????????????n?????????????s???t????????????????????????????????????T????????????n???????????????????e???????????????????n?????????B????????????4???????????h?????Juniper Network Connect Adapter?0c??Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)????????????????????????????????????????????????????e??????<???????????h?????emdperf.ini???????????????????????????????????????????????f????????????e?????????????????????????????????t??????51??????????????????????????????p?????????????????????X???????????h???????<???????????h?????LocalSystem?????This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.????????????????????????????T????????????e???????????
Reg HKLM\SYSTEM\ControlSet003\Services\LanmanWorkstation\Linkage@Bind ????????? ?????????????????????????????????n????Brother RemovableDisk(U)????nolower??D??@%systemroot%\system32\drivers\dfsc.sys,-101??????????????????????????D????????????n????Microsoft????????????????????????????????t??????????????????????p???????????????????LDDM Graphics Subsystem?????FsUsbExDisk??4???? ????????????n????????????int?????????????????????@gpapi.dll,-113???????8???????????h?????????p???????????????????????????????????System????????????????????????4???????????h?????????????system32\drivers\drmkaud.sys?2??????????????t???iTechnology iGateway 4.2?4??LocalSystem?te??Extended Base???????????????p???????????????p????????????w??ty????(?????????p???????????????,???????????????????????????????????????i8042 Keyboard and PS/2 Mouse Port Driver???"C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe"?xe????2??????0????????????<??????a????hten???????????N??????????????????t????????????6??????t???@%systemroot%\system32\drivers\dfsc.sys,-102????*isatap?????????????????????\SystemRoot\System32\driver
Reg HKLM\SYSTEM\ControlSet003\Services\LanmanWorkstation\Linkage@Route ????? ??Mount Point Manager?????@%SystemRoot%\system32\FirewallAPI.dll,-23092???????????????p????? ?????????p?????????????X???????????h?? ????.????????????e???????????????g??????N???????????h?????????????????????????????????NT Authority\LocalService???? ????????????????????P???????????h???????8???????????h?????Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers?????????????????????????????????\??????o?????nte???????????????(??\??\C:\Windows\system32\Drivers\ino_fltr.sys??????<???????????h? ??????????????g?????????????5????h??F????????????????????????n????????????n??????(????????????e????Keyboard HID Driver?????????????????????????%SystemRoot%\system32\svchost.exe -k netsvcs?????????????n??????\SystemRoot\system32\drivers\luafv.sys??????????????????t?????????????Z???????????h??????????????c??????UAC File Virtualization??????????????\?gLo??@%systemroot%\system32\srvsvc.dll,-101????????:???????????h??????????????????7???9???????????6???V?
Reg HKLM\SYSTEM\ControlSet003\Services\LanmanWorkstation\Linkage@Export ?????????????????????????????????????????????5???????e??? ???????????????S??IP Network Address Translator???system32\DRIVERS\mouclass.sys?ouclass.sys?????????????????????????????????????????^????????????e????????????????t???????????????????? ?????????????????????#????????????????????????????????????????????????????????Keyboard Class??????????????????t??????????????????????j#???????????????t???????????????t?????????????????????????????????????????????????<????????????n????????????????????Pointer Port????system32\DRIVERS\mrxsmb20.sys???????????????????????????iScsiPort Driver????????????????????????????????t????????????$?g?$?????????????gP???????????????????????????????????????????system32\DRIVERS\monitor.sys????File system????????????????????????g?????????????????????????????????????????????????????-?????s1C????????????????????????L????????????e????????????????????????e??????????????????e????????????????????????t????????????????????e??????????????????????????????????????????????????? :?????????????sr?????????

---- Files - GMER 1.0.15 ----

File C:\Users\xxxxx\Desktop\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

The file atapi.sys in my desktop is a copy I got from another machine

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:45 AM

Posted 08 April 2010 - 03:18 PM

Hello again, thats clearly a rootkit indeed.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Please let me know if you have a Vista DVD at hand.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 etrast75

etrast75
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 08 April 2010 - 03:20 PM

I do not have the vista DVD with me. I do plan to get the machine reformatted anyway next week. If you can help me cleanup the infection for now, that would be great. Will run combofix and post the log.

#11 etrast75

etrast75
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 08 April 2010 - 03:55 PM

ComboFix is not completing . First time, the system hung and I ran it again after rebooting and now it blue screened. Will it help if I run it after booting in Safe Mode

#12 etrast75

etrast75
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 08 April 2010 - 04:15 PM

Got combofix to run the safe mode. Log below


---------------------

ComboFix 10-04-07.04 - xxxx 04/08/2010 17:00:37.8.2 - x86 NETWORK
Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.1.1033.18.3573.2925 [GMT -4:00]
Running from: c:\users\xxxx\Desktop\ComboFix.exe
AV: eTrust ITM *On-access scanning disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
SP: eTrust ITM *disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C99}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\xxxx\Documents\regbackup_20100406.reg

.
((((((((((((((((((((((((( Files Created from 2010-03-08 to 2010-04-08 )))))))))))))))))))))))))))))))
.

2010-04-08 21:09 . 2010-04-08 21:10 -------- d-----w- c:\users\xxxx\AppData\Local\temp
2010-04-08 21:09 . 2010-04-08 21:09 -------- d-----w- c:\users\tfsservice_spm\AppData\Local\temp
2010-04-08 21:09 . 2010-04-08 21:09 -------- d-----w- c:\users\tfsreports_spm\AppData\Local\temp
2010-04-08 21:09 . 2010-04-08 21:09 -------- d-----w- c:\users\SPServiceAccount\AppData\Local\temp
2010-04-08 21:09 . 2010-04-08 21:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-08 21:09 . 2010-04-08 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-08 21:09 . 2010-04-08 21:09 -------- d-----w- c:\users\CCD\AppData\Local\temp
2010-04-08 21:09 . 2010-04-08 21:09 -------- d-----w- c:\users\Betty_Buyer1\AppData\Local\temp
2010-04-08 21:09 . 2010-04-08 21:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-04-08 20:58 . 2010-04-08 20:59 -------- d-----w- C:\32788R22FWJFW
2010-04-08 11:08 . 2010-04-08 11:08 36488 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-04-08 00:28 . 2010-04-08 00:28 -------- d-----w- c:\users\xxxx\AppData\Local\Threat Expert
2010-04-07 23:56 . 2010-04-08 00:45 -------- d-----w- c:\program files\Spyware Doctor
2010-04-07 21:38 . 2010-04-07 21:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-07 21:20 . 2010-04-07 21:43 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-07 21:20 . 2010-04-07 21:38 -------- d-----w- c:\programdata\Hitman Pro
2010-04-07 21:20 . 2010-04-07 21:20 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-07 19:13 . 2010-04-08 17:17 -------- d-----w- c:\program files\Panda Security
2010-04-06 21:36 . 2010-03-29 19:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-06 21:36 . 2010-03-29 19:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-06 00:17 . 2010-04-06 00:17 -------- d-----w- c:\program files\ESET
2010-04-05 15:50 . 2009-10-10 03:15 13952 ----a-w- c:\windows\system32\drivers\urfltwlh.sys
2010-04-05 12:03 . 2010-04-05 12:03 -------- d-----w- c:\program files\trend micro
2010-04-05 01:03 . 2010-04-05 01:03 -------- d-----w- c:\users\xxxx\AppData\Roaming\Malwarebytes
2010-04-05 01:03 . 2010-04-05 01:03 -------- d-----w- c:\programdata\Malwarebytes
2010-04-04 14:28 . 2010-04-04 19:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-03 20:36 . 2010-04-03 20:36 -------- d-----w- c:\users\xxxx\AppData\Roaming\AVS4YOU
2010-04-03 20:35 . 2010-04-03 23:45 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-03 20:35 . 2008-08-13 14:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-04-03 20:35 . 2008-08-13 14:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-04-03 20:18 . 2010-04-03 20:18 -------- d-----w- c:\users\xxxx\AppData\Roaming\Digiarty
2010-03-27 01:37 . 2010-03-27 01:37 -------- d-----w- c:\users\xxxx\AppData\Roaming\uTorrent
2010-03-25 20:20 . 2010-03-25 20:20 -------- d-----w- c:\programdata\Konesans
2010-03-10 17:46 . 2010-03-10 17:46 -------- d-----w- c:\users\Public\Juniper Networks
2010-03-10 17:46 . 2009-12-09 13:25 398632 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2010-03-10 17:46 . 2009-12-09 13:25 345384 ----a-w- c:\windows\system32\dsNcCredProv.dll
2010-03-10 17:45 . 2010-03-10 17:46 162656 ----a-w- c:\users\xxxx\AppData\Roaming\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTP_8.0.50727.762.exe
2010-03-10 17:45 . 2010-03-10 17:46 -------- d-----w- c:\program files\Juniper Networks
2010-03-10 17:44 . 2009-12-09 13:10 548864 ----a-w- c:\users\xxxx\AppData\Roaming\Juniper Networks\Host Checker\Microsoft.VC80.CRT\msvcp80.dll
2010-03-10 17:43 . 2010-03-10 17:44 292704 ----a-w- c:\users\xxxx\AppData\Roaming\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 21:10 . 2008-07-16 10:52 151096 ----a-w- c:\windows\system32\drivers\pci.sys
2010-04-08 19:52 . 2008-10-16 10:29 100384 ----a-w- c:\users\xxxx\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-08 17:34 . 2009-03-22 05:02 -------- d-----w- c:\program files\DivX
2010-04-08 17:04 . 2009-02-16 06:23 -------- d-----w- c:\program files\Downloaded Installations
2010-04-08 12:33 . 2009-01-20 12:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-08 12:21 . 2008-07-17 08:41 -------- d-----w- c:\program files\Java
2010-04-08 12:21 . 2008-07-17 08:41 -------- d-----w- c:\program files\Common Files\Java
2010-04-08 11:10 . 2008-07-16 10:52 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-07 14:57 . 2008-12-23 10:27 -------- d-----w- c:\program files\Microsoft Expression
2010-04-07 14:53 . 2009-06-28 06:52 -------- d-----w- c:\program files\Google
2010-04-05 19:28 . 2008-07-17 03:50 -------- d-----w- c:\program files\Microsoft Office Communicator
2010-04-05 17:11 . 2008-07-16 09:29 -------- d-----w- c:\program files\Virtual Machine Additions
2010-04-05 12:06 . 2010-04-05 12:07 48128 ----a-w- c:\windows\Fonts\6G7LtRKJR.com
2010-04-03 22:28 . 2009-07-12 04:47 -------- d-----w- c:\users\xxxx\AppData\Roaming\dvdcss
2010-03-17 12:51 . 2008-12-09 09:49 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2010-03-14 11:23 . 2009-09-13 04:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-12 05:01 . 2008-07-17 03:58 -------- d-----w- c:\programdata\Microsoft Help
2010-03-10 17:46 . 2009-02-19 10:16 -------- d-----w- c:\users\xxxx\AppData\Roaming\Juniper Networks
2010-03-04 09:05 . 2010-03-04 09:05 -------- d-----w- c:\users\xxxx\AppData\Roaming\InstallShield
2010-02-28 14:57 . 2009-02-26 11:21 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-02-28 14:57 . 2009-02-26 11:21 -------- d-----w- c:\programdata\Roxio
2010-02-28 14:57 . 2009-02-26 11:22 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-28 14:52 . 2009-03-05 10:18 -------- d-----w- c:\program files\Quest Software
2010-02-28 14:52 . 2009-03-05 10:18 -------- d-----w- c:\program files\Common Files\Quest Shared
2010-02-28 14:51 . 2009-04-10 12:01 -------- d-----w- c:\programdata\VMware
2010-02-26 15:07 . 2010-02-26 15:07 -------- d-----w- c:\program files\Hyper-V
2010-02-26 12:36 . 2010-02-26 12:36 -------- d-----w- c:\users\xxxx\AppData\Roaming\IObit
2010-02-26 12:36 . 2010-02-26 12:36 -------- d-----w- c:\program files\IObit
2010-02-24 14:16 . 2009-10-18 05:55 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 13:11 . 2010-02-21 13:11 -------- d-----w- c:\program files\jtds-1.2.5
2010-02-12 03:12 . 2009-10-31 08:04 -------- d-----w- c:\program files\twist
2010-02-12 03:11 . 2009-10-17 12:45 -------- d-----w- c:\program files\Samsung
2010-02-05 14:39 . 2010-02-05 14:39 251376 ----a-w- c:\users\xxxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-02-04 16:19 . 2008-10-16 10:29 2032 ----a-w- c:\users\xxxx\AppData\Local\d3d9caps.dat
2010-01-25 12:48 . 2010-02-25 11:22 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-25 11:22 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-25 11:22 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-25 11:22 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-25 11:22 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-25 11:22 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-25 11:22 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-25 11:22 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-25 11:22 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-19 08:36 . 2008-10-17 10:39 164880 ---ha-w- c:\users\xxxx\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-01-16 17:14 . 2008-11-24 03:39 1761760 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2010-01-13 15:00 . 2009-05-09 08:05 585728 ----a-w- c:\programdata\WebEx\WebEx\824\mutiltpd.dll
2010-01-13 15:00 . 2009-05-09 08:04 105545 ----a-w- c:\programdata\WebEx\WebEx\824\atas32.dll
2010-01-13 15:00 . 2009-05-09 08:04 548864 ----a-w- c:\programdata\WebEx\WebEx\824\mmssl32.dll
2010-01-13 15:00 . 2009-05-09 08:04 214328 ----a-w- c:\programdata\WebEx\atcliun.exe
2010-01-13 14:59 . 2009-05-09 08:03 38200 ----a-w- c:\programdata\WebEx\atinst.exe
2010-01-13 14:59 . 2009-05-09 08:03 99640 ----a-w- c:\programdata\WebEx\atmgr.exe
2010-01-13 14:59 . 2009-05-09 08:03 46392 ----a-w- c:\programdata\WebEx\atmccli.dll
2010-01-13 14:59 . 2009-05-09 08:03 126344 ----a-w- c:\programdata\WebEx\atgpcext.dll
2010-01-13 14:59 . 2009-05-09 08:03 27960 ----a-w- c:\programdata\WebEx\atgpcdec.dll
.
CODE
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\CA\eTrustITM\realmon .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon .exe
c:\program files\Microsoft Office Communicator\Communicator .exe
c:\program files\Pointsec\Pointsec for PC\P95Tray .exe
c:\program files\Sigmatel\C-Major Audio\WDM\sttray .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Virtual Machine Additions\vmusrvc .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayAdd]
@="{D4DD7FC6-066F-442a-A200-DD21649CF378}"
[HKEY_CLASSES_ROOT\CLSID\{D4DD7FC6-066F-442a-A200-DD21649CF378}]
2008-11-07 09:53 258048 ----a-w- c:\program files\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayControlled]
@="{EFF5DF4C-7662-4ed7-B533-837D3319D311}"
[HKEY_CLASSES_ROOT\CLSID\{EFF5DF4C-7662-4ed7-B533-837D3319D311}]
2008-11-07 09:53 258048 ----a-w- c:\program files\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayEdit]
@="{FF529703-3398-4c98-B88D-13F784CB10A2}"
[HKEY_CLASSES_ROOT\CLSID\{FF529703-3398-4c98-B88D-13F784CB10A2}]
2008-11-07 09:53 258048 ----a-w- c:\program files\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayLock]
@="{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}"
[HKEY_CLASSES_ROOT\CLSID\{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}]
2008-11-07 09:53 258048 ----a-w- c:\program files\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayRename]
@="{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}"
[HKEY_CLASSES_ROOT\CLSID\{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}]
2008-11-07 09:53 258048 ----a-w- c:\program files\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMMUNICATOR"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"Google Update"="c:\users\xxxx\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-17 407632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-16 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-16 133656]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [N/A]
"DWPersistentQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE" [2007-08-23 437160]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"<NO NAME>"="" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"LocalAccountTokenFilterPolicy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HTDM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HTDM.lnk
backup=c:\windows\pss\HTDM.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMgrGui]
c:\program files\Altiris\StreamingAgent\bin\exeForService.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
d:\program files\VMware\VMware Player\hqtray.exe [N/A]

R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
R1 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-29 239336]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-05-24 36368]
R2 gupdate1c9f7bd46c4b035;Google Update Service (gupdate1c9f7bd46c4b035);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 133104]
R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2007-12-15 75016]
R2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2009-06-12 641584]
R2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2009-06-12 154160]
R2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [2007-05-24 673456]
R2 vsttcontroller;Visual Studio Team Test Controller;d:\program files\Microsoft Visual Studio 9.0 Team Test Load Agent\LoadTest\QTController.exe [2007-11-09 25096]
R3 dc21x4vm;dc21x4VM Based Network Adapter Driver;c:\windows\system32\DRIVERS\dc21x4vm.sys [2006-11-02 52224]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2009-10-10 13952]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-18 36608]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
R3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 218136]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);d:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 31256]
R3 OSearch;Office SharePoint Server Search;c:\program files\Microsoft Office Servers\12.0\Bin\mssearch.exe [2007-08-24 159616]
R3 PORTMON;PORTMON;d:\software\Utilities\Sysinternals Suite\PORTMSYS.SYS [x]
R3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);d:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-03-29 1113448]
R3 SPAdmin;Windows SharePoint Services Administration;c:\program files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\WSSADMIN.EXE [2006-11-09 16224]
R3 SPTimerV3;Windows SharePoint Services Timer;c:\program files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\OWSTIMER.EXE [2007-08-26 58232]
R3 SPTrace;Windows SharePoint Services Tracing;c:\program files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\wsstracing.exe [2007-08-26 49024]
R3 SPWriter;Windows SharePoint Services VSS Writer;c:\program files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\SPWRITER.EXE [2007-08-26 38272]
R3 ssosrv;Microsoft Single Sign-on Service;c:\program files\Common Files\Microsoft Shared\Microsoft Office 12 Single Sign-on\SSOSRV.EXE [2007-08-24 390024]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-12-17 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VIRTUALAUDIO;Service for Microsoft Virtual Machine Audio Device Driver (WDM);c:\windows\system32\drivers\VirtualAudio.sys [2007-12-06 40448]
R3 vpc-s3;vpc-s3;c:\windows\system32\DRIVERS\vpc-s3.sys [2007-12-06 67584]
R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [2007-09-04 55664]
R4 APPSTREAM;APPSTREAM;c:\windows\System32\Drivers\APPSTREAM.SYS [x]
R4 DCLauncher;Office Document Conversions Launcher Service;c:\program files\Microsoft Office Servers\12.0\Bin\Microsoft.Office.Server.Conversions.Launcher.exe [2007-08-24 95632]
R4 DCLoadBalancer;Office Document Conversions Load Balancer Service;c:\program files\Microsoft Office Servers\12.0\Bin\Microsoft.Office.Server.Conversions.LoadBalancer.exe [2007-08-24 50576]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 REGHOOK;REGHOOK;c:\windows\System32\Drivers\REGHOOK.SYS [x]
R4 SPSearch;Windows SharePoint Services Search;c:\program files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\mssearch.exe [2007-08-24 159648]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-01-23 717296]
R4 TCN;TCN;c:\users\xxxx\AppData\Local\Temp\TCN.exe [x]
R4 VSPD;VSPD;c:\windows\System32\Drivers\VSPD.SYS [x]
S0 prot_2k;prot_2k; [x]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [2007-05-24 110032]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-04-27 179712]
S3 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [2007-05-24 2234800]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnwlh.sys [2009-10-10 34944]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GOOGLEUPDATE.EXE [2009-06-28 06:54]

2010-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GOOGLEUPDATE.EXE [2009-06-28 06:54]

2010-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266749940-1637964444-929701000-682827Core.job
- c:\users\xxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-27 11:09]

2010-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266749940-1637964444-929701000-682827UA.job
- c:\users\xxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-27 11:09]

2010-04-08 c:\windows\Tasks\User_Feed_Synchronization-{3E6FFF13-9EF7-4067-94F4-29214258053F}.job
- c:\windows\system32\msfeedssync.exe [2010-03-11 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://sparsh/v1
uInternet Settings,ProxyServer = 192.168.208.146:80
uInternet Settings,ProxyOverride = <local>
Trusted Zone: blrkec142100d
Trusted Zone: xxxx.com\xnet
Trusted Zone: mssalesdemos.com
Trusted Zone: piescv01
DPF: {E37C2807-AE9F-40C5-8FF2-001E17702FE1} - hxxp://piescv01:6000/Pages/Reports/PTreeViewCtrl5.ocx
FF - ProfilePath - c:\users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\msnmlou4.default\
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\xxxx\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\xxxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\program files\Mozilla Firefox 3.5RC2\plugins\NPOFF12.DLL

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.reg=txtfile
.
- - - - ORPHANS REMOVED - - - -

Notify-gport_ - gport_.dll
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 17:09
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85C95AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82f16322
\Driver\ACPI -> acpi.sys @ 0x80697d4c
\Driver\atapi -> ataport.SYS @ 0x807ba9a8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-04-08 17:12:31
ComboFix-quarantined-files.txt 2010-04-08 21:12

Pre-Run: 8,669,270,016 bytes free
Post-Run: 9,023,217,664 bytes free

- - End Of File - - C00C4286290AE436A964DF086C98B814


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:45 AM

Posted 09 April 2010 - 03:03 AM

Hello again, lets see if we can start fixing things...

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\CA\eTrustITM\realmon .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon .exe
c:\program files\Microsoft Office Communicator\Communicator .exe
c:\program files\Pointsec\Pointsec for PC\P95Tray .exe
c:\program files\Sigmatel\C-Major Audio\WDM\sttray .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Virtual Machine Additions\vmusrvc .exe

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

  • Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  • Click Start > Run and copy paste the following bolded text in the run box
    "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  • When it finished press any key to continue.
  • If needed reboot the computer.
A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 etrast75

etrast75
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 09 April 2010 - 07:42 AM

Combofix Log

-----------------------
ComboFix 10-04-07.04 - Comb 04/09/2010 8:18.9.2 - x86
Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.1.1033.18.3573.1879 [GMT -4:00]
Running from: c:\users\xxxx\Desktop\ComboFix.exe
Command switches used :: c:\users\xxxx\Desktop\CFScript.txt
AV: eTrust ITM *On-access scanning disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
SP: eTrust ITM *disabled* (Updated) {33EA71EA-56CF-40B5-A06B-BD3A27397C99}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://blrkeccas01.ad.xxxx.com
.
((((((((((((((((((((((((( Files Created from 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))))
.

2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\users\xxxx\AppData\Local\temp
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\users\tfsservice_spm\AppData\Local\temp
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\users\tfsreports_spm\AppData\Local\temp
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\users\SPServiceAccount\AppData\Local\temp
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\users\CCD\AppData\Local\temp
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\users\Betty_Buyer1\AppData\Local\temp
2010-04-09 12:26 . 2010-04-09 12:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-04-08 11:08 . 2010-04-08 11:08 36488 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-04-08 00:28 . 2010-04-08 00:28 -------- d-----w- c:\users\xxxx\AppData\Local\Threat Expert
2010-04-07 23:56 . 2010-04-08 00:45 -------- d-----w- c:\program files\Spyware Doctor
2010-04-07 21:38 . 2010-04-07 21:38 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-07 21:20 . 2010-04-07 21:43 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-07 21:20 . 2010-04-07 21:38 -------- d-----w- c:\programdata\Hitman Pro
2010-04-07 21:20 . 2010-04-07 21:20 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-07 19:13 . 2010-04-08 17:17 -------- d-----w- c:\program files\Panda Security
2010-04-06 00:17 . 2010-04-06 00:17 -------- d-----w- c:\program files\ESET
2010-04-05 15:50 . 2009-10-10 03:15 13952 ----a-w- c:\windows\system32\drivers\urfltwlh.sys
2010-04-05 12:03 . 2010-04-05 12:03 -------- d-----w- c:\program files\trend micro
2010-04-05 01:03 . 2010-04-05 01:03 -------- d-----w- c:\users\xxxx\AppData\Roaming\Malwarebytes
2010-04-05 01:03 . 2010-04-05 01:03 -------- d-----w- c:\programdata\Malwarebytes
2010-04-04 14:28 . 2010-04-04 19:39 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-03 20:36 . 2010-04-03 20:36 -------- d-----w- c:\users\xxxx\AppData\Roaming\AVS4YOU
2010-04-03 20:35 . 2010-04-03 23:45 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-04-03 20:35 . 2008-08-13 14:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-04-03 20:35 . 2008-08-13 14:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-04-03 20:18 . 2010-04-03 20:18 -------- d-----w- c:\users\xxxx\AppData\Roaming\Digiarty
2010-03-27 01:37 . 2010-03-27 01:37 -------- d-----w- c:\users\xxxx\AppData\Roaming\uTorrent
2010-03-25 20:20 . 2010-03-25 20:20 -------- d-----w- c:\programdata\Konesans
2010-03-10 17:46 . 2010-03-10 17:46 -------- d-----w- c:\users\Public\Juniper Networks
2010-03-10 17:46 . 2009-12-09 13:25 398632 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2010-03-10 17:46 . 2009-12-09 13:25 345384 ----a-w- c:\windows\system32\dsNcCredProv.dll
2010-03-10 17:45 . 2010-03-10 17:46 162656 ----a-w- c:\users\xxxx\AppData\Roaming\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTP_8.0.50727.762.exe
2010-03-10 17:45 . 2010-03-10 17:46 -------- d-----w- c:\program files\Juniper Networks
2010-03-10 17:44 . 2009-12-09 13:10 548864 ----a-w- c:\users\xxxx\AppData\Roaming\Juniper Networks\Host Checker\Microsoft.VC80.CRT\msvcp80.dll
2010-03-10 17:43 . 2010-03-10 17:44 292704 ----a-w- c:\users\xxxx\AppData\Roaming\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-09 12:26 . 2008-07-16 10:52 151096 ----a-w- c:\windows\system32\drivers\pci.sys
2010-04-08 23:58 . 2009-05-09 08:03 -------- d-----w- c:\programdata\WebEx
2010-04-08 19:52 . 2008-10-16 10:29 100384 ----a-w- c:\users\xxxx\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-08 17:34 . 2009-03-22 05:02 -------- d-----w- c:\program files\DivX
2010-04-08 17:04 . 2009-02-16 06:23 -------- d-----w- c:\program files\Downloaded Installations
2010-04-08 12:33 . 2009-01-20 12:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-08 12:21 . 2008-07-17 08:41 -------- d-----w- c:\program files\Java
2010-04-08 12:21 . 2008-07-17 08:41 -------- d-----w- c:\program files\Common Files\Java
2010-04-08 11:10 . 2008-07-16 10:52 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-07 14:57 . 2008-12-23 10:27 -------- d-----w- c:\program files\Microsoft Expression
2010-04-07 14:53 . 2009-06-28 06:52 -------- d-----w- c:\program files\Google
2010-04-05 19:28 . 2008-07-17 03:50 -------- d-----w- c:\program files\Microsoft Office Communicator
2010-04-05 17:11 . 2008-07-16 09:29 -------- d-----w- c:\program files\Virtual Machine Additions
2010-04-05 12:06 . 2010-04-05 12:07 48128 ----a-w- c:\windows\Fonts\6G7LtRKJR.com
2010-04-03 22:28 . 2009-07-12 04:47 -------- d-----w- c:\users\xxxx\AppData\Roaming\dvdcss
2010-03-17 12:51 . 2008-12-09 09:49 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2010-03-14 11:23 . 2009-09-13 04:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-12 05:01 . 2008-07-17 03:58 -------- d-----w- c:\programdata\Microsoft Help
2010-03-10 17:46 . 2009-02-19 10:16 -------- d-----w- c:\users\xxxx\AppData\Roaming\Juniper Networks
2010-03-04 09:05 . 2010-03-04 09:05 -------- d-----w- c:\users\xxxx\AppData\Roaming\InstallShield
2010-02-28 14:57 . 2009-02-26 11:21 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-02-28 14:57 . 2009-02-26 11:21 -------- d-----w- c:\programdata\Roxio
2010-02-28 14:57 . 2009-02-26 11:22 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-28 14:52 . 2009-03-05 10:18 -------- d-----w- c:\program files\Quest Software
2010-02-28 14:52 . 2009-03-05 10:18 -------- d-----w- c:\program files\Common Files\Quest Shared
2010-02-28 14:51 . 2009-04-10 12:01 -------- d-----w- c:\programdata\VMware
2010-02-26 15:07 . 2010-02-26 15:07 -------- d-----w- c:\program files\Hyper-V
2010-02-26 12:36 . 2010-02-26 12:36 -------- d-----w- c:\users\xxxx\AppData\Roaming\IObit
2010-02-26 12:36 . 2010-02-26 12:36 -------- d-----w- c:\program files\IObit
2010-02-24 14:16 . 2009-10-18 05:55 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 13:11 . 2010-02-21 13:11 -------- d-----w- c:\program files\jtds-1.2.5
2010-02-12 03:12 . 2009-10-31 08:04 -------- d-----w- c:\program files\twist
2010-02-12 03:11 . 2009-10-17 12:45 -------- d-----w- c:\program files\Samsung
2010-02-05 14:39 . 2010-02-05 14:39 251376 ----a-w- c:\users\xxxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-02-04 16:19 . 2008-10-16 10:29 2032 ----a-w- c:\users\xxxx\AppData\Local\d3d9caps.dat
2010-01-25 12:48 . 2010-02-25 11:22 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-25 11:22 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-25 11:22 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-25 11:22 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-25 11:22 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-25 11:22 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-25 11:22 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-25 11:22 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-25 11:22 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-19 08:36 . 2008-10-17 10:39 164880 ---ha-w- c:\users\xxxx\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-01-16 17:14 . 2008-11-24 03:39 1761760 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
.
CODE
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\CA\eTrustITM\realmon .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon .exe
c:\program files\Microsoft Office Communicator\Communicator .exe
c:\program files\Pointsec\Pointsec for PC\P95Tray .exe
c:\program files\Sigmatel\C-Major Audio\WDM\sttray .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Virtual Machine Additions\vmusrvc .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayAdd]
@="{D4DD7FC6-066F-442a-A200-DD21649CF378}"
[HKEY_CLASSES_ROOT\CLSID\{D4DD7FC6-066F-442a-A200-DD21649CF378}]
2008-11-07 09:53 258048 ----a-w- c:\program files\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayControlled]
@="{EFF5DF4C-7662-4ed7-B533-837D3319D311}"
[HKEY_CLASSES_ROOT\CLSID\{EFF5DF4C-7662-4ed7-B533-837D3319D311}]
2008-11-07 09:53 258048 ----a-w- c:\program files\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayEdit]
@="{FF529703-3398-4c98-B88D-13F784CB10A2}"
[HKEY_CLASSES_ROOT\CLSID\{FF529703-3398-4c98-B88D-13F784CB10A2}]
2008-11-07 09:53 258048 ----a-w- c:\program files\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayLock]
@="{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}"
[HKEY_CLASSES_ROOT\CLSID\{EAB6FC01-3462-4dc9-8C94-75582E3DC3CA}]
2008-11-07 09:53 258048 ----a-w- c:\program files\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TfsOverlayRename]
@="{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}"
[HKEY_CLASSES_ROOT\CLSID\{F15E94B9-9522-42bd-8A73-569BCBE5A5EA}]
2008-11-07 09:53 258048 ----a-w- c:\program files\Microsoft Team Foundation Server 2008 Power Tools\TfsShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMMUNICATOR"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"Google Update"="c:\users\xxxx\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"Realtime Monitor"="c:\program files\CA\eTrustITM\realmon.exe" [2007-01-17 407632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-16 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-16 133656]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [N/A]
"DWPersistentQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE" [2007-08-23 437160]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"Pointsec Tray"="c:\program files\Pointsec\Pointsec for PC\P95Tray.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

c:\users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"LocalAccountTokenFilterPolicy"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HTDM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HTDM.lnk
backup=c:\windows\pss\HTDM.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMgrGui]
c:\program files\Altiris\StreamingAgent\bin\exeForService.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
d:\program files\VMware\VMware Player\hqtray.exe [N/A]

R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [x]
R2 gupdate1c9f7bd46c4b035;Google Update Service (gupdate1c9f7bd46c4b035);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 133104]
R2 vsttcontroller;Visual Studio Team Test Controller;d:\program files\Microsoft Visual Studio 9.0 Team Test Load Agent\LoadTest\QTController.exe [2007-11-09 25096]
R3 dc21x4vm;dc21x4VM Based Network Adapter Driver;c:\windows\system32\DRIVERS\dc21x4vm.sys [2006-11-02 52224]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltwlh.sys [2009-10-10 13952]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-18 36608]
R3 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 218136]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);d:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 31256]
R3 OSearch;Office SharePoint Server Search;c:\program files\Microsoft Office Servers\12.0\Bin\mssearch.exe [2007-08-24 159616]
R3 PORTMON;PORTMON;d:\software\Utilities\Sysinternals Suite\PORTMSYS.SYS [x]
R3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);d:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-03-29 1113448]
R3 SPAdmin;Windows SharePoint Services Administration;c:\program files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\WSSADMIN.EXE [2006-11-09 16224]
R3 SPTimerV3;Windows SharePoint Services Timer;c:\program files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\OWSTIMER.EXE [2007-08-26 58232]
R3 SPTrace;Windows SharePoint Services Tracing;c:\program files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\wsstracing.exe [2007-08-26 49024]
R3 SPWriter;Windows SharePoint Services VSS Writer;c:\program files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\SPWRITER.EXE [2007-08-26 38272]
R3 ssosrv;Microsoft Single Sign-on Service;c:\program files\Common Files\Microsoft Shared\Microsoft Office 12 Single Sign-on\SSOSRV.EXE [2007-08-24 390024]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-12-17 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VIRTUALAUDIO;Service for Microsoft Virtual Machine Audio Device Driver (WDM);c:\windows\system32\drivers\VirtualAudio.sys [2007-12-06 40448]
R3 vpc-s3;vpc-s3;c:\windows\system32\DRIVERS\vpc-s3.sys [2007-12-06 67584]
R3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [2007-09-04 55664]
R4 APPSTREAM;APPSTREAM;c:\windows\System32\Drivers\APPSTREAM.SYS [x]
R4 DCLauncher;Office Document Conversions Launcher Service;c:\program files\Microsoft Office Servers\12.0\Bin\Microsoft.Office.Server.Conversions.Launcher.exe [2007-08-24 95632]
R4 DCLoadBalancer;Office Document Conversions Load Balancer Service;c:\program files\Microsoft Office Servers\12.0\Bin\Microsoft.Office.Server.Conversions.LoadBalancer.exe [2007-08-24 50576]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 REGHOOK;REGHOOK;c:\windows\System32\Drivers\REGHOOK.SYS [x]
R4 SPSearch;Windows SharePoint Services Search;c:\program files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\mssearch.exe [2007-08-24 159648]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-01-23 717296]
R4 TCN;TCN;c:\users\xxxx\AppData\Local\Temp\TCN.exe [x]
R4 VSPD;VSPD;c:\windows\System32\Drivers\VSPD.SYS [x]
S0 prot_2k;prot_2k; [x]
S1 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-29 239336]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-05-24 36368]
S2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2007-12-15 75016]
S2 Pointsec;Pointsec;c:\windows\system32\Prot_srv.exe [2009-06-12 641584]
S2 Pointsec_start;Pointsec Service Start;c:\windows\system32\pstartSr.exe [2009-06-12 154160]
S2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\DRIVERS\vnasc.sys [2007-05-24 110032]
S2 VPN-1;VPN-1 Module;c:\windows\System32\drivers\vpn.sys [2007-05-24 673456]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-04-27 179712]
S3 FW1;SecuRemote Miniport;c:\windows\system32\DRIVERS\fw.sys [2007-05-24 2234800]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnwlh.sys [2009-10-10 34944]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GOOGLEUPDATE.EXE [2009-06-28 06:54]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GOOGLEUPDATE.EXE [2009-06-28 06:54]

2010-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266749940-1637964444-929701000-682827Core.job
- c:\users\xxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-27 11:09]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-266749940-1637964444-929701000-682827UA.job
- c:\users\xxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-27 11:09]

2010-04-09 c:\windows\Tasks\User_Feed_Synchronization-{3E6FFF13-9EF7-4067-94F4-29214258053F}.job
- c:\windows\system32\msfeedssync.exe [2010-03-11 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://sparsh/v1
uInternet Settings,ProxyServer = 192.168.208.146:80
uInternet Settings,ProxyOverride = <local>
Trusted Zone: blrkec142100d
Trusted Zone: xxxx.com\xnet
Trusted Zone: mssalesdemos.com
Trusted Zone: xxxx01
DPF: {E37C2807-AE9F-40C5-8FF2-001E17702FE1} - hxxp://xxxx01:6000/Pages/Reports/PTreeViewCtrl5.ocx
FF - ProfilePath - c:\users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\msnmlou4.default\
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\xxxx\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\xxxx\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\program files\Mozilla Firefox 3.5RC2\plugins\NPOFF12.DLL

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 08:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85D12AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82f0b322
\Driver\ACPI -> acpi.sys @ 0x80697d4c
\Driver\atapi -> ataport.SYS @ 0x807ba9a8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
.
Completion time: 2010-04-09 08:30:11
ComboFix-quarantined-files.txt 2010-04-09 12:30
ComboFix2.txt 2010-04-08 21:12

Pre-Run: 5,998,665,728 bytes free
Post-Run: 5,956,288,512 bytes free

- - End Of File - - 0A693E2D848EEDB87A3CB93A5A6F2327


tdsskiller log

----------------------
08:32:15:571 0664 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
08:32:15:571 0664 ================================================================================
08:32:15:571 0664 SystemInfo:

08:32:15:587 0664 OS Version: 6.0.6001 ServicePack: 1.0
08:32:15:587 0664 Product type: Workstation
08:32:15:587 0664 ComputerName: BLRKEC44565L
08:32:15:587 0664 UserName: xxxxx
08:32:15:587 0664 Windows directory: C:\Windows
08:32:15:587 0664 Processor architecture: Intel x86
08:32:15:587 0664 Number of processors: 2
08:32:15:587 0664 Page size: 0x1000
08:32:15:587 0664 Boot type: Normal boot
08:32:15:587 0664 ================================================================================
08:32:15:587 0664 UnloadDriverW: NtUnloadDriver error 2
08:32:15:587 0664 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
08:32:15:602 0664 wfopen_ex: Trying to open file C:\Windows\system32\config\system
08:32:15:602 0664 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
08:32:15:602 0664 wfopen_ex: Trying to KLMD file open
08:32:15:602 0664 wfopen_ex: File opened ok (Flags 2)
08:32:15:618 0664 wfopen_ex: Trying to open file C:\Windows\system32\config\software
08:32:15:618 0664 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
08:32:15:618 0664 wfopen_ex: Trying to KLMD file open
08:32:15:618 0664 wfopen_ex: File opened ok (Flags 2)
08:32:15:618 0664 Initialize success
08:32:15:618 0664
08:32:15:618 0664 Scanning Services ...
08:32:18:083 0664 Raw services enum returned 532 services
08:32:18:083 0664
08:32:18:083 0664 Scanning Kernel memory ...
08:32:18:083 0664 Devices to scan: 1
08:32:18:083 0664
08:32:18:083 0664 Driver Name: atapi
08:32:18:083 0664 IRP_MJ_CREATE : 85D12AC8
08:32:18:083 0664 IRP_MJ_CREATE_NAMED_PIPE : 85D12AC8
08:32:18:083 0664 IRP_MJ_CLOSE : 85D12AC8
08:32:18:083 0664 IRP_MJ_READ : 85D12AC8
08:32:18:083 0664 IRP_MJ_WRITE : 85D12AC8
08:32:18:083 0664 IRP_MJ_QUERY_INFORMATION : 85D12AC8
08:32:18:083 0664 IRP_MJ_SET_INFORMATION : 85D12AC8
08:32:18:083 0664 IRP_MJ_QUERY_EA : 85D12AC8
08:32:18:083 0664 IRP_MJ_SET_EA : 85D12AC8
08:32:18:083 0664 IRP_MJ_FLUSH_BUFFERS : 85D12AC8
08:32:18:083 0664 IRP_MJ_QUERY_VOLUME_INFORMATION : 85D12AC8
08:32:18:083 0664 IRP_MJ_SET_VOLUME_INFORMATION : 85D12AC8
08:32:18:083 0664 IRP_MJ_DIRECTORY_CONTROL : 85D12AC8
08:32:18:083 0664 IRP_MJ_FILE_SYSTEM_CONTROL : 85D12AC8
08:32:18:083 0664 IRP_MJ_DEVICE_CONTROL : 85D12AC8
08:32:18:083 0664 IRP_MJ_INTERNAL_DEVICE_CONTROL : 85D12AC8
08:32:18:083 0664 IRP_MJ_SHUTDOWN : 85D12AC8
08:32:18:083 0664 IRP_MJ_LOCK_CONTROL : 85D12AC8
08:32:18:083 0664 IRP_MJ_CLEANUP : 85D12AC8
08:32:18:083 0664 IRP_MJ_CREATE_MAILSLOT : 85D12AC8
08:32:18:083 0664 IRP_MJ_QUERY_SECURITY : 85D12AC8
08:32:18:083 0664 IRP_MJ_SET_SECURITY : 85D12AC8
08:32:18:083 0664 IRP_MJ_POWER : 85D12AC8
08:32:18:083 0664 IRP_MJ_SYSTEM_CONTROL : 85D12AC8
08:32:18:083 0664 IRP_MJ_DEVICE_CHANGE : 85D12AC8
08:32:18:083 0664 IRP_MJ_QUERY_QUOTA : 85D12AC8
08:32:18:083 0664 IRP_MJ_SET_QUOTA : 85D12AC8
08:32:18:083 0664 Driver "atapi" infected by TDSS rootkit!
08:32:18:098 0664 C:\Windows\system32\drivers\atapi.sys - Verdict: 1
08:32:18:098 0664 File "C:\Windows\system32\drivers\atapi.sys" infected by TDSS rootkit ... 08:32:18:098 0664 Processing driver file: C:\Windows\system32\drivers\atapi.sys
08:32:18:176 0664 vfvi6
08:32:18:254 0664 dsvbh1
08:32:18:285 0664 fdfb1
08:32:18:285 0664 Backup copy found, using it..
08:32:18:301 0664 will be cured on next reboot
08:32:18:301 0664 Reboot required for cure complete..
08:32:18:317 0664 Cure on reboot scheduled successfully
08:32:18:317 0664
08:32:18:317 0664 Completed
08:32:18:317 0664
08:32:18:317 0664 Results:
08:32:18:317 0664 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
08:32:18:317 0664 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
08:32:18:317 0664 File objects infected / cured / cured on reboot: 1 / 0 / 1
08:32:18:317 0664
08:32:18:317 0664 fclose_ex: Trying to close file C:\Windows\system32\config\system
08:32:18:317 0664 fclose_ex: Trying to close file C:\Windows\system32\config\software
08:32:18:317 0664 UnloadDriverW: NtUnloadDriver error 1
08:32:18:363 0664 MyDeleteFileW: MyNtCreateFile (C:\Windows\system32\drivers\klmd.sys) error 32
08:32:18:363 0664 KLMD(ARK) unloaded successfully

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:45 AM

Posted 09 April 2010 - 08:06 AM

Hello again,

If this computer is on a network, make sure its disconnected and all other computers are checked out (it looks like a business computer to me, it is quite possible the security of the whole network is compromised).

Are you sure you copied the whole CF script? Including the RenV:: part? It doesn't look like the script worked, although I see it was run correctly.

Please try to rerun the CFScript (recreate the text file first) and post me the new log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users